1. Nginx cannot start solution
When viewing logs, the following errors are reported:
0.0.0.0:80 failed (10013: An attempt was made to access a socket in a way forbidden by its access permissions)
It's because of a conflict on port 80
2. Weight 和 ip_hash
upstream in the load balancing module
Weight is to give priority to the requested link to access the service
Ip_hash will forward the client to an available server
If the server is unavailable, it needs to be marked with down
Also, weight and ip_hash cannot be used at the same time
3. Nginx tomcat load balancing and multi-domain same port forwarding
Nginx's module for http load balancing is upstream
Upstream can perform multiple configurations, so that you can configure the site flexibly, but note that the name behind upstream is best configured as a domain name, because upstream is http access, there is no problem with general parsing, but if it is ajax parsing It will be accessed by accessing the name behind the upstream, pay attention here.
Modify the configuration file: conf/nginx.conf
Upstream server configuration:
§ weight = NUMBER - sets the server weight, defaults to 1 .
§ max_fails = NUMBER - the maximum number of failed requests generated when checking whether this server is available within a certain time (this time is set in the fail_timeout parameter), the default is 1, set it to 0 to turn off the check, these errors are in proxy_next_upstream or fastcgi_next_upstream (404 errors do not increase max_fails).
§ fail_timeout = TIME - the server may not be available after a failed connection attempt of the size set by max_fails is generated during this time, also it specifies the time the server is unavailable (before the next connection attempt is initiated), the default is 10 seconds , fail_timeout is not directly related to the front-end response time, but can be controlled by proxy_connect_timeout and proxy_read_timeout.
§ down - marks the server as offline, usually used with ip_hash.
§ backup - (0.6.7 or higher) This server is used if all non-backup servers are down or busy (cannot be used with the ip_hash directive).
# Sites that need to be load balanced
# where server is a node of load balancing www.aaa.com
upstream www.aaa.com {
server 192.168.0.1:8080 weight=1;
server 192.168.0.2:8080 weight=2;
server 192.168.0.1:8081 weight=3;
}
# Load balancing node for www.bbb.com of the second website
upstream www.bbb.com {
server 192.168.1.1:8080 ;
server 192.168.1.2:8080 ;
server 192.168.1.3:8080 ;
ip_hash;
}
# The same server forwards 2 different domain names for load balancing
#www.aaa.com 的 server
server
{
listen 80;
server_name www.aaa.com;
location / {
index index.html index.jsp;
# The proxy_pass here forwards the upstream name www.aaa.com
proxy_pass http://www.aaa.com;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100m;
}
#limit_conn crawler 20;
}
server
{
listen 80;
server_name www.bbb.com;
location / {
index index.html index.jsp;
# The proxy_pass here forwards the upstream name www.bbb.com
proxy_pass http://www.bbb.com;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100m;
}
#limit_conn crawler 20;
}
4. nginx install linux
prerequisites
yum install pcre pcre-devel
release file
tar –zxvf nginx.tar.gz
Install
./configure --prefix=path
make
make install
3) Manage nginx service
start up:
/usr/local/nginx/sbin/nginx
stop
/usr/local/nginx/sbin/nginx -s stop
reboot
/usr/local/nginx/sbin/nginx -s reload
View status
ps -auxf | grep nginx
./configure "--prefix=/export/servers/nginx" "--sbin-path=/export/servers/nginx/sbin/nginx" "--conf-path=/export/servers/nginx/conf/nginx.conf" "--error-log-path=/export/servers/nginx/logs/error.log" "--http-log-path=/export/servers/nginx/logs/access.log" "--pid-path=/export/servers/nginx/var/nginx.pid" "--lock-path=/export/servers/nginx/var/nginx.lock" "--http-client-body-temp-path=/dev/shm//nginx_temp/client_body" "--http-proxy-temp-path=/dev/shm/nginx_temp/proxy" "--http-fastcgi-temp-path=/dev/shm/nginx_temp/fastcgi" "--user=www" "--group=www" "--with-cpu-opt=pentium4F" "--without-select_module" "--without-poll_module" "--with-http_realip_module" "--with-http_sub_module" "--with-http_gzip_static_module" "--with-http_stub_status_module" "--without-http_ssi_module" "--without-http_userid_module" "--without-http_geo_module" "--without-http_map_module" "--without-mail_pop3_module" "--without-mail_imap_module" "--without-mail_smtp_module"--without-mail_imap_module" "--without-mail_smtp_module"--without-mail_imap_module" "--without-mail_smtp_module"
5. Log output corresponding time
"$request_time"';
Just add the above parameters after log_format
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
6. Set cache-control
Common values of cache-control of Http protocol and their combined definitions:
no-cache: The data content cannot be cached, and the server is revisited for each request. If there is a max-age, the server will not be accessed during the cache period.
no-store: not only can not be cached, but also can not be temporarily stored (ie: the resource cannot be temporarily stored in the temporary folder)
private (default): can only be cached in the browser, access the server only at the first request, if there is max-age, the server will not be accessed during the cache.
public: can be cached by any cache area, such as: browser, server, proxy server, etc.
max-age: relative expiration time, that is, the cache time in seconds.
no-cache, private: revisit the server when opening a new window, if max-age is set, the server will not be accessed during the cache period.
private, positive max-age: will not access the server when going back
no-cache, positive max-age: will hit the server when going back
Hit refresh : the server will be accessed anyway.
