Shulou(Shulou.com)06/02 Report--

Blog outline:

Introduction to 1.Nginx

Core features of 2.Nginx

3.Nginx smooth upgrade

4. Modify Nginx version information

5.Nginx virtual host configuration

The role of the 6.nginx profile location option

7. Configure https to access nginx

8. Enable Nginx access authentication

What is Nginx? Introduction to 1.Nginx

Nginx is a lightweight web server, reverse proxy server and e-mail proxy server. It is known for its stability, rich feature set, instance configuration files, and low system resource consumption.

Nginx is already running on the largest web portal in Russia, while more than 20% of the virtual hosting platforms in Russia use Nginx as the reverse proxy server; in China, Nginx has run on Taobao, Sina, NetEase and other websites using Nginx as the Web server or reverse proxy server.

The core features of 2.Nginx (1) cross-platform: Nginx can be compiled and run in most OS, and there is also a Windows version; (2) configuration is extremely simple and easy to use; (3) non-blocking, high concurrent connections; official tests can support 50, 000 concurrent connections, up to 20-30, 000 concurrent connections in the actual environment. (this is due to the fact that Nginx uses the latest epoll model); (4) event-driven: using the epoll model to support larger concurrent connections

Non-blocking determines whether to read or write by constantly checking the status of events, which brings a lot of overhead, so there is an asynchronous non-blocking event handling mechanism. This mechanism allows you to monitor multiple events at the same time, calling them is non-blocking, but you can set the timeout, within the timeout, if an event is ready, return. This mechanism solves the above two problems of blocking calls and non-blocking calls.

Take the epoll model as an example: when the event is not ready, it is placed in the epoll (queue). If an event is ready, deal with it; when the event is not ready, wait in the epoll. In this way, we can process a large number of concurrent requests concurrently, which, of course, refer to outstanding requests. There is only one thread, so of course there is only one request that can be processed at the same time, just constantly switching between requests, which is also actively given up because the asynchronous event is not ready. The switching here is free of cost, and you can understand it as processing multiple prepared events in a loop.

Compared with multithreading, this kind of event handling has great advantages, there is no need to create threads, each request takes up very little memory, there is no context switching, and event handling is very lightweight. No matter how many concurrency is, it will not lead to unnecessary waste of resources (context switching). For apache servers, each request has an exclusive worker thread, and when the number of concurrency reaches thousands, there are thousands of threads processing requests at the same time. This is not a small challenge for the operating system: because the memory consumption caused by threads is very large, and the cpu overhead caused by thread context switching is very high, the natural performance can not go up, resulting in serious performance degradation in high concurrency scenarios.

Summary: through the asynchronous non-blocking event handling mechanism, Nginx implements that multiple prepared events are processed by the process loop, thus achieving high concurrency and lightweight. (5) Master/Worker structure: a master process that generates one or more worker processes, as shown in the figure:

The Master-Worker design pattern mainly consists of two main components: Master and Work,Master maintainer Worker queue, which sends the request to multiple Worker for parallel execution. Worker mainly carries out the actual logical calculation and returns the result to Master.

The use of independent processes, so that each other will not affect each other, after one process exits, other processes are still working, the service will not be interrupted, the Master process will quickly restart the new Worker process. Of course, the abnormal exit of the Worker process, there must be bug in the program, abnormal exit will cause all requests on the current Worker to fail, but will not affect all requests, so reduce the risk; (6) low memory consumption: processing highly concurrent requests memory consumption is very small. Under 30, 000 concurrent connections, 10 Nginx processes started consume only 150 MB of memory; (7) built-in health check: if a Web server at the back end of the Nginx agent goes down, it will not affect the access of the front end; (8) save bandwidth: support GZIP compression, which can be added to the headers of the browser's local cache; (9) high stability: for reverse proxy, the probability of downtime is minimal; 3.Nginx is upgraded smoothly.

All the packages needed in this post have been packaged. You can download the Nginx package directly.

The so-called Nginx smooth upgrade is that the current server is running the Nginx service, and you want to upgrade the version of the Nginx service that is running, and upgrade on the premise that the service does not stop.

