Table of contents
2) Configure Nginx's image cache
3) Nginx connection timeout setting
4) Concurrency setting of Nginx
Modify the number of worker process cores:
1) How to check the Nginx version
Method 1: Curl simulates access to obtain
Method 2: Browser access to view
Method 1: Modify the configuration file and turn off the version number
Method 2: Modify the version number in the source code file, recompile and install
2) Execute the script for testing
3) Add the log script to the scheduled task
Modify the main configuration file and add anti-leech settings
Place error.png under /var/local/nginx/html
Third-party users access hotlink hosts:
Third-party access to the original host:
Five, fpm parameter optimization
1. Nginx page optimization
1) Nginx web page compression
The ngx_http_gzip_module compression module in Nginx provides the function of compressing file content. By making relevant configuration modifications, the compression of Nginx pages can be achieved, saving bandwidth and improving user access speed
vim /usr/local/nginx/conf/nginx.conf
http {
..........
gzip on;
gzip_min_length 1k;
gzip_buffers 4 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_vary on;
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json;
}
Restart the service and perform an access test:
2) Configure Nginx's image cache
After Nginx returns the web page data to the client, the cache time can be set to facilitate the direct return when the same content is requested in the future, avoiding repeated requests and speeding up the access speed
Generally, it is set for static web pages, and the cache time is not set for dynamic web pages.
vim /usr/local/nginx/conf/nginx.conf
http {
.................
location ~* \.(gif|jpg|jepg|bmp|ico)$ {
root html;
expires 1d;
}
}
Restart the service and test access:
3) Nginx connection timeout setting
- HTTP has a KeepAlive mode, which tells the web server to keep the TCP connection open after processing a request. If other requests are received from the same client, the server will use this unclosed connection without establishing another connection
- KeepAlives are kept on for a period of time, during which time they take up resources. Excessive use will affect performance
- In the enterprise website, in order to avoid the same client occupying the connection for a long time and causing waste of resources, the corresponding connection timeout parameters can be set to control the connection access time. You can modify the configuration file nginx.conf to set the keepalive_timeout timeout
vim /usr/local/nginx/conf/nginx.conf
http {
......
keepalive_timeout 65 180; //设置连接超时时间
client_header_timeout 80;
client_body_timeout 80;
......
}
- Specify the timeout of KeepAlive (timeout). Specify how long each TCP connection can be kept at most, and the server will close the connection after this time
- The default value of Nginx is 65 seconds, and some browsers only keep 60 seconds at most, so it can be set to 60 seconds. If it is set to 0, keepalive connections are disabled
- The second parameter (optional) specifies the time value in the response header Keep-Alive: timeout=time. This header allows some browsers to actively close the connection so that the server doesn't have to close the connection. Without this parameter, Nginx will not send the Keep-Alive response header
Restart the service and access the test:
4) Concurrency setting of Nginx
In high-concurrency scenarios, more Nginx processes need to be started to ensure fast response to process user requests and avoid blocking
View the number of cores of the cpu, and set the number of work processes according to the number of cores
#1、查看cpu核数
cat /proc/cpuinfo |grep processor|wc -l
或
cat /proc/cpuinfo |grep -c processor
或
cat /proc/cpuinfo | grep -c "physical id"
[root@localhost html]#ps aux | grep nginx
Modify the number of worker process cores:
vim /usr/local/nginx/conf/nginx.conf
worker_processes 2; #修改为与CPU核数相同
worker_cpu_affinity 01 10; #设置每个进程由不同cpu处理,进程数配为4时0001 0010 0100 1000
Test Results:
[root@localhost html]#ps aux | grep nginx
Two, Nginx page security
——Hide the version number of Nginx
1) How to check the Nginx version
Method 1: Curl simulates access to obtain
[root@localhost ~]#curl -I 192.168.73.105
Method 2: Browser access to view
Firefox to access the browser, F12 to view network information
2) Hide the version number
Method 1: Modify the configuration file and turn off the version number
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens off; #添加这一行,关闭版本号
......
