nginx简介

Nginx是异步框架的网页服务器,也可以用作反向代理、负载平衡器和HTTP缓存

模块

核心模块:core module
标准模块:HTTP modules:Mail modules Stream modules:
其他模块:第三方模块

核心模块

一、必备配置:

1.定义工作进程使用user和group。 默认group,nginx会使用与user相同的组名。

Syntax: user user [group];
Default:    
user nobody nobody;
Context:    main

3.定义将存储主进程的进程ID的文件

Syntax: pid file;
Default:    
pid logs/nginx.pid;
Context:    main

3.包含另一个文件或与指定掩码匹配的文件到配置中

Syntax: include file | mask;
Default:    —
Context:    any

4.指明要装载的动态模块

Syntax: load_module file;
Default:    —
Context:    main
This directive appeared in version 1.9.11.

二、性能优化相关配置

1.定义工作进程的数量

Syntax: worker_processes number | auto;
Default:    
worker_processes 1;
Context:    main

2.绑定工作进程到指定的CPU

Syntax: worker_cpu_affinity cpumask ...;
worker_cpu_affinity auto [cpumask];
Default:    —
Context:    main

示例

0001:0号CPU
0010:1号CPU

worker_processes    4;
worker_cpu_affinity 0001 0010 0100 1000;

自动绑定的CPU

worker_processes auto;
worker_cpu_affinity auto;

3.定义工作进程的调度优先级,就像使用nice命令一样:负数表示更高的优先级。(-20~20)

Syntax: worker_priority number;
Default:    
worker_priority 0;
Context:    main

4.最大打开文件数。用于在不重新启动主进程的情况下增加限制。

Syntax: worker_rlimit_nofile number;
Default:    —
Context:    main

三、调试、定位问题

1.nginx是否应该成为守护进程

Syntax: daemon on | off;
Default:    
daemon on;
Context:    main

2.master、worker模型运行nginx

Syntax: master_process on | off;
Default:    
master_process on;
Context:    main

3.配置日志 第一个参数定义了存放日志的文件。第二个参数定义日志级别

Syntax: error_log file [level];
Default:    
error_log logs/error.log error;
Context:    main, http, mail, stream, server, location

HTTP模块

一、HTTP服务器提供配置

Syntax: http { ... }
Default:    —
Context:    main

二、设置虚拟服务器的配置

Syntax: server { ... }
Default:    —
Context:    http

1.定义读取客户端请求头部的超时。 返回错误408

Syntax: client_header_timeout time;
Default:    
client_header_timeout 60s;
Context:    http, server

2.定义读取客户端请求正文的超时。返回错误408

Syntax: client_body_timeout time;
Default:    
client_body_timeout 60s;
Context:    http, server, location

3.设置向客户端传输响应的超时。返回错误408

Syntax: send_timeout time;
Default:    
send_timeout 60s;
Context:    http, server, location

4.设置读取客户端请求标头的缓冲区大小。

Syntax: client_header_buffer_size size;
Default:    
client_header_buffer_size 1k;
Context:    http, server

5.设置用于读取大型客户端请求标头的缓冲区的最大数量和大小

Syntax: large_client_header_buffers number size;
Default:    
large_client_header_buffers 4 8k;
Context:    http, server

6.设置用于从磁盘读取响应的缓冲区的数量和大小

Syntax: output_buffers number size;
Default:    
output_buffers 2 32k;
Context:    http, server, location

7.客户端的数据将被推迟发送,直到nginx需要发送的数据至少有1460字节

Syntax: postpone_output size;
Default:    
postpone_output 1460;
Context:    http, server, location

8.启用或禁用sendfile功能

Syntax: sendfile on | off;
Default:    
sendfile off;
Context:    http, server, location, if in location

9.启用或禁用TCP_NOPUSH套接字功能

Syntax: tcp_nopush on | off;
Default:    
tcp_nopush off;
Context:    http, server, location

10.启用或禁用TCP_NODELAY套接字功能

Syntax: tcp_nodelay on | off;
Default:    
tcp_nodelay on;
Context:    http, server, location

11.将尝试最小化向客户端发送数据的次数,第二个参数为可选项,设置“Keep-Alive: timeout=time”响应头的值

Syntax: send_lowat size;
Default:    
send_lowat 0;
Context:    http, server, location

