Nginx服务优化
文章目录
配置Nginx隐藏版本号
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
[root@localhost ~]# cd /opt
nginx-1.12.2.tar.gz
[root@localhost opt]# tar zxvf nginx-1.12.2.tar.gz
[root@localhost opt]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@localhost nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.12.2]# make && make install
[root@localhost nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@localhost nginx-1.12.2]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Server Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@localhost nginx-1.12.2]# chmod +x /etc/init.d/nginx
[root@localhost nginx-1.12.2]# chkconfig --add nginx
[root@localhost nginx-1.12.2]# service nginx start
[root@localhost nginx-1.12.2]# netstat -ntap | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19868/nginx: master
[root@localhost nginx-1.12.2]# curl -I http://192.168.20.10
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 10 Aug 2020 07:13:30 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 07:08:51 GMT
Connection: keep-alive
ETag: "5f30f283-264"
Accept-Ranges: bytes
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/conf/
[root@localhost conf]# vim nginx.conf
20 server_tokens off;
[root@localhost conf]# service nginx stop
[root@localhost conf]# service nginx start
[root@localhost conf]# curl -I http://192.168.20.10
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 10 Aug 2020 07:16:19 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 07:08:51 GMT
Connection: keep-alive
ETag: "5f30f283-264"
Accept-Ranges: bytes
或
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# cd /opt
[root@localhost opt]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
nginx-1.12.2.tar.gz
[root@localhost opt]# tar xzvf nginx-1.12.2.tar.gz
[root@localhost opt]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@localhost opt]# cd nginx-1.12.2/src/core/
[root@localhost core]# vim nginx.h
13 #define NGINX_VERSION "1.1.1"
[root@localhost nginx-1.12.2]# cd /opt/nginx-1.12.2/
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
[root@localhost nginx-1.12.2]# make && make install
[root@localhost core]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@localhost nginx-1.12.2]# nginx
[root@localhost nginx-1.12.2]# curl -I http://192.168.20.20
HTTP/1.1 200 OK
Server: nginx/1.1.1
Date: Mon, 10 Aug 2020 07:28:08 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 07:08:51 GMT
Connection: keep-alive
ETag: "5f30f283-264"
Accept-Ranges: bytes
修改Nginx用户与组
Nginx运行时进程需要有用户与组的支持,以实现对网站文件读取时进行访问控制
Nginx默认使用 nobody用户账号与组账号,一般也要进行修改
修改的方法
编译安装时指定用户与组
修改配置文件时指定用户与组
[root@localhost conf]# id nobody
uid=99(nobody) gid=99(nobody) 组=99(nobody)
[root@localhost conf]# vim nginx.conf
2 user nginx nginx;
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]# ps aux | grep nginx
root 19946 0.0 0.0 20540 604 ? Ss 15:16 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 19947 0.0 0.0 23068 1636 ? S 15:16 0:00 nginx: worker process
root 20135 0.0 0.0 112724 988 pts/4 S+ 15:33 0:00 grep --color=auto nginx
NGINX缓存
[root@localhost conf]# vim /usr/local/nginx/conf/nginx.conf
48 location ~\.(gif|jpg|jpeg|png|ico)$ {
49 root html;
50 expires 1d;
51 }
[root@localhost conf]# cd ..
