Compilation parameters
# /user/local/nginx/sbin/nginx -V (# cat /usr/local/apache2/build/config.nice)
pro
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1p 9 Jul 2015
TLS SNI support enabled
configure arguments: --prefix=/opt/server/nginx --user=www --group=www --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_sub_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-ipv6 --http-fastcgi-temp-path=/opt/server/nginx/temp/fastcgi --http-client-body-temp-path=/opt/server/nginx/temp/client --http-proxy-temp-path=/opt/server/nginx/temp/proxy --http-scgi-temp-path=/opt/server/nginx/temp/scgi --http-uwsgi-temp-path=/opt/server/nginx/temp/uwsgi --with-openssl=/usr/local/src/openssl-1.0.1p
ww
tar -zxf openssl-1.0.2r.tar.gz
nginx version: nginx/1.8.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2r 26 Feb 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-mail --with-mail_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_auth_request_module --with-file-aio --with-http_spdy_module --with-ipv6 --http-fastcgi-temp-path=/usr/local/nginx/temp/fastcgi --http-client-body-temp-path=/usr/local/nginx/temp/client --http-proxy-temp-path=/usr/local/nginx/temp/proxy --http-scgi-temp-path=/usr/local/nginx/temp/scgi --http-uwsgi-temp-path=/usr/local/nginx/temp/uwsgi --with-openssl=/usr/local/src/openssl
./configure --prefix=/usr/local/nginx --user=www --group=www \
--with-http_ssl_module --with-mail --with-mail_ssl_module \
--with-http_sub_module --with-http_stub_status_module \
--with-http_gunzip_module --with-http_gzip_static_module \
--with-http_realip_module --with-http_addition_module --with-http_dav_module \
--with-http_flv_module --with-http_mp4_module \
--with-http_random_index_module --with-http_secure_link_module \
--with-http_auth_request_module \
--with-file-aio --with-http_spdy_module --with-ipv6 \
--http-fastcgi-temp-path=/usr/local/nginx/temp/fastcgi \
--http-client-body-temp-path=/usr/local/nginx/temp/client \
--http-proxy-temp-path=/usr/local/nginx/temp/proxy \
--http-scgi-temp-path=/usr/local/nginx/temp/scgi \
--http-uwsgi-temp-path=/usr/local/nginx/temp/uwsgi \
--with-openssl=/usr/local/src/openssl
Dependency Library
Automake 工具,以完成自动创建Makefile的工作
Autoconf(自动脚本生成工具<非必须>,作者手工编写)
CentOS
gcc (GUN Compiler Collection)
pcre-devel
zlib-devel zlib-static zlib/usr/local/src/openssl
perl
Ubuntu
pcre安装: pcre库(支持rewrite模块)
sudo apt-get install libpcre3 libpcre3-dev
zlib安装: zlib库(支持gzip模块)
sudo apt-get install zlib1g-dev
openssl安装: openssl库(支持ssl模块)
sudo apt-get install openssl libssl-dev
gcc-c++
sudo apt install build-essential
user www;
worker_processes 4;
worker_rlimit_nofile 65535; # Resouce limit:资源限制
events {
use epoll; #配置事件驱动模型
worker_connections 20480;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 6;
tcp_nodelay on;
client_header_timeout 15; #Module ngx_http_core_module
client_body_timeout 15;
send_timeout 15;
client_max_body_size 10m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 2048k;
fastcgi_buffers 4 2048k;
fastcgi_busy_buffers_size 2048k;
fastcgi_temp_file_write_size 2048k;
gzip on;
gzip_buffers 4 32k;
gzip_comp_level 9;
gzip_min_length 1k;
gzip_http_version 1.1;
gzip_types text/css text/xml application/javascript application/msword application/pdf;
allow 182.***.***.***; #company
allow 211.***.***.***; #company
# deny all;
include /usr/local/nginx/vhosts/*.conf;
}
log_format main
'$http_x_forwarded_for - $remote_addr [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_clientip';
server {
listen 8011;