12.客户端的长连接在服务器端保持的最长时间

Syntax: keepalive_timeout timeout [header_timeout];
Default:    
keepalive_timeout 75s;
Context:    http, server, location

13.设置监听IP的地址和端口

Syntax: listen address[:port] [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
listen unix:path [default_server] [ssl] [http2 | spdy] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
Default:    
listen *:80 | *:8000;
Context:    server

14.设置请求的根目录

Syntax: root path;
Default:    
root html;
Context:    http, server, location, if in location

15.根据请求URI设置配置

Syntax: location [ = | ~ | ~* | ^~ ] uri { ... }
location @name { ... }
Default:    —
Context:    server, location

一个server可配置多个location
匹配优先级:=, ^~, ~,~*,不带符号

=:对URI做精确匹配
~:对URI做正则表达式模式匹配,区分字符大小写
*~对URI做正则表达式模式匹配,不区分字符大小写
^~:对URI的左半部分做匹配检查,不区分字符大小写
不带符号:匹配起始于此uri的所有的url
示例**
请求“/”匹配配置A, 请求“/index.html”匹配配置B, 请求“/documents/document.html”匹配配置C, 请求“/images/1.gif”匹配配置D, 请求“/documents/1.jpg”匹配配置E

location = / {
    [ configuration A ]
}
location / {
    [ configuration B ]
}
location /documents/ {
    [ configuration C ]
}
location ^~ /images/ {
    [ configuration D ]
}
location ~* \.(gif|jpg|jpeg)$ {
    [ configuration E ]
}

15.定义路径别名

Syntax: alias path;
Default:    —
Context:    location

root:给定的路径对应于location中的/uri/左侧的/;
alias:给定的路径对应于location中的/uri/右侧的/;

16.定义错误显示的URL

Syntax: error_page code ... [=[response]] uri;
Default:    —
Context:    http, server, location, if in location

17.按指定顺序检查文件是否存在

Syntax: try_files file ... uri;
try_files file ... =code;
Default:    —
Context:    server, location

定义客户端请求的相关配置

18.客户端的长连接在服务器端保持的最长时间

Syntax: keepalive_timeout timeout [header_timeout];
Default:    
keepalive_timeout 75s;
Context:    http, server, location

19.在一次长连接上所允许请求的资源的最大数量,默认为100;

Syntax: keepalive_requests number;
Default:    
keepalive_requests 100;
Context:    http, server, location

20.禁用某种浏览器长连接;

Syntax: keepalive_disable none | browser ...;
Default:    
keepalive_disable msie6;
Context:    http, server, location

21.向客户端发送响应报文的超时时长,此处,是指两次写操作之间的间隔时长;

Syntax: send_timeout time;
Default:    
send_timeout 60s;
Context:    http, server, location

22.用于接收客户端请求报文的body部分的缓冲区大小;默认为16k;超出此大小时,其将被暂存到磁盘上的由client_body_temp_path指令所定义的位置;

Syntax: client_body_buffer_size size;
Default:    
client_body_buffer_size 8k|16k;
Context:    http, server, location

23.设定用于存储客户端请求报文的body部分的临时存储路径及子目录结构和数量;

Syntax: client_body_temp_path path [level1 [level2 [level3]]];
Default:    
client_body_temp_path client_body_temp;
Context:    http, server, location

对客户端进行限制的相关配置

24限制向客户端传送响应的速率限制,单位是bytes/second,0表示无限制;

Syntax: limit_rate rate;
Default:    
limit_rate 0;
Context:    http, server, location, if in location

25.允许按请求的HTTP方法限制对某路径的请求

Syntax: limit_except method ... { ... }
Default:    —
Context:    location

示例

limit_except GET {
    allow 192.168.1.0/32;
    deny  all;
}

文件操作优化的配置

26.是否开启aio功能

Syntax: aio on | off | threads[=pool];
Default:    
aio off;
Context:    http, server, location
This directive appeared in version 0.8.11.

27.当读入长度大于等于指定size的文件时,是否开启DirectIO功能

Syntax: directio size | off;
Default:    
directio off;
Context:    http, server, location
This directive appeared in version 0.7.7.