[root@localhost nginx]# cd html/
02.jpg
[root@localhost html]# vim index.html
15 <img src="02.jpg"/>
[root@localhost html]# service nginx stop
[root@localhost html]# service nginx start
Nginx日志分割
随着 Nginx运行时间增加,日志也会增加。为了方便掌握 Nginx运行状态,需要时刻关注Ngnx日志文件
太大的日志文件对监控是一个大灾难
定期进行日志文件的切割
Nginx自身不具备日志分割处理的功能,但可以通过Nginx信号控制功能的脚本实现日志的自动切割,并通过Lnux的计划任务周期性地进行日志切割
[root@localhost html]# date
2020年 08月 10日 星期一 16:54:31 CST
[root@localhost html]# date -d "-1 day" "+%Y%m%d"
20200809
[root@localhost html]# date -d "0 day" "+%Y%m%d"
20200810
[root@localhost html]# date -d "1 day" "+%Y%m%d"
20200811
[root@localhost html]# vim /opt/fenge.sh
#!/bin/bash
#Filename:fenge.sh
#设置日期名称
d=$(date -d "-1 day" "+%Y%m%d")
logs_path="/var/log/nginx"
pid_path="/usr/local/nginx/logs/nginx.pid"
#自动创建日志目录
[ -d $logs_path ] || mkdir -p $logs_path
#分割日志
mv /usr/local/nginx/logs/access.log ${
logs_path}/test.com-access.log-$d
#生成新日志
kill -HUP $(cat $pid_path)
#删除30天前的日志
find $logs_path -mtime +30 | xargs rm -rf
[root@localhost html]# cd /opt
[root@localhost opt]# ls
fenge.sh nginx-1.12.2 nginx-1.12.2.tar.gz rh
[root@localhost opt]# chmod +x fenge.sh
[root@localhost opt]# ./fenge.sh
[root@localhost opt]# ls /var/log/nginx/
test.com-access.log-20200809
[root@localhost opt]# crontab -e
0 1 * * * /opt/fenge.sh
配置Nginx实现连接超时
在企业网站中,为了避免同一个客户长时间占用连接,造成资源浪费,可设置相应的连接超时参数,实现控制连接访向问时间
使用 Fiddler工具查看 connection参数
超时参数讲解
Keepalive_timeout
设置连接保持超时时间,一般可只设置该参数,默认为75秒,可根据网站的情况设置,或者关闭,可在http段、 server段、或者 location段设置
Client_header_timeout
指定等待客户端发送请求的超时时间
Client_body_timeout
设置请求体读超时时间
[root@localhost opt]# vim /usr/local/nginx/conf/nginx.conf
32 keepalive_timeout 100;
33 client_header_timeout 80;
34 client_body_timeout 80;
更改Nginx运行进程数
在高并发场景,需要启动更多的 Nginx进程以保证快速响应,以处理用户的请求,避免造成阻塞
可以使用 ps auxi命令查看Ngnx运行进程的个数
更改进程数的配置方法
修改配置文件,修改进程配置参数
修改配置文件的 worker_ processes参数
一般设为CPU的个数或者核数
在高并发情况下可设置为CPU个数或者核数的2倍
运行进程数多一些,响应访问请求时, Nginx就不会临时启动新的进程提供服务,减少了系统的开销,提升了服务速度
使用 ps aux查看运行进程数的变化情况
[root@localhost opt]# cat /proc/meminfo
[root@localhost opt]# cat /proc/cpuinfo
[root@localhost opt]# cat /proc/cpuinfo | grep -c "physical"
8
[root@localhost opt]# ps aux | grep nginx
root 75783 0.0 0.0 20676 1444 ? Ss 15:58 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 76426 0.0 0.0 22988 1404 ? S 17:04 0:00 nginx: worker process
root 76534 0.0 0.0 112724 984 pts/4 S+ 17:11 0:00 grep --color=auto nginx
[root@localhost opt]# vim /usr/local/nginx/conf/nginx.conf
3 worker_processes 4;
[root@localhost opt]# service nginx stop
[root@localhost opt]# service nginx start
[root@localhost opt]# ps aux | grep nginx
root 76612 0.0 0.0 20544 612 ? Ss 17:14 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 76613 0.0 0.0 23072 1388 ? S 17:14 0:00 nginx: worker process
nginx 76614 0.0 0.0 23072 1388 ? S 17:14 0:00 nginx: worker process
nginx 76615 0.0 0.0 23072 1388 ? S 17:14 0:00 nginx: worker process
nginx 76616 0.0 0.0 23072 1388 ? S 17:14 0:00 nginx: worker process
root 76618 0.0 0.0 112724 984 pts/4 S+ 17:14 0:00 grep --color=auto nginx
Nginx网页压缩功能
Nginx的ngx_htto_gzip_ module压缩模块提供对文件内容压缩的功能
允许Nginx服务器将输出内容在发送客户端之前进行压缩,以节约网站带宽,提升用户的访问体验,默认已经安装
可在配置文件中加入相应的压缩功能参数对压缩性能进行优化
压缩功能参数
gzip on:开启gzip压缩输出g
zip_min_length 1k:用于设置允许压缩的页面最小字节数
