table of Contents
One, hide the version number
1. Check the version number
- Use the Fiddler tool to grab data packets and check the Nginx version
- Use the command curl -I http://192.168.163.10 in CentOS to display the header information of the response message.
curl -I http://192.168.163.10
2. Hide the version number
Method 1: Modify the configuration file method
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
#20行左右;添加;关闭版本号
server_tokens off;
......
}
systemctl restart nginx
curl -I http://192.168.163.10
Method 2: Modify the source file, recompile and install
vim /opt/nginx-1.12.0/src/core/nginx.h
#13行;修改版本号
#define NGINX_VERSION "1.1.1"
#14行;修改服务器类型
#define NGINX_VER "IIS" NGINX_VERSION
cd /opt/nginx-1.12.0/
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
make && make install
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens on;
......
}
systemctl restart nginx
curl -I http://192.168.163.10
Two, modify users and groups
Method 1: Change when compiling and installing. We all specified before, so I won’t demonstrate it here.
Please see the blog for specific installation: Nginx web service
cd /opt/nginx-1.12.0/
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
make && make install
Method 2: If users and groups are not specified when compiling and installing, you can modify the configuration file
vim /usr/local/nginx/conf/nginx.conf
#取消注释,修改用户为nginx,组为 nginx
user nginx nginx;
systemctl restart nginx
#主进程由root创建,子进程由nginx创建
ps aux | grep nginx
Three, cache time
vim /usr/local/nginx/conf/nginx.conf
http {
......
server {
......
location / {
root html;
index index.html index.htm;
}
#加入新的 location,以图片作为缓存对象
location ~ \.(gif|jpg|jepg|png|bmp|ico)$ {
root html;
#指定缓存时间,1天
expires 1d;
}
......
}
}
systemctl restart nginx.service
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network —> select HTML, WS, and other
access http://192.168.163.10/, double-click the 200 response message to see that the response header contains Cahce-Control:max- age=86400 means that the cache time is 86400 seconds. That is to cache the time of a day, the browser accesses this page within a day, all use the data in the cache, without the need to re-issue a request to the Nginx server, reducing the bandwidth of the server.
Four, log cutting
Use scripts for log split
vim /opt/fenge.sh
#!/bin/bash
#设置变量
#设置显示前一天的时间的变量
d=$(date -d "-1 day" "+%F")
logs_path="/var/log/nginx"
pid_path=`cat /usr/local/nginx/logs/nginx.pid`
#创建日志文件目录
[ -d $logs_path ] || mkdir -p $logs_path
#移动并重命名日志文件
mv /usr/local/nginx/logs/access.log ${logs_path}/kgc.com-access.log-{
$d}
#重建日志文件
kill -USR1 $pid_path
#删除30天前的日志文件
find $logs_path -mtime +30 -exec rm -rf {
} \;
#find $logs_path -mtime +30 |xargs rm -rf
source fenge.sh
ls /var/log/nginx
ls /usr/local/nginx/logs/
crontab -e
0 1 * * * /opt/fenge.sh
Supplement: Time parameter
- In the Linux operating system, each file has a lot of time parameters, of which three are more important, namely ctime, atime, mtime
- ctime(status time):
- When the file permissions or attributes are modified, this time will be updated. Ctime is not create time, but more like change time.
- This time will only be updated when the attributes or permissions of the file is updated, but this time will not be updated if the content is changed.
- atime(accesstime):
- This time will be updated when this file is used.
- mtime(modification time):
- When the content data of the file is modified, this time will be updated, and when the permissions or attributes are changed, mtime will not change. This is the difference from ctime.
- ctime(status time):
Five, connection timeout
- HTTP has a KeepAlive mode, which tells the web server to keep the TCP connection open after processing a request. If it receives other requests from the client, the server will use this unclosed connection without establishing another connection.
- KeepAlive remains open for a period of time, and they will occupy resources during this period. Excessive use will affect performance.
vim /usr/local/nginx/conf/nginx.conf
http {
......
keepalive_timeout 65 180;
client_header_timeout 80;
client_body_timeout 80;
......
