pv (page view) 打开一次页面
uv (user view) 用户连接
qps 每秒请求数
apache -> prefork 稳定
nginx -> worker 处理高并发,不稳定
内存消耗少,成本低,可以做反向代理
支持rewrite 动态编译 热部署(reload)
使用nginx 1.15
docs.nginx.com 官网配置
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/
tar zxf nginx-1.15.7.tar.gz
vim src/core/nginx.h
隐藏版本号
vim auto/cc/gcc
关闭debug日志 #
curl
./configure --help
--with-threads 激活线程池
./configure --prefix=/usr/local/nginx --with-threads \
--with-file-aio --with-http_ssl_module --with-http_stub_status_module
make && make install
du -sh nginx
make clean
打开 debug
make && make install
会变成6M
conf 文件中
user nginx nginx;
worker_processes 4; #cpu总核心数 也可以时auto 但是会使访问量不均衡
worker_cpu_affinity 0001 0010 0100 1000; #代表四个cpu
events {
woker_connections 65535; #并发数最大
}
http {
upstream westos {
#反向代理模块
ip_hash; #让同一个ip的访问不会轮询
server 172.25.11.1:80;
server 172.25.11.2:80;
server 127.0.0.1:80 backup;#定义故障页面
#本地的 html/index.html
}
server {
listen 80;
server_name www.haha.org;
location / {
proxy_pass http://westos;
}
}
}
useradd -s /sbin/nologin -M -d /usr/local/nginx nginx
-M 不创建家目录
DNS工作原理
压缩母盘
将网卡设备名字自动生成为 eth#
vim /boot/grub2/grub.cfg
linux16 /vmlinuz-3.10.0-514.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet LANG=en_US.UTF-8 net.ifnames=0
后面加入 net.ifnames=0
rpm -qf /bin/virt-sparsify/
yum install libguestfs-tools -y
virt-sparsify --compress mupan.qcow2 new.qcow2
yum install lftp vim -y net-tools
清理缓存
virt-sysprep -d 虚拟机名字
qemu-img create -f qcow2 -b rhel7.3mother.qcow2 server4.qcow2
开机自动的命令
vim /etc/rc.d/rc.local
nginx
curl -I taobao.com
yum install -y gcc pcre-devel zlib-devel
vim /auto/cc/gcc
vim src/core/nginx.h
./configure --help
./configure --prefix=/usr/local/nginx
第二次只需要make即可
make install 只有第一次安装时使用
平滑升级,热部署
make 后
在nginx-1.15.8/objs/nginx
lscpu
高亮做法
cd /root/nginx-1.14.2/contrib
[root@server4 contrib]# mkdir /root/.vim
[root@server4 contrib]# cp -r vim/* ~/.vim
ps -ef |grep nginx 查看多线程
热部署
使用nginx-1.15.8
直接
./configure
make
不要make install
只需要这个二进制程序
nginx-1.15.8/objs/nginx
cp /usr/local/nginx/sbin/nginx nginx.old
cp -f nginx-1.15.8/objs/nginx /usr/local/nginx/sbin/
备份后覆盖
ps -ef |grep nginx
kill -USR2 3669(你的nginx主进程号) 升级指令
kill -WINCH 3669
/usr/local/nginx/sbin/nginx -v 查看版本 更新完
回退版本
cp -f /usr/local/nginx/sbin/nginx.old /usr/local/nginx/sbin/nginx
kill -HUP 3669 开之前关闭的worker == nginx -s reload
kill -USR2 15792
kill -WINCH 15792
截断日志
nginx/log/access.log
mv access.log `date +%F -d -1day`_access/log
############date +%F -d -1day 昨天的日期
/usr/local/nginx/sbin/nginx -s reopen 备份后,重新开启日志
df -h 从操作系统统计
du -sh 时事检索磁盘
free -m
systemclt 启动脚本
复制
cat /usr/lib/systemd/system/sshd.service
/etc/systemd/system/
vim /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
##EnvironmentFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
killall nginx
systemctl start nginx
yum install psmisc -y 使用killall命令
查看
sysctl -a | grep file 查看内核打开的最大文件数
ulimit -a
vim /etc/security/limit.conf
vim /etc/pam.d/heal
反向代理时的效率要乘worker数再/2
sendfile on ; 从linux内核读取数据,实现零复制
tcp_nopush on ;避免网络阻塞
