nginx简介
Nginx是异步框架的网页服务器,也可以用作反向代理、负载平衡器和HTTP缓存
模块
核心模块:core module
标准模块:HTTP modules:Mail modules Stream modules:
其他模块:第三方模块
核心模块
一、必备配置:
1.定义工作进程使用user和group。 默认group,nginx会使用与user相同的组名。
Syntax: user user [group];
Default:
user nobody nobody;
Context: main
3.定义将存储主进程的进程ID的文件
Syntax: pid file;
Default:
pid logs/nginx.pid;
Context: main
3.包含另一个文件或与指定掩码匹配的文件到配置中
Syntax: include file | mask;
Default: —
Context: any
4.指明要装载的动态模块
Syntax: load_module file;
Default: —
Context: main
This directive appeared in version 1.9.11.
二、性能优化相关配置
1.定义工作进程的数量
Syntax: worker_processes number | auto;
Default:
worker_processes 1;
Context: main
2.绑定工作进程到指定的CPU
Syntax: worker_cpu_affinity cpumask ...;
worker_cpu_affinity auto [cpumask];
Default: —
Context: main
示例
0001:0号CPU
0010:1号CPU
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
自动绑定的CPU
worker_processes auto;
worker_cpu_affinity auto;
3.定义工作进程的调度优先级,就像使用nice命令一样:负数表示更高的优先级。(-20~20)
Syntax: worker_priority number;
Default:
worker_priority 0;
Context: main
4.最大打开文件数。用于在不重新启动主进程的情况下增加限制。
Syntax: worker_rlimit_nofile number;
Default: —
Context: main
三、调试、定位问题
1.nginx是否应该成为守护进程
Syntax: daemon on | off;
Default:
daemon on;
Context: main
2.master、worker模型运行nginx
Syntax: master_process on | off;
Default:
master_process on;
Context: main
3.配置日志 第一个参数定义了存放日志的文件。第二个参数定义日志级别
Syntax: error_log file [level];
Default:
error_log logs/error.log error;
Context: main, http, mail, stream, server, location
HTTP模块
一、HTTP服务器提供配置
Syntax: http { ... }
Default: —
Context: main
二、设置虚拟服务器的配置
Syntax: server { ... }
Default: —
Context: http
1.定义读取客户端请求头部的超时。 返回错误408
Syntax: client_header_timeout time;
Default:
client_header_timeout 60s;
Context: http, server
2.定义读取客户端请求正文的超时。返回错误408
Syntax: client_body_timeout time;
Default:
client_body_timeout 60s;
Context: http, server, location
3.设置向客户端传输响应的超时。返回错误408
Syntax: send_timeout time;
Default:
send_timeout 60s;
Context: http, server, location
4.设置读取客户端请求标头的缓冲区大小。
Syntax: client_header_buffer_size size;
Default:
client_header_buffer_size 1k;
Context: http, server
5.设置用于读取大型客户端请求标头的缓冲区的最大数量和大小
Syntax: large_client_header_buffers number size;
Default:
large_client_header_buffers 4 8k;
Context: http, server
6.设置用于从磁盘读取响应的缓冲区的数量和大小
Syntax: output_buffers number size;
Default:
output_buffers 2 32k;
Context: http, server, location
7.客户端的数据将被推迟发送,直到nginx需要发送的数据至少有1460字节
Syntax: postpone_output size;
Default:
postpone_output 1460;
Context: http, server, location
8.启用或禁用sendfile功能
Syntax: sendfile on | off;
Default:
sendfile off;
Context: http, server, location, if in location
9.启用或禁用TCP_NOPUSH套接字功能
Syntax: tcp_nopush on | off;
Default:
tcp_nopush off;
Context: http, server, location
10.启用或禁用TCP_NODELAY套接字功能
Syntax: tcp_nodelay on | off;
Default:
tcp_nodelay on;
Context: http, server, location
11.将尝试最小化向客户端发送数据的次数,第二个参数为可选项,设置“Keep-Alive: timeout=time”响应头的值
Syntax: send_lowat size;
Default:
send_lowat 0;
Context: http, server, location
12.客户端的长连接在服务器端保持的最长时间
Syntax: keepalive_timeout timeout [header_timeout];
Default:
keepalive_timeout 75s;
Context: http, server, location
13.设置监听IP的地址和端口
Syntax: listen address[:port] [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
listen unix:path [default_server] [ssl] [http2 | spdy] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
Default:
listen *:80 | *:8000;
Context: server
14.设置请求的根目录
Syntax: root path;
Default:
root html;
Context: http, server, location, if in location
15.根据请求URI设置配置
Syntax: location [ = | ~ | ~* | ^~ ] uri { ... }
location @name { ... }
Default: —
Context: server, location
一个server可配置多个location
匹配优先级:=, ^~, ~,~*,不带符号
=:对URI做精确匹配
~:对URI做正则表达式模式匹配,区分字符大小写
*~:对URI做正则表达式模式匹配,不区分字符大小写
^~:对URI的左半部分做匹配检查,不区分字符大小写
不带符号:匹配起始于此uri的所有的url
示例**
请求“/”匹配配置A, 请求“/index.html”匹配配置B, 请求“/documents/document.html”匹配配置C, 请求“/images/1.gif”匹配配置D, 请求“/documents/1.jpg”匹配配置E
location = / {
[ configuration A ]
}
location / {
[ configuration B ]
}
location /documents/ {
[ configuration C ]
}
location ^~ /images/ {
[ configuration D ]
}
location ~* \.(gif|jpg|jpeg)$ {
[ configuration E ]
}
15.定义路径别名
Syntax: alias path;
Default: —
Context: location
root:给定的路径对应于location中的/uri/左侧的/;
alias:给定的路径对应于location中的/uri/右侧的/;
16.定义错误显示的URL
Syntax: error_page code ... [=[response]] uri;
Default: —
Context: http, server, location, if in location
17.按指定顺序检查文件是否存在
Syntax: try_files file ... uri;