28.用于配置文件缓存

Syntax: open_file_cache off;
open_file_cache max=N [inactive=time];
Default:    
open_file_cache off;
Context:    http, server, location
缓存以下三种信息:
打开文件描述符,它们的大小和修改时间;
关于目录存在的信息;
文件查找错误,例如“找不到文件”,“没有读取权限”等。
max=N:可缓存的缓存项上限;达到上限后会使用LRU算法实现缓存管理;
inactive=time:缓存项的非活动时长,如果在此期间未访问该元素,则从该缓存中删除该元素

29.缓存项有效性的检查频率;默认为60s;

Syntax: open_file_cache_valid time;
Default:    
open_file_cache_valid 60s;
Context:    http, server, location

30.设置open_file_cache指令的inactive参数指定的时长内

Syntax: open_file_cache_min_uses number;
Default:    
open_file_cache_min_uses 1;
Context:    http, server, location

31.是否缓存查找时发生错误的文件一类的信息;

Syntax: open_file_cache_errors on | off;
Default:    
open_file_cache_errors off;
Context:    http, server, location

ngx_http_access_module模块

1.允许访问指定的网络或地址

Syntax: allow address | CIDR | unix: | all;
Default:    —
Context:    http, server, location, limit_except

2.拒绝访问指定的网络或地址

Syntax: deny address | CIDR | unix: | all;
Default:    —
Context:    http, server, location, limit_except

3.实例

location / {
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny  all;
}

ngx_http_auth_basic_module模块

1.实现基于用户的访问控制,使用basic机制进行用户认证;

Syntax: auth_basic string | off;
Default:    
auth_basic off;
Context:    http, server, location, limit_except
Syntax: auth_basic_user_file file;
Default:    —
Context:    http, server, location, limit_except

2.示例

location /admin/ {
alias /webapps/app1/data/;
auth_basic "Admin Area";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}

ngx_http_stub_status_module模块

1.提供访问基本状态信息

Syntax: stub_status;
Default:    —
Context:    server, location
Active connections: 2 
server accepts handled requests
 2 2 1 
Reading: 0 Writing: 1 Waiting: 1 

Active connections: 活动状态的连接数;
accepts:已经接受的客户端请求的总数;
handled:已经处理完成的客户端请求的总数;
requests:客户端发来的总的请求数;
Reading:处于读取客户端请求报文首部的连接的连接数;
Writing:处于向客户端发送响应报文过程中的连接数;
Waiting:处于等待客户端发出请求的空闲连接数

2.示例

location = /basic_status {
    stub_status;
}

ngx_http_log_module模块

1.访问日志文件路径

Syntax: access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];
access_log off;
Default:    
access_log logs/access.log combined;
Context:    http, server, location, if in location, limit_except
2.缓存各日志文件相关的元数据信息
Syntax: open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time];
open_log_file_cache off;
Default:    
open_log_file_cache off;
Context:    http, server, location

max:缓存的最大文件描述符数量;
min_uses:在inactive指定的时长内访问大于等于此值方可被当作活动项;
inactive:非活动时长;
valid:验正缓存中各缓存项是否为活动项的时间间隔;
三、nginx官网配置示例

http {

    include       conf/mime.types;
    default_type  application/octet-stream;

    log_format main      '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $bytes_sent '
                         '"$http_referer" "$http_user_agent" '
                         '"$gzip_ratio"';

    log_format download  '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $bytes_sent '
                         '"$http_referer" "$http_user_agent" '
                         '"$http_range" "$sent_http_content_range"';

    client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;

    client_header_buffer_size    1k;
    large_client_header_buffers  4 4k;

    gzip on;
    gzip_min_length  1100;
    gzip_buffers     4 8k;
    gzip_types       text/plain;

    output_buffers   1 32k;
    postpone_output  1460;

    sendfile         on;
    tcp_nopush       on;
    tcp_nodelay      on;
    send_lowat       12000;

    keepalive_timeout  75 20;

    #lingering_time     30;
    #lingering_timeout  10;
    #reset_timedout_connection  on;

    server {
        listen        one.example.com;
        server_name   one.example.com  www.one.example.com;

        access_log   /var/log/nginx.access_log  main;

        location / {
            proxy_pass         http://127.0.0.1/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            #proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            client_body_temp_path      /var/nginx/client_body_temp;

            proxy_connect_timeout      70;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_send_lowat           12000;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;

            proxy_temp_path            /var/nginx/proxy_temp;

            charset  koi8-r;
        }

sudo配置简述请添加链接描述
rsyslog日志管理+LogAnalyzer请添加链接描述
Chrony时间服务器请添加链接描述