server_name 172.***.***.***;
access_log logs/access.log main;
error_log logs/error.log error;
root /app/online/web;
location / {
index index.php admin.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
expires 10d;
}
location ~ .*\.(js|css|html|xml|eot|svg|ttf|woff)?$ {
expires 10d;
}
}
user www-data; #rb
worker_processes auto;
pid /run/nginx.pid;events {
worker_connections 768;
# multi_accept on;
}http {
##
# Basic Settings
##sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;# server_names_hash_bucket_size 64;
# server_name_in_redirect off;include /etc/nginx/mime.types;
default_type application/octet-stream;##
# SSL Settings
##ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;##
# Logging Settings
##access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;##
# Gzip Settings
##gzip on;
gzip_disable "msie6";# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;##
# Virtual Host Configs
##include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/sites-enabled/chen/*.conf;
}
vhosts
log_format main
'$http_x_forwarded_for - $remote_addr [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_clientip';
server {
listen 9012;
server_name 172.31.185.175;
access_log logs/access.log main;
error_log logs/error.log error;
root /app/online/web/;
location / {
index index.php admin.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
expires 10d;
}
location ~ .*\.(js|css|html|xml|eot|svg|ttf|woff)?$ {
expires 10d;
}
}
logs
#!/bin/bash
## The directory where the Nginx log file is located
LOGS_PATH=/usr/local/nginx/logs/http
## Get the date of yesterday yyyy-MM-dd
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
## Move the Nginx log file
mv ${LOGS_PATH}/www.xxx_access.log ${LOGS_PATH}/www.xxx_access.log_${YESTERDAY}.log
## 向 Nginx 主进程发送 USR1 信号。USR1 信号是重新打开日志文件
#kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
/usr/local/nginx/sbin/nginx -s reload
find $LOGS_PATH -mtime +30 -exec rm -rf {} \;
z-conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
log_format bniu.io_log '$remote_addr - $remote_user [$time_local] '
' "$request" $status $body_bytes_sent '
' "$http_referer" "$http_user_agent" '
' "$upstream_addr" ' '"$request_time"';
upstream admin {
server 172.31.185.175:8011;
}
upstream cms {
server 172.31.185.175:8012;
}
server {
listen 80;
charset utf-8;
client_max_body_size 20m;
client_body_timeout 600s;
client_body_buffer_size 512k;
client_header_buffer_size 512k;
large_client_header_buffers 4 256k;
server_name ***.com www.***.com ***.com.cn www.***.com.cn;
access_log /usr/local/nginx/logs/http/www.***.com_access.log main;
error_log /usr/local/nginx/logs/http/www.***.com_error.log;
if ($http_user_agent ~ ApacheBench|webBench|Java/|http_load|must-revalidate|wget) {
return 403;
}
# if ($host = "www.xxx.com"){
# rewrite ^/(.*)$ http://www.***.com/$1 permanent;
# }
#return 301 https://$host$request_uri;
allow 182.***.***.***;
allow 192.168.0.0/16;
# deny all;
error_page 500 502 503 504 /maintain.html;
location / {
if ($http_referer ~ www.xxx.com) {
return 503;
}
proxy_pass http://***;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_http_version 1.1;
proxy_connect_timeout 1200s;
proxy_send_timeout 1800s;
proxy_read_timeout 1200s;
proxy_buffer_size 512k;
proxy_buffers 8 512k;
proxy_busy_buffers_size 512k;
proxy_temp_file_write_size 512k;
}
location /admin{
if ($http_referer ~ www.xxx.com) {
return 503;
}
rewrite ^/admin/(.*) /$1 break;
proxy_pass http://****;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 1200s;
proxy_send_timeout 1800s;