gzip_buffers 4 16k:表示申请4个单位为16k的内存作为压缩结果流缓存,默认值是申请与原始数据大小相同的内存空间来存储gzip压缩结果(buffers:缓存区)
zip_http_version1.0:用于设置识别htt协议版本,默认是1.1,目前大部分浏览器已经支持gzip解压,但处理最慢,也比较消耗服务器CPU资源
gzip_comp_level2:用来指定gzp缩比,1压缩比最小,处理速度最快;9压缩比最大,传输速度快,但处理速度最慢,使用默认即可
gzip_types text/plain:压缩类型,是就对哪些网页文档启用压缩功能
gzip_vary on:选项可以让前端的缓存服务器缓存经过gzi压缩的页面
将以上的压缩功能参数加入到主配置文件httpd配置中
重启服务,并用 Fiddler工具查看开启结果
[root@localhost opt]# vim /usr/local/nginx/conf/nginx.conf
36 gzip on;
37 gzip_min_length 1k;
38 gzip_buffers 4 16k;
39 gzip_http_version 1.1;
40 gzip_comp_level 6;
41 gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javascript application/json
;
42 gzip_disable "MSIE[1-6]\.";
43 gzip_vary on;
[root@localhost opt]# service nginx stop
[root@localhost opt]# service nginx start
NGINX防盗链
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
[root@localhost ~]# cd /opt
nginx-1.12.2.tar.gz
[root@localhost opt]# tar zxvf nginx-1.12.2.tar.gz
[root@localhost opt]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@localhost nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.12.2]# make && make install
[root@localhost nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@localhost nginx-1.12.2]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Server Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@localhost nginx-1.12.2]# chmod +x /etc/init.d/nginx
[root@localhost nginx-1.12.2]# chkconfig --add nginx
[root@localhost nginx-1.12.2]# service nginx start
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/html/
[root@localhost html]# ls
00.jpg 50x.html index.html
[root@localhost html]# vim index.html
15 <img src="00.jpg"/>
[root@localhost html]# service nginx stop
[root@localhost html]# service nginx start
[root@localhost html]# yum -y install bind
13 listen-on port 53 {
any; };
21 allow-query {
any; };
[root@localhost html]# vim /etc/named.rfc1912.zones
25 zone "hui.com" IN {
26 type master;
27 file "hui.com.zone";
28 allow-update {
none; };
29 };
[root@localhost html]# cd /var/named/
[root@localhost named]# cp -p named.localhost hui.com.zone
[root@localhost named]# vim hui.com.zone
10 www IN A 192.168.20.10
[root@localhost named]# systemctl start named
盗链网站
[root@localhost ~]# hostnamectl set-hostname daolian
[root@localhost ~]# su
[root@daolian ~]# yum -y install httpd
[root@daolian ~]# vim /etc/httpd/conf/httpd.conf
41 Listen 192.168.20.10:80
42 #Listen 80
95 ServerName www.fang.com:80
[root@daolian ~]# cd /var/www/html/
[root@daolian html]# vim index.html
<h1>this is fang</h1>
<img src="http://www.hui.com/00.jpg"/>
[root@daolian html]# echo "nameserver 192.168.20.10" > /etc/resolv.conf
[root@daolian html]# systemctl start httpd.service
[root@daolian html]# systemctl stop firewalld.service
[root@daolian html]# setenforce 0
[root@daolian html]# iptables -F
防盗链配置
[root@localhost named]# vim /usr/local/nginx/conf/nginx.conf
47 location ~*\.(jpg|gif|swf)$ {
48 valid_referers none blocked *.hui.com hui.com;
49 if ( $invalid_referer) {
50 rewrite ^/ http://www.hui.com/03.png;
51 }
52 }
[root@localhost named]# cd /usr/local/nginx/html/
[root@localhost html]# ls
00.jpg 03.png 50x.html index.html
[root@localhost named]# service nginx stop
[root@localhost named]# service nginx start