}
systemctl restart nginx.service
keepalive_timeout
指定KeepAlive的超时时间(timeout)。指定每个TCP连接最多可以保持多长时间,服务器将会在这个时间后关闭连接。 Nginx的默认值是65秒,有些浏览器最多只保持 60 秒,所以可以设定为 60 秒。若将它设置为0,就禁止了keepalive 连接。
第二个参数(可选的)指定了在响应头Keep-Alive:timeout=time中的time值。这个头能够让一些浏览器主动关闭连接,这样服务器就不必去关闭连接了。没有这个参数,Nginx 不会发送 Keep-Alive 响应头。
client_header_timeout
客户端向服务端发送一个完整的 request header 的超时时间。如果客户端在指定时间内没有发送一个完整的 request header,Nginx 返回 HTTP 408(Request Timed Out)。
client_body_timeout
指定客户端与服务端建立连接后发送 request body 的超时时间。如果客户端在指定时间内没有发送任何内容,Nginx 返回 HTTP 408(Request Timed Out)。
Six, change the number of processes
#查看cpu核数
cat /proc/cpuinfo | grep -c "physical id"
#查看nginx主进程中包含几个子进程
ps aux | grep nginx
#修改配置文件,这里了解一下即可
vim /usr/local/nginx/conf/nginx.conf
#第3行;修改为核数相同或者2倍
worker_processes 2;
#添加;设置每个进程由不同cpu处理,进程数配2 4 6 8分别为0001 0010 0100 1000
worker_cpu_affinity 01 10;
systemctl restart nginx
Seven, configure web page compression
vim /usr/local/nginx/conf/nginx.conf
http {
......
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_vary on;
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json;
......
}
-------解释--------------
#32行左右;取消注释,开启gzip压缩功能
gzip on;
#最小压缩文件大小
gzip_min_length 1k;
#压缩缓冲区,大小为4个16k缓冲区
gzip_buffers 4 16k;
#压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_http_version 1.1;
#压缩比率
gzip_comp_level 6;
#支持前端缓存服务器存储压缩页面
gzip_vary on;
#压缩类型,表示哪些网页文档启用压缩功能
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json;
---------解释结束------------
cd /usr/local/nginx/html
先将pika.jpg文件传到/usr/local/nginx/html目录下
vim index.html
......
#网页中插入图片
<img src="pika.jpg"/>
systemctl restart nginx
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network —> Select HTML, WS, Others.
Visit http://192.168.163.10/ and double-click the 200 response message to see that the response header contains Content-Encoding: gzip
Eight, configure anti-theft chain
Web source host (192.168.163.10)
anti-theft chain preparation
vim /usr/local/nginx/conf/nginx.conf
http {
......
server {
......
location ~*\.(jpg|gif|swf)$ {
valid_referers *.test.com test.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.test.com/error.png;
#return 403;
}
}
......
}
}
systemctl restart nginx
----------解释--------------------
~* .(jpg|gif|jepg|bmp|ico)$ :这段正则表达式表示匹配不区分大小写,以.jpg 或.gif 或.swf 结尾的文件;
valid_referers :设置信任的网站,可以正常使用图片;
后面的网址或者域名 :referer 中包含相关字符串的网址;
if语句:如果链接的来源域名不在valid_referers所列出的列表中,$invalid_referer为1,则执行后面的操作,即进行重写或返回 403 页面。
Web page preparation:
cd /usr/local/nginx/html
将pika.jpg、error.png文件传到/usr/local/nginx/html目录下
vim index.html
......
<img src="pika.jpg"/>
</body>
</html>
echo "192.168.163.10 www.test.com" >> /etc/hosts
echo "192.168.163.11 www.daotu.com" >> /etc/hosts
Hotlink website host (192.168.163.11)
#先安装nginx服务
cd /usr/local/nginx/html
vim index.html
......
<img src="http://www.test.com/pika.jpg"/>
</body>
</html>
echo "192.168.163.10 www.test.com" >> /etc/hosts
echo "192.168.163.11 www.daotu.com" >> /etc/hosts
Perform browser verification on the host
http://www.test.com
http://www.daotu.com
Nine, fpm parameter optimization
cd /usr/local/php/etc/
cp php-fpm.conf.default php-fpm.conf
vim php-fpm.conf
pid = run/php-fpm.pid
vim /usr/local/php/etc/php-fpm.d/www.conf
#96行;fpm进程启动方式,动态的
pm = dynamic
#107行;fpm进程启动的最大进程数
pm.max_children=20
#112行;动态方式下启动时默认开启的进程数,在最小和最大之间
pm.start_servers = 5
#117行;动态方式下最小空闲进程数
pm.min_spare_servers = 2
#122行;动态方式下最大空闲进程数
pm.max_spare_servers = 8
#启动php-fpm,不可用于重启
/usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
#执行第一个命令后,就可以使用下面这条命令查看pid号重启php-fpm
kill -USR2 `cat /usr/local/php/var/run/php-fpm.pid`
netstat -anpt | grep 9000