Expires:
Set the absolute expiration time in minutes, the priority is lower than Cache-Control, and set Expires and Cache-Control at the same time, the latter will take effect.
Last-Modified:
The last modification time of the resource, when the browser requests the resource next time, the browser will first send a request to the server, and attach the If-Unmodified-Since header to indicate the last modification time of the resource cached by the browser, if the server If no modification is found, it will directly return 304 (Not Modified) response information to the browser (with very little content). If the server compares the time and finds that it has been modified, it will return the requested resource as usual.
In the web page settings:
<meta http-equiv="Cache-Control" content="max-age=7200" />
or
<meta http-equiv="Expires" content="Mon, 20 Jul 2009 23:00:00 GMT" />
Only valid for this page
Nginx settings:
# Related page settings Cache-Control header information
if ($request_uri ~* "^/$|^/search/.+/|^/company/.+/") {
add_header Cache-Control max-age=3600;
}
if ($request_uri ~* "^/search-suggest/|^/categories/") {
add_header Cache-Control max-age=86400;
}
The global one can be configured under location /
7. The difference between static compression and dynamic compression
Static compression:
Static compression is to use tools to compress files through compression tools, and then nginx just sets the file header; such as:
The file is 1.html , then compressed to 1.html.gz
Then configure in the nginx configuration file:
location ~ \.gz$ {
add_header Content-Encoding gzip;gzip off;//off here means no dynamic compression
}
Because our 1.html has been compressed to 1.html.gz before, we only need to set the header to gzip at this time, and do not enable gzip dynamic compression;
Dynamic compression:
Dynamic compression means that our files are not compressed by tools before, but are compressed by nginx, which is dynamic compression, such as:
#Start pre-compression function, valid for all types of files gzip_static on; #Cannot
find pre-compressed files, perform dynamic compression gzip on;
gzip_min_length 1000;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain application/x-javascript text /css application/xml;
#gzip public configuration gzip_http_version 1.1
gzip_proxied expired no-cache no-store private auth;
#Tangled configuration
# There is a bug for ie, the request will not be cached after responding to the vary header, and a new request will be resent every time. So, disable gzip directly for ie 1-6.
gzip_disable "MSIE [1-6]\.";
# Enable the Http Vary header, which is mainly provided to the proxy server, and is processed differently according to the Vary header. For example, a reverse proxy cache server will return gzipped content for requests that support gzip, and a client that does not support gzip returns the original content.
gzip_vary on;
1. gzip_static configuration priority is higher than gzip
2. After opening nginx_static, for any file, it will first check whether there is a corresponding gz file
3. gzip_types setting is invalid for gzip_static
8. nginx: [emerg] unknown directive "if"
nginx: [emerg] unknown directive "if($args" in /export/servers/nginx/conf/nginx.conf:90
This error is because of missing pcre package
9. Solution to the problem of installing nginx pcre
pcre needs to specify the path
-with-pcre=/usr/local/include/pcre
Be careful not to add a trailing slash
first,
mkdir /usr/local/include/pcre
mkdir /usr/local/include/pcre/.libs
Then cp the pcre package to the specified path:
cp /opt/pcre/lib/libpcre.a /usr/local/include/pcre/libpcre.a
cp /opt/pcre/lib/libpcre.a /usr/local/include/pcre/libpcre.la
cp /opt/pcre/include/pcre.h /usr/local/include/pcre/pcre.h
cp /usr/local/include/pcre/*.* /usr/local/include/pcre/.libs
/opt/pcre is the installation path of pcre, which can be customized here. After cp completes the file, we will install the nginx configuration
./configure --prefix=/opt/nginx --with-pcre=/usr/local/include/pcre
Notice:
--with-pcre=/usr/local/include/pcre
This must be the /usr/local/include/pcre path, the installation path is not good, I have tried it here, otherwise it will be a headache after failure;
Second, after compiling, the following error is reported:
make -f objs/Makefile
make[1]: Entering directory `/export/software/nginx/jdws-1.0'
cd /usr/local/include/pcre \
&& if [ -f Makefile ]; then make distclean; fi \
&& CC="gcc" CFLAGS="" \
./configure --disable-shared
/bin/sh: line 2: ./configure: ûÓÐÄǸöÎļþ»òĿ¼
make[1]: *** [/usr/local/include/pcre/Makefile] ´íÎó 127
make[1]: Leaving directory `/export/software/nginx/jdws-1.0'
make: *** [build] ´íÎó 2
We modify the objs/MakeFile file in the nginx installation directory
/usr/local/include/pcre/Makefile: objs/Makefile
cd /usr/local/include/pcre \
&& if [ -f Makefile ]; then $(MAKE) distclean; fi \
&& CC="$(CC)" CFLAGS="" \
./configure --disable-shared
At about line 994, after removing the line ./configure --disable-shared, then make and make install will work fine
10. Nginx reverse proxy to get real IP
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
11. nginx uses if error
When the following error occurs:
[emerg]: unknown directive "if($request_method" in /export/servers/nginx/conf/nginx.conf:86
One is less pcre package
Another is:
Space is required between if and parentheses
12. Set the cache header
add_header X-Cache '$upstream_cache_status from $server_addr';
13. nginx cache state cache
proxy_cache_valid 200 304 20m;
If you want to cache the content, you need to add the above content, which is to cache the http status value and set the cache time.