try_files file ... =code;
Default: —
Context: server, location
定义客户端请求的相关配置
18.客户端的长连接在服务器端保持的最长时间
Syntax: keepalive_timeout timeout [header_timeout];
Default:
keepalive_timeout 75s;
Context: http, server, location
19.在一次长连接上所允许请求的资源的最大数量,默认为100;
Syntax: keepalive_requests number;
Default:
keepalive_requests 100;
Context: http, server, location
20.禁用某种浏览器长连接;
Syntax: keepalive_disable none | browser ...;
Default:
keepalive_disable msie6;
Context: http, server, location
21.向客户端发送响应报文的超时时长,此处,是指两次写操作之间的间隔时长;
Syntax: send_timeout time;
Default:
send_timeout 60s;
Context: http, server, location
22.用于接收客户端请求报文的body部分的缓冲区大小;默认为16k;超出此大小时,其将被暂存到磁盘上的由client_body_temp_path指令所定义的位置;
Syntax: client_body_buffer_size size;
Default:
client_body_buffer_size 8k|16k;
Context: http, server, location
23.设定用于存储客户端请求报文的body部分的临时存储路径及子目录结构和数量;
Syntax: client_body_temp_path path [level1 [level2 [level3]]];
Default:
client_body_temp_path client_body_temp;
Context: http, server, location
对客户端进行限制的相关配置
24限制向客户端传送响应的速率限制,单位是bytes/second,0表示无限制;
Syntax: limit_rate rate;
Default:
limit_rate 0;
Context: http, server, location, if in location
25.允许按请求的HTTP方法限制对某路径的请求
Syntax: limit_except method ... { ... }
Default: —
Context: location
示例
limit_except GET {
allow 192.168.1.0/32;
deny all;
}
文件操作优化的配置
26.是否开启aio功能
Syntax: aio on | off | threads[=pool];
Default:
aio off;
Context: http, server, location
This directive appeared in version 0.8.11.
27.当读入长度大于等于指定size的文件时,是否开启DirectIO功能
Syntax: directio size | off;
Default:
directio off;
Context: http, server, location
This directive appeared in version 0.7.7.
28.用于配置文件缓存
Syntax: open_file_cache off;
open_file_cache max=N [inactive=time];
Default:
open_file_cache off;
Context: http, server, location
缓存以下三种信息:
打开文件描述符,它们的大小和修改时间;
关于目录存在的信息;
文件查找错误,例如“找不到文件”,“没有读取权限”等。
max=N:可缓存的缓存项上限;达到上限后会使用LRU算法实现缓存管理;
inactive=time:缓存项的非活动时长,如果在此期间未访问该元素,则从该缓存中删除该元素
29.缓存项有效性的检查频率;默认为60s;
Syntax: open_file_cache_valid time;
Default:
open_file_cache_valid 60s;
Context: http, server, location
30.设置open_file_cache指令的inactive参数指定的时长内
Syntax: open_file_cache_min_uses number;
Default:
open_file_cache_min_uses 1;
Context: http, server, location
31.是否缓存查找时发生错误的文件一类的信息;
Syntax: open_file_cache_errors on | off;
Default:
open_file_cache_errors off;
Context: http, server, location
ngx_http_access_module模块
1.允许访问指定的网络或地址
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
2.拒绝访问指定的网络或地址
Syntax: deny address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
3.实例
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
ngx_http_auth_basic_module模块
1.实现基于用户的访问控制,使用basic机制进行用户认证;
Syntax: auth_basic string | off;
Default:
auth_basic off;
Context: http, server, location, limit_except
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
2.示例
location /admin/ {
alias /webapps/app1/data/;
auth_basic "Admin Area";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
ngx_http_stub_status_module模块
1.提供访问基本状态信息
Syntax: stub_status;
Default: —
Context: server, location
Active connections: 2
server accepts handled requests
2 2 1
Reading: 0 Writing: 1 Waiting: 1
Active connections: 活动状态的连接数;
accepts:已经接受的客户端请求的总数;
handled:已经处理完成的客户端请求的总数;
requests:客户端发来的总的请求数;
Reading:处于读取客户端请求报文首部的连接的连接数;
Writing:处于向客户端发送响应报文过程中的连接数;
Waiting:处于等待客户端发出请求的空闲连接数
2.示例
location = /basic_status {
stub_status;
}
ngx_http_log_module模块
1.访问日志文件路径
Syntax: access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];
access_log off;
Default:
access_log logs/access.log combined;
Context: http, server, location, if in location, limit_except
2.缓存各日志文件相关的元数据信息
Syntax: open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time];
open_log_file_cache off;
Default:
open_log_file_cache off;
Context: http, server, location
max:缓存的最大文件描述符数量;
min_uses:在inactive指定的时长内访问大于等于此值方可被当作活动项;
inactive:非活动时长;
valid:验正缓存中各缓存项是否为活动项的时间间隔;
三、nginx官网配置示例
http {
include conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
#lingering_time 30;
#lingering_timeout 10;
#reset_timedout_connection on;
server {
listen one.example.com;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
location / {
proxy_pass http://127.0.0.1/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /var/nginx/client_body_temp;
proxy_connect_timeout 70;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
charset koi8-r;
}
sudo配置简述请添加链接描述
rsyslog日志管理+LogAnalyzer请添加链接描述
Chrony时间服务器请添加链接描述