The idea of realization is:

Start a new process without stopping the old process; the old process is responsible for processing requests that have not yet been processed, but no longer receives processing requests; the new process receives new requests; the old process processes all requests and closes all connections. Stop

Implementation steps:

[root@localhost ~] # yum-y install pcre-devel openssl-devel / / dependence on [root@localhost] # tar zxf nginx-1.14.0.tar.gz-C / usr/src [root@localhost ~] # cd / usr/src/nginx-1.14.0/ [root@localhost nginx-1.14.0] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make & & Make install// compilation and installation of nginx1.14 version Due to the experimental environment Fewer configuration items [root@localhost ~] # ln-s / usr/local/nginx/sbin/nginx / usr/local/sbin / / create symbolic link [root@localhost ~] # nginx/ / start nginx service [root@localhost ~] # nginx-v / / View version information of Nginx service nginx version: nginx/1.14.0 [root@localhost ~] # tar zxf nginx-1.2.4.tar.gz-C / usr/src [root@localhost ~] # cd / usr/src/nginx-1.2.4/ [root@localhost nginx-1.2.4] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make// configuration, Compile the nginx1.2.4 version Be careful not to install, you can add configuration items as needed But the original configuration must have [root@localhost ~] # mv / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.old// backup old version of nginx executor [root@localhost ~] # cp / usr/src/nginx-1.2.4/objs/nginx / usr/local/nginx/sbin/// to replace the old Nginx executor [root@localhost ~] # netstat-anpt | grep 80tcp 0 0 0.0.0.0root@localhost 80 0.0.0.0root@localhost * LISTEN 4655/nginx: master [root@localhost ~] # kill-USR2 4655 / / it is recommended to operate on the process number of nginx It is not recommended to operate on the pid file of nginx / / generate a new process to receive client requests. After execution, a nginx.pid.old file will appear in the logs directory under the nginx installation directory. Used to store the old version of pid information [root@localhost] # nginx-s reload / / reload the new version of nginx configuration [root@localhost ~] # kill-HUP 4655 / / smoothly restart the new version of nginx process [root@localhost ~] # nginx-v / / View nginx version information nginx version: nginx/1.2.4 [root@localhost ~ ] # curl-I 127.0.0.1 HTTP/1.1 200 OKServer: nginx/1.14.0 / / the version of header information has not changed Date: Sun 01 Dec 2019 06:04:10 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Sun 01 Dec 2019 05:59:29 GMTConnection: keep-aliveETag: "5de356c1-264" Accept-Ranges: bytes [root@localhost ~] # kill-QUIT 4655 / smooth shutdown of the older nginx process [root@localhost] # nginx-v / / View nginx version information nginx version: nginx/1.2.4 [root@localhost sbin] # curl-I 127.0.0.1HTTP/1 .1200 OKServer: nginx/1.2.4 / / pay attention to version information Date: Sat, 30 Nov 2019 14:47:53 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Sat, 30 Nov 2019 14:42:09 GMTConnection: keep-aliveAccept-Ranges: bytes

Note: throughout the process, it is recommended to smoothly upgrade, restart, shut down and other operations for the process number!

About the parameters commonly used by nginx when using the kill command:

QUIT smooth shutdown HUP smooth restart, reload configuration file USR1 reopen log file USR2 smooth upgrade executable WINCH smooth shutdown worker process 4. Modify Nginx version information [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/core//nginx.h... / / omit part of the content # define nginx_version 1002004#define NGINX_VERSION "8.8.8.8" / / modify it to the information you want according to the actual situation # define NGINX_VER "lzj/" NGINX_VERSION / / ditto Pay attention to the modified lzj [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/http/ngx_http_header_filter_module.c... / / omit part of the content static char ngx_http_server_string [] = "Server: lzj" CRLF; / / same as the modified name in the previous file (lzj) static char ngx_http_server_full_string [] = "Server:" NGINX_VER CRLF; [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/http/ngx_http_special_response.c... / / omit part of the content static u_char ngx_http_error_tail [] = "lzj" CRLF / / pay attention to be consistent with the modified lzj in the previous two files "" CRLF "" CRLF [root@localhost] # cd / usr/src/nginx-1.2.4/ [root@localhost nginx-1.2.4] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make [root@localhost ~] # mv / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.bak [root@localhost ~] # cp / usr/src/nginx-1.2.4/objs/nginx / usr/local/nginx/ Sbin/ [root@localhost ~] # nginx-s stop / / stop the nginx service [root@localhost] # nginx / / enable the nginx service [root@localhost ~] # curl-I 127.0.0.1HTTP/1.1 200 OKServer: lzj/8.8.8.8 / / View version information Date: Sat 30 Nov 2019 15:06:32 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Sat, 30 Nov 2019 14:42:09 GMTConnection: keep-aliveAccept-Ranges: bytes

Note: if you change the nginx version information, you need to restart the service, so if you want to change it, try to modify it before installation!