}
Test Results:
Method 2: Modify the version number in the source code file, recompile and install
cd /opt/nginx-1.12.0/src/core/
#修改前进行备份
cp nginx.h nginx.h.bak
vimn ginx.h
#define NGINX_VERSION "1.12.0"
#define NGINX_VER "nginx/" NGINX_VERSION
After modifying the configuration, switch to the Nginx software package and recompile and install:
cd /opt/nginx-1.12.0/
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
make -J 2 && make install
Modify the main configuration file again, and open the version number to display:
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens on;
......
}
Restart the service and test:
Three, Nginx log segmentation
The difference between Nginx and apache is that Nginx itself does not design log segmentation tools, so operation and maintenance personnel are required to write scripts to achieve log segmentation
Write a log splitting script
cd /opt
vim cutlogs.sh
#!/bin/bash
#nginx 分割日志脚本
#用变量day获取前天日期的时间记录
day=$(date -d "-1 day" "+%Y%m%d")
#获取日志的目录
logs_path="/var/log/nginx"
#获取运行时nginx的进程号
pid_path="/usr/local/nginx/logs/nginx.pid"
#二元表达式,如果前面不成立则执行后面的式子
#前面判断该目录是否存在,后面则表示不存在则自动创建该目录
[ -d $logs_path ] || mkdir -p $logs_path
#将生成的日志按照date生成的时间格式改名并移动到指定的路径中保存
mv /usr/local/nginx/logs/access.log ${logs_path}/access.log-$day
#重新生成一个新的日志
kill -USR1 $(cat $pid_path)
#日志文件清理,将30天前的日志进行清除
find $logs_path -mtime +30 -exec rm -rf {} \ ;
2) Execute the script for testing
3) Add the log script to the scheduled task
[root@localhost opt]#vim cutlogs.sh
[root@localhost opt]#chmod +x cutlogs.sh
[root@localhost opt]#crontab -e
0 1 * * * /opt/cutlogs.sh
Four, Nginx anti-leech
1) The process of hotlinking
The process of Nginx hotlinking is the same as that of Apache, which redirects website pictures to your own website through web browsing
Optimization, security and anti-leeching of Apache web pages
2) Nginx anti-leech setting
Modify the main configuration file and add anti-leech settings
vim /usr/local/nginx/conf/nginx.conf
http {
...........
server{
...........
location ~* \.(jpg|gif|swf)$ {
root html;
expires 1d;
valid_referers none blocked *.test.com test.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.test.com/error.png;
}
}
............
}
...............
}
Place error.png under /var/local/nginx/html
Do hotlink test
Hotlink host html page settings:
Third-party users access hotlink hosts:
Setup before access:
- Close the firewall tools firewalld and selinux
- Add the IP corresponding to the domain name to /etc/hosts
Third-party access to the original host:
Five, fpm parameter optimization
If the PHP parsing function of Nginx is implemented by FPM, in order to improve the processing speed of PHP, the parameters of the FPM module can be adjusted
Adjust the parameters of the FPM module according to the memory and service load of the server
vim /usr/local/php/etc/php-fpm.conf
pid = run/php-fpm.pid
vim /usr/local/php/etc/php-fpm.d/www.conf
--96行--
pm = dynamic #fpm进程启动方式,动态的
--107行--
pm.max_children=20 #fpm进程启动的最大进程数
--112行--
pm.start_servers = 5 #动态方式下启动时默认开启的进程数,在最小和最大之间
--117行--
pm.min_spare_servers = 2 #动态方式下最小空闲进程数
--122行--
pm.max_spare_servers = 8 #动态方式下最大空闲进程数
kill -USR2 `cat /usr/local/php/var/run/php-fpm.pid` #重启php-fpm
netstat -anpt | grep 9000