proxy_read_timeout 1200s;
proxy_buffer_size 512k;
proxy_buffers 8 512k;
proxy_busy_buffers_size 512k;
proxy_temp_file_write_size 512k;
}
location /instructions {
rewrite ^/instructions http://www.xxx.com/app/instructions;
}
location ~ ^/robots.txt{
root /var/www/xxx/static;
access_log off;
}
location /currentstatus {
stub_status on;
access_log off;
}
location ~* \.(eot|ttf|woff|svg|otf|woff2)$ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials' 'true';
add_header Access-Control-Allow-Methods '*';
}
location ~ /.git/ {
deny all;
}
location ~ ^/static/m_js/.*\.(css|js|html|htm|jpg|jpeg|gif|png|ico|htc|apk|ttf|woff|map|svg|eot){
root /var/www/xxx;
access_log off;
if (-f $request_filename) {
expires 30d;
break;
}
}
location ~ ^/static/m_images/.*\.(css|js|html|htm|jpg|jpeg|gif|png|ico|htc|apk|ttf|woff|map|svg|eot){
root /var/www/xxx;
access_log off;
if (-f $request_filename) {
expires 30d;
break;
}
}
}
location /status { #ngx_http_consistent_hash-master,with-http-stub_status_module
stub_status on;
access_log off;
allow 192.168.25.100;
deny all;
}
location ~\.php$ {
fastcgi_pass upstreamserver;
}
mime-type : 网络资源的媒体类型 ,html,xml,gig flash
核心模块:
1,主体功能:经常管理,权限控制,错误日志记录,配置解析 等
2,用于相应请求事件必须的功能: 事件驱动机制,正则表达式解析 等
并行处理: 多进程,多线程,异步
同步,异步(请求-响应)
阻塞(原地待命时刻准备),非阻塞(将在外军令有所不受)(网络套接字socket:IO操作)
nginx(多进程,异步非阻塞提供服务,能够同时处理大量并发请求)
Nginx服务器的事件处理机制,IO调用完成后主动通知工作进程;
事件驱动模型:让进程可以同时处理多个并发请求,不用关心IO调用的具体状态,IO调用完全有事件驱动模型来管理,事件准备好之后就通知工作进程事件已就绪;
事件驱动处理又称多路IO复用方法:select,poll,epoll 等
epoll库在Linux平台是高效的,支持一个进程打开大数目的事件描述,只对内核上报活跃的描述符进行操作
Nginx:主进程,工作进程,后端服务器(代理转发),缓存;
Nginx 服务启动后,产生一个主进程(master process),主进程执行一系列工作后产生一个或多个工作进程(worker processes)。
主进程主要进行Nginx配置文件解析,数据结构初始化,模块配置和注册,信号处理,网络监听生成,工作进程生成和管理 等
工作进程主要进行进程初始化,模块调用,请求处理 等
Nginx 服务器为了提高对请求的响应效率,进一步降低网络压力,采用了缓存机制,将历史应答数据缓存到本地。在每次Nginx服务器启动后的一段时间内,会启动专门的进程对本地缓存的内容重建索引,保证对缓存文件的快速访问,
过当前请求的rewrite阶段,并继续执行本请求的其他阶段(break)
last会重新发起一个新请求,并重新匹配location(last)
正向代理服务器用来让局域网客户机介入外网以访问外网资源,(客户端-访问外网)
反向代理服务器用来让外网的客户端接入局域网中的站点,以访问站点中的资源(站点-把站点资源发布出去让其他客户端能够访问)
proxy-buffer 异步
proxy-cache 快速(索引) (-依赖于buffer)
proxy-store 静态数据简单缓存到本地
负载均衡:硬件设备(高效,稳定),软件算法(均衡算法,程序的健壮性)- proxy_pass+upsteam
静态负载均衡:轮询算法,加权轮询(比率、优先级)
动态负载均衡:任务量的最少链接优先算法,性能的最快响应优先算法,预测算法,动态性能分配算法
提高负载:使用镜像服务器,使用缓存服务器,实施负载均衡
squid(3128)
memcached(11211)
mspaint
#请求统计
ngx_http_stub_status_module
location /status {
stub_status on;
access_log off;
allow 192.168.24.20;
deny all;
}
./ab -c 1000 -n 50000 http://192.168.24.20/index.html
ulimit -nlocation / {
set $memcached_key "$uri";
memcached_pass mcserver;
error_page 404 /callback.php;
}
location / {
set $memcached_key "$uri";
memcached_pass 127.0.0.1:11211;
error_page 404 /callback.php;
}
#反向代理
localtion / {
proxy_pass http://192.168.24.20:8080;
#proxy_pass http://192.168.24.21:***;
}proxy
upstreamlocation /ec {
if (!-e $document_root$fastcgi_script_name) {
rewrite ^.*$ 404.html break;
}
rewrite "goods-(\d{1,7})\.html" ec/goods.php?id=$1;
rewrite "article-(\d{1,7})\.html" /ec/article.php?id=$1;
rewrite category-(\d+)-b(\d+)-min(\d+)-max(\d+)\.html /ec/category.php?id=$1&brand=$2&price_min=$3&price_max=$4;
#URL重写,正则里有"{}",正则要用双引号包起来;
}location ~* \.(jpg|jpeg|gif|png) {
expires 1d;
}
TERM, INT fast shutdown
QUIT graceful shutdown
HUP changing configuration, keeping up with a changed time zone (only for FreeBSD and Linux), starting new worker processes with a new configuration, graceful shutdown of old worker processes
USR1 re-opening log files
USR2 upgrading an executable file
WINCH graceful shutdown of worker processes