5.Nginx virtual host configuration

In the configuration file of nginx, there is a paragraph of http {}, and server {} is also included in http {}, where one server {} represents a virtual host. The implementation method is as follows:

[root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf// edits the main configuration file of Nginx to achieve the same IP and different domain names for access. / / omit part of server {listen 80; server_name www.lzj.com; location / {root / lzj; index index.html index.htm;}} server {listen 80; server_name www.zhj.com; location / {root / zhj Index index.html index.htm }} [root@localhost ~] # mkdir / lzj/ / create their own home files [root@localhost ~] # echo "www.lzj.com" > > / lzj/index.html [root@localhost ~] # mkdir / zhj [root@localhost ~] # echo "www.zhj.com" > > / zhj/index.html [root@localhost ~] # echo "192.168.1.8 www .lzj.com "> > / etc/hosts / / add the corresponding domain name [root@localhost ~] # echo" 192.168.1.8 www.zhj.com "> > / etc/hosts [root@localhost ~] # nginx-t / / check the nginx configuration file for syntax errors nginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local / nginx/conf/nginx.conf test is successful [root@localhost ~] # nginx-s reload / / Reload nginx configuration file [root@localhost ~] # curl www.lzj.com / / verify the effect of www.lzj.com [root@localhost ~] # curl www.zhj.comwww.zhj.com6.nginx configuration file location option

This paper mainly introduces the detailed configuration of location in the server {} paragraph of the nginx configuration file.

(1) the function of the "=" sign

The "=" sign indicates an absolute match. It is OK to visit the root directory of the web page, but it is not possible to add parameters after the visit, such as:

[root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf// edits the Nginx main configuration file. / / omit part of the content server {listen 80; server_name localhost; location = / test {/ / find the content in the test directory in the root directory of the web page root test; / / find the path to the first page file index index.html index.htm in the / usr/lcoal/nginx/html/test/ directory } [root@localhost ~] # mkdir / usr/local/nginx/html/test [root@localhost ~] # echo "test" > / usr/local/nginx/html/test/index.html / / create a test file [root@localhost ~] # nginx-tnginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful [root@localhost ~] # nginx-s reload

Client access effect:

(2) the difference between alias and root

Root: the path where the actual accessed file will be stitched together with URL

Alias: the actual accessed file path does not splice the path of URL

Use the root path:

[root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf location ^ / www {/ / ^ indicates what to start with, and ~ indicates the use of the regular expression root html; / / root: the actual accessed file path splices the path of URL, where html is the relative path index index.html index.htm / / then the access path is / usr/lcoal/nginx/html/www} [root@localhost ~] # mkdir / usr/local/nginx/html/www [root@localhost ~] # echo "www" > > / usr/local/nginx/html/www/index.html / / create a test file [root@localhost ~] # nginx-s reload / / reload the configuration file of nginx

The access results are as follows:

Use the alias path:

[root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf location ^ ~ / www {alias html; / / alias: the actual access path does not splice the path of URL index index.html index.htm;} [root@localhost ~] # nginx-s reload / / reloads the configuration file of nginx

The access results are as follows:

(3) when matching the specified suffix, redirect to the specified file

Example 1:

[root@localhost] # vim / usr/local/nginx/conf/nginx.conf. / / omit part of the content location ~ *\. (gif | jpg | jpeg | png | css | js | ico) ${root / www; / / when users visit files such as gif, jpg, etc., go to the / www directory to find index index.html index.htm;} location / {root html; index index.html index.htm } [root@localhost ~] # ls / wwwa.jpg [root@localhost ~] # nginx-s reload / / reload the configuration file