14. $request_uri
$request_uri Get the full path of the current browser
$uri$is_args$args This is to get the real request path
15. Rewrite needs to be written in location
404 with rewrite
Later, I saw that rewrite in the configuration is outside the location in the server. This is a problem. It is no problem to put rewrite in the location.
16. Debug nginx
Modify config and compile
Because gdb needs gcc with the -g parameter, so that the generated files can be debugged with gdb, so we need to make a small change to the source code
Modify the auto/cc/conf file
ngx_compile_opt="-c"
become
ngx_compile_opt="-c -g"
execute configure
./configure --prefix=/home/yejianfeng/nginx/
confirm
It is found that there is an extra objs folder, which contains the Makefile file
Make sure the -g parameter is added
vim objs/Makefile
![clip_image001[6]](http://img1.tuicool.com/jIBRJ3.jpg%21web)
17. Nginx high concurrency settings
When the concurrency is 100, nginx+php can reach 850, but the concurrency of 300-500 is as low as 400-500, which is not normal, so it is necessary to set the environment of the linux system
================================================================
In vi /etc/sysctl.conf CentOS5.5, all contents can be emptied and replaced directly with the following:
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
To make the configuration take effect immediately, use the following command:
sysctl -p
==============================================================
Add at the end of /etc/security/limits.conf:
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
Which one to use, using the first method in CentOS has no effect, using the third method has an effect, and using the second method in Debian has an effect
refer to:
http://hi.baidu.com/touchiyudeji/item/a699730b80ba78d9dde5b00e
18. nginx log format configuration
log_format main '$remote_addr - $remote_user [$time_local] ' '-----"$request"------- $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"' '"addr:$upstream_addr - status:$upstream_status - cachestatus:$upstream_cache_status"'
'- cacheKey:"$host:$server_port$request_uri"' ;
The address of the requested upstream $upstream_addr
Request upstream status $upstream_status
The status of the requested upstream cache $upstream_cache_status
19. The number of groups () in the Nginx if judgment condition cannot exceed 9, and if more than 9 are not rewrite, there will be aborted problem
if ($request ~* .*/((1)|(2)|(3)|(4)|(5)|(6)|(7)|(8)|(9))){
}
In this case, the non-rewrite content will show the aborted problem, and the solution is determined by multiple ifs
20. error_page switch to the specified location
Define a location, use @ to define a name that cannot be accessed outside, generally used in try_files and error_page
location @hhvm_error_to_php {
include fastcgi_params;
# fastcgi_pass unix:/dev/shm/php-fcgi.sock;
fastcgi_pass php_servers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /export/data/www/comm.360buy.com_test$fastcgi_script_name;
fastcgi_connect_timeout 3;
fastcgi_send_timeout 5;
fastcgi_read_timeout 5;
}
location ~ \.php$ {
################hhvm###################################################### ##############################################
#edit date:20130724
#edit author:huzhiguang
#function: access url to hhvm
###################################################################################################
if ($request ~* .*/(ProductPageService\.aspx|clubservice\.aspx|(productpage/p-(\d*)-s-(\d*)-t-(\d*)-p-(\d*)\.html.*)|(clubservice/newcomment-(.*)-(\d*)\.html.*))){
# Jump to hhvm_error_to_php when encountering an error 500 502 503 504 This location is handled by php
error_page 500 502 503 504 = @
proxy_pass http://hhvms ;
# When break is used in if matching, the following will not continue to match, so there is no need to judge non-
break;
}
# After adding the line change, after the proxy returns 500, it will intercept the error_page processing, which is not processed by default
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
##################################################################################################
include fastcgi_params;
# fastcgi_pass unix:/dev/shm/php-fcgi.sock;
fastcgi_pass php_servers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /export/data/www/comm.360buy.com_test$fastcgi_script_name;
fastcgi_connect_timeout 3;
fastcgi_send_timeout 5;
fastcgi_read_timeout 5;
}
If this line is added, if 500 appears in php, nginx will process error_page, which is not processed by default
fastcgi_intercept_errors on;
21. Nginx encounters access aborted solution
When nginx cannot access all aborted, there is no problem with the configuration, and when reload does not take effect, then kill all nginx, and then restart it.
This is what I found because I updated a dynamic link library:
libz.so.1 => /export/servers/hhvm-1.1/support_lib/libz.so.1 (0x00007fd912710000)
Then it affects the operation of nginx, so this kind of reload is invalid