Summary table of web optimization at a glance
Optimization type |
Optimization instructions |
Optimization method |
Security optimization |
Modify the nginx configuration file to achieve optimization server_tokens off; |
|
Modify the nginx source configuration file nginx-1.6.3/src/core/nginx.h ngx_http_header_filter_module.c nginx-1.6.3/src/http/ngx_http_special_response.c |
||
Modify the default user of nginx and use the configuration file parameters to achieve Modify the default user of nginx and implement it by compiling parameters |
||
performance optimization |
woker_processes 8 Generally, it is the same as the number of CPU cores; high concurrency can be twice the number of CPU cores |
|
Optimize with worker_cpu_affinity The optimized configuration parameters for 4 CPUs are 0001 0010 0100 1000 2 CPU optimization configuration parameters are 0101 1010 |
||
Use the use epoll parameter to modify the event model to the epoll model The event model specifies that configuration parameters are placed in the event block |
||
Use the worker_connections connection parameter to adjust Maximum number of concurrent user connections = number of worker processes * number of worker connections |
||
Tune with worker_rlimit_nofile parameter (65535) |
||
Use sendfile on to enable efficient transfer mode tcp_nopush on means to accumulate data to a certain amount and then transmit it tcp_nodelay on means to transmit data information quickly |
||
keepalive_timeout optimizes the client's access to the nginx server timeout client_header_timeout optimizes the server-side read request header timeout time client_body_timeout optimizes the timeout between sending two request bodies send_timeout optimizes the interval timeout between two response messages |
||
Security optimization |
client_max_body_size sets the maximum size of the client request message body |
|
performance optimization |
Optimize the use of FastCGI and PHP connection buffer information Optimize the use of FastCGI to connect with PHP to cache information |
|
Compression and optimization of data information using gzip command To save website bandwidth resources |
||
Use the location to match the corresponding information to be cached, and use the expires parameter to combine the time information for caching. |
||
log optimization |
Do log file polling cuts Some log contents are not recorded, saving system disk space Authorize log files |
|
In front of the dynamic parsing configuration, set to restrict the parsing of extension files in a specific directory 限制指定目录uri信息访问,利用禁止策略和返回错误状态码 限制用户访问,利用白名单和黑名单方式 禁止非法域名解析访问企业网站 |
||
安全优化 |
根据HTTP referer实现防盗链 根据cookie防盗链 通过加密变换访问路径实现防盗链 在产品设计上解决盗链方案 |
|
感知优化 |
对错误代码实行本地页面跳转 优雅显示错误页面放到本地单独目录下,进行优雅显示 改变状态码为新的状态码,并显示指定的文件内容 错误状态码URL重定向 将错误状态码重定向到一个location |
|
安全优化 |
只将用户上传数据的目录设置为755,用户和组使用nginx 其余目录和文件为755/644,用户和组使用root |
|
利用robots.txt机器人协议防止爬虫(君子协议) 利用$http_user_agent变量阻止爬虫代理访问(2种方法) 利用程序开发验证码信息,阻止进行爬虫 |
||
利用$request_method限制请求方法 |
||
全面优化 |
|
|
利用程序或反向代理实现架构访问分离解耦优化 |
||
安全优化 |
利用nginx –c参数启动nginx多实例,使master进程让普通用户管理 |
|
利用limit_conn_zone参数和$binary_remote_addr变量限制nginx单IP地址并发连接数 利用limit_conn_zone参数和$server_name r变量限制nginx虚拟主机总连接数 |
||
|
|
|
|