Client access:

Example 2:

[root@localhost] # vim / usr/local/nginx/conf/nginx.conf. / / omit some content location ~ *. (gif | jpg | jpeg | png | css | js | ico) ${rewrite. (gif | jpg) / error.png / / when the client accesses the ending file such as jpg, the location where error.png} / / error.png exists is the root directory of the web page, because it is "/ error.png" [root@localhost ~] # ls / usr/local/nginx/html/50x.html error.png index.html [root@localhost ~] # nginx-s reload

Client access test:

(4) when the specified request method is matched, a specific status code [root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf is returned. / / omit part of the content if ($request_method = BDQN) {return 666; / / when the client accesses BDQN, the return status code is 666} [root@localhost ~] # nginx-s reload / / reload configuration file

The access results are as follows:

Common parameters of the curl command:

-X: request method;-I: return server response header message (5) when the client is accessed by domain name, jump to the specified domain name [root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf. / / omit part of the content if ($host! = 'www.test.com') {rewrite ^ / (. *) $https://www.baidu.com/$1;} / / when the client is not accessed through www.test.com, it will jump to Baidu's page [root@localhost ~] # nginx-s reload / / reload the configuration file

The access results are as follows:

7. Configure https to access nginx

We all know that http is port 80 and https is port 443. because https is more secure, most web services are now accessed through https, so next, configure https to access the nginx server.

As the CA certificate certified by the Internet needs to be purchased for a fee, the experimental environment makes a CA certificate that is not certified by the Internet. The methods are as follows:

[root@localhost ~] # mkdir / usr/local/nginx/ca/ / create a directory to store the ca certificate, key [root@localhost] # cd / usr/local/nginx/ca/ [root@localhost ca] # openssl genrsa-out ca.key 4096 / / generate the key file Generating RSA private key 4096 bit long modulus..++. . + + e is 65537 (0x10001) [root@localhost ca] # openssl req-new-x509-days 7304-key ca.key-out ca.crt// generates the certificate file by key Feel free to fill in You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter'., the field will be left blank.-Country Name (2 letter code) [XX]: zhState or Province Name (full name) []: beijingLocality Name (eg, city) [Default City]: beijingOrganization Name (eg) Company) [Default Company Ltd]: beijingOrganizational Unit Name (eg, section) []: beijingCommon Name (eg, your name or your server's hostname) []: beijingEmail Address []: beijing [root@localhost ca] # ls / / confirm the existence of these two files ca.crt ca.key [root@localhost ca] # vim / usr/local/nginx/conf/nginx.conf. / / omit part of the content server {listen 443 ssl; / / encrypt server_name localhost; ssl on; using ssl / / enable ssl ssl_certificate / usr/local/nginx/ca/ca.crt; / / Certificate storage path ssl_certificate_key / usr/local/nginx/ca/ca.key / / the key storage path ssl_session_timeout 5m; / the session session timeout time ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGHpurpuraNULLRAR MD5; ssl_prefer_server_ciphers on; location / {root html; index index.html index.htm;}} / / at the end of the configuration file, enable it! [root@localhost ~] # nginx-s reload / / reload nginx configuration file

Access effect:

8. Enable Nginx access authentication

Sometimes, some pages of our web service are not open to everyone. In this case, you can turn on the access authentication of the page. After opening it, you need to log in with a user name and password to see the corresponding page.

If the authentication method is not enabled, users can directly access the content of the website, as follows:

Enable authentication as follows:

[root@localhost ~] # yum-y install httpd-tools / / install htpassword tool [root@localhost ~] # htpasswd-c / usr/local/nginx/.passwd lzjNew password: Re-type new password: the path to Adding password for user lzj// user authentication information is / usr/local/nginx/.passwd//. If you want to add a second user to .passwd, you need to omit the "- c" option, otherwise all previous users will be overwritten. [root@localhost] # vim / usr/local/nginx/conf/nginx.conf. / / omit some contents location / {root html; index index.html index.htm; auth_basic "Please enter login account"; / / add prompt statement auth_basic_user_file / usr/local/nginx/.passwd / / path for storing authentication information} [root@localhost ~] # nginx-s reload / / reload nginx configuration file

Access Test:

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.