简介
- 多进程模式
- 异步设计
- 丰富的第三方模块
多进程
一个 master 进程与多个 worker 进程
- master 负责管理多个 worker,启停,重载配置等等;master 权限更大,如 root,worker 权限小,普通用户即可。
- worker 之间几乎没有锁的同步限制。
配置
正常运行必备
- env VAR|VAR = VALUE
- include /path/file
- worker_rlimit_nofile limit;
- worker_rlimit_sigpending limit;
- server_name_hash_bucket_size 32;
- server_name_hash_max_size 512;
- Server_name_in_redirect on|off
- alias: root 可以放在 http, server, location 只能放在 location
- error_page 502 503 504 /50x.html 或者 error_page 403 =200 /50x.html
- recursive_error_page on|off
- try_files
优化性能
- ssl_engine device
事件类配置
- accept_mutex on|off
- lock_file path/fiel
- accept_mutex_delay 500ms
- 4.
调试定位
- demon on|off;
- master_process on|off;
- error_log logs/error.log error; # 通过
- debug_pioints stop|abort;
- debug_connection ip|cidr;
- worker_rlimit_core_size;
- working_directory path;
模块变量
- remote_addr
- remote_user
反向代理
全代理模式设计
当客户端发来 HTTP 请求时, Nginx 并不会立刻转发到上游服务器,而是先把用户的请求(包括 HTTP 包体) 完整地接收到 Nginx 所在服务器的硬盘或者内存中, 然后再向上游服务器发起连接, 把缓存的客户端请求转发到上游服务器。但是上游服务器返回的内容不会在服务器缓存,而是边收边发。
缺点
- 延迟请求处理时间
- 增加了用于缓存请求的内存和磁盘空间
优点
- 降低了后端负载(原因是内外网的差异)
- 安全
热备
upstream mysvr {
server 127.0.0.1:7878;
server 192.168.10.121:3333 backup; #热备
}
轮询
upstream mysvr {
server 127.0.0.1:7878 max_fails=2 fail_timeout=2;;
server 192.168.10.121:3333 max_fails=2 fail_timeout=2;;
}
权重
upstream mysvr {
server 127.0.0.1:7878 weight=1 max_fails=2 fail_timeout=2;;
server 192.168.10.121:3333 weight=2 max_fails=2 fail_timeout=2;;
}
ip_hash
upstream mysvr {
server 127.0.0.1:7878 max_fails=2 fail_timeout=2;;
server 192.168.10.121:3333 max_fails=2 fail_timeout=2;;
ip_hash;
}
#user nobody;
worker_processes auto;
worker_cpu_affinity 1000 0100 0010 0001;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; # error_log /dev/null; 关闭日志的唯一手段
#pid logs/nginx.pid;
events {
# worker_processes * worker_connections = 总并发数
worker_connections 1024;
use epoll;
# multi_accept on;
# accept_mutex on;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
#keepalive_timeout 0;
keepalive_timeout 65;
# sendfile on;
# sendfile_max_chunk 100k;
# gzip on;
server {
listen 8080 backlog=10000 rcvbuf=10k sndbuf=10k accept_filter= deferred|bind;
# 匹配规则
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /static {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
deny 127.0.0.1;
allow 172.1.1.1;
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
upstream tomcatserver {
#ip_hash;
server 192.168.72.49:8080 weight=3 max_fail=3 fail_timeout=2;
server 192.168.72.50:8080 weight=1 max_fail=3 fail_timeout=2;
server 192.168.72.51:8080 down;
server 192.168.72.51:8080 backup;
}
server {
keepalive_requests 120;
listen 80;
server_name 127.0.0.1;
#charset koi8-r;
#access_log logs/host.access.log main;
#location ~*^.+$
location / {
proxy_pass http://tomcatserver;
#proxy_pass https://10.1.1.1:443;
# error|timeout|invalid_header|http_500|http_502|http_503|http_504|http_404|off
proxy_next_upstream error;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Cache-Control;
proxy_pass_header
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
proxy_read_time 10s;
proxy_send_time 10s;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
index index.html index.htm;
}
}
}
注:
- ip_hash 与 weight 不可同时使用。
- 当内外层的配置发送冲突的时候,究竟以块外还是块内为主,由解析配置的模块决定。
- 配置项的单位取决于解析配置的模块
- 不是把模块编译进去就会使用,具体是否使用某个模块与配置文件息息相关。
- 日志 debug,必须在编译的时候增加 —with-debug
access.log
log_ format timing '$remote_addr - $remote_user [$time_local] $request '
'upstream_response_time $upstream_response_time ' 'msec $msec request_time $request_time';
log_format up_head '$upstream_addr - $upstream_cache_status [$time_local] $request ' 'upstream_http_content_type $upstream_http_content_type';
扫一扫
432
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