tcp_nodelay on ; 避免磁盘阻塞
keepalive timeout 65; 保持连接的时间
gzip on; 网络压缩
nginx.org/en/docs/
了解nginx特点,生产环境里。
http协议 tcp/ip 两本
nginx优点
可以高并发连接
内存消耗少
成本低
内置文件简单
支持rewrite重写
内置健康检查
节省带宽
稳定性高
支持热部署
在反向代理,Rewrite规则,稳定性,静态文件处理,内存消耗等方面有很强的优势
nginx异步非阻塞 apache阻塞
nging静态处理性能是apache三倍
建议nginx作前端,apache作后端
apache处理动态有优势 nginx并发行比较好 频繁rewrite使用apache
./configure --help |grep real
server {
listen 80;
server_name server4.westos.org;
set_real_ip_from 172.25.11.5;
real_ip_header X-Forwarded-For;
real_ip_recursive on; #控制
location / {
return 200 “client real ip: $remote_addr\n”; #访问正确
}
}
curl -H "X-Forwarded-For:1.1.1.1,172.25.11.4" server4.westos.org
curl -H "X-Forwarded-For:1.1.1.1,172.25.11.4,172.25.11.250" server4.westos.org
real ip:172.25.11.250
real ip:1.1.1.1
real_ip_recursive on; #默认关闭,开了取1.1.1.1 关闭取172.25.0.1
对真正的地址进行限流
--with-http_realip_module
upstream westos {
server 172.25.11.4:80
}
server {
listen 80;
server_name server5.westos.org
location / {
#proxy_set_header X-Real-IP $remote_addr
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://westos;
}
}
动态模块编译
./configure --help |grep dynamic
./configure --prefix=/usr/local/nginx --with-http_realip_module \
--with-http_image_filter_module=dynamic
make
将二进制文件和module下的包转移
mkdir modules
cp /root/nginx-1.15.8/objs/nginx /usr/local/nginx/sbin/ -f
cp /root/nginx-1.15.8/objs/ngx_http_image_filter_module.so /usr/local/nginx/modules -r
然后加入
load_module modules/ngx_http_image_filter_modules.so
location /download/ {
image_filter resize 150 100;
autoindex on; #自动生成目录
}
pkgs.org上下载
www.rpmfind.net/linux
作缓存30天,降低网站带宽
location ~ .*\.(jpg|png|css|js)?$ {
expires 30d;
}
使用443
yum install openssl-devel -y
./configure --prefix=/usr/local/nginx/ --with-http_realip_module \
> --with-http_ssl_module --with-http_image_filter_module=dynamic
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web;
index index.html index.htm;
}
}
server {
listen 80;
server_name server4.westos.org;
location / {
root /web;
index index.html
}
}
cd /etc/pki/tls/certs/
make cetrt.pem
cp cert.pem /usr/local/nginx/conf/
mkdir /web
vim /web/index.html
制作证书
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html/web;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.westos.org;
rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
}
功能模块nginx.org/en/docs
将www.westos.org/bbs 定向到 bbs.westos.org
或者将www.westos.org/bbs/index.html 定向到 bbs.westos.org/index.html
server {
listen 80;
server_name www.westos.org;
rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
location / {
root/web;
index index.html
}
}
server {
listen 80;
server_name bbs.westos.org;
location / {
root/bbs;
index index.html
}
}
也可以
server {
listen 80;
server_name www.westos.org bbs.westos.org;
if($host=='www.westos.org'){
rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
}
location / {
root/web;
index index.html
}
}
防止恶意域名解析
server_name _;
return 500;
或者
server_name _;
rewtite ^(.*) www.westos.org;
防盗链设置
反爬虫
nginx工作原理
进程有独立的空间,内存
线程共享
复用线程
aio 全异步
senfile
directio