Performance monitoring and tuning Nginx

ngx_http_stub_status monitor connection information

nginx has become the most widely used web server and reverse proxy server, Tomcat server usually be represented by our online nginx, in order to achieve load balancing. Since then nginx is applied too widely, we've got to learn how to do performance monitoring for nginx. This section describes how to use the ngx_http_stub_status nginx module monitors the connection information. The default paper readers foundation nginx, so some basic things are not much introduction.

The official address of the document on the module are as follows:

http://nginx.org/en/docs/http/ngx_http_stub_status_module.html

If you are using nginx yum install, then usually comes with this module, you can ignore the following period in order to install the module and recompiling ngx_http_stub_status install nginx part. Because my nginx is compiled and installed, it did not add this module to compile, so now need to re-compile and install once. Process is as follows:

[root@01server ~]# /usr/local/nginx/sbin/nginx -V  # 列出安装了哪些模块，可以看到我这里没有安装任何模块
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 ( 4.8.5-11) (GCC) 
configure arguments: --prefix=/usr/local/nginx
[root@01server ~]# rm -rf /usr/local/nginx/  # 删除原本的nginx
[root@01server ~]# cd /usr/local/src/  # 进入存放安装包的路径  
[root@01server /usr/local/src]# ls  
nginx-1.12.1    nginx-1.12.1.tar.gz
[root@01server /usr/local/src]# cd nginx-1.12.1  # 进入之前已经解压好的目录
[root@01server /usr/local/src/nginx-1.12.1]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module  # 加入编译参数，指定需要安装的模块
[root@01server /usr/local/src/nginx-1.12.1]# make && make install  # 编译安装
[root@01server /usr/local/src/nginx-1.12.1]# cd /usr/local/nginx/sbin/
[root@01server /usr/local/nginx/sbin]# ./nginx -V # 可以已经把模块安装好了
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module  
[root@01server /usr/local/nginx/sbin]# 

After installing, also you need to edit some configuration files, do not use nginx default configuration file:

[root@01server /usr/local/nginx/sbin]# cd ../conf/
[root@01server /usr/local/nginx/conf]# mv nginx.conf nginx.conf.bak  # 不使用nginx自带的配置文件
[root@01server /usr/local/nginx/conf]# vim nginx.conf  # 将以下内容粘贴进去
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events
{
    use epoll;
    worker_connections 1024;
}

http
{
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 3526;
    server_names_hash_max_size 4096;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /usr/local/nginx/logs/access.log  main;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 30;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path /usr/local/nginx/client_body_temp;
    proxy_temp_path /usr/local/nginx/proxy_temp;
    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
    fastcgi_intercept_errors on;
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-Javascript text/css text/htm 
    application/xml;
    include vhost/*.conf;
}
[root@01server /usr/local/nginx/conf]# mkdir vhost
[root@01server /usr/local/nginx/conf]# vim vhost/default.conf  # 虚拟主机配置文件，将以下内容粘贴进去
server{
        listen 80;
        server_name localhost;
        index index.html index.htm index.php;
        root /usr/local/nginx/html;

        location = /nginx_status{  # 配置访问路径，即uri
            stub_status on;  # 开启该模块
            access_log off;  # 关闭日志
            allow 101.106.102.129;  # 允许访问的ip，即白名单ip 
            allow 127.0.0.1;
            deny all;  # 拒绝白名单ip以外的ip访问
       }
}
[root@01server ~]# 

Start nginx:

[root@01server /usr/local/nginx/conf]# cd ../sbin/
[root@01server /usr/local/nginx/sbin]# ./nginx -t  # 检查nginx的配置文件是否正常
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 
[root@01server /usr/local/nginx/sbin]# ./nginx -c /usr/local/nginx/conf/nginx.conf  # 启动nginx
[root@01server /usr/local/nginx/sbin]# netstat -lntp |grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22713/nginx: master 
[root@01server /usr/local/nginx/sbin]# 

After a successful start, use your browser to access / nginx_status, a successful response to access information is as follows:

Description:

• The number of connections Active connections currently active (including waiting)
• Accepts the received total number of connections
• Total number of connections handled processed
• requests the current total number of requests
• Reading nginx number of connections being read
• The number of connections is responding Writing nginx
• Waiting The current number of free connections

As can be seen the current connection information nginx these simple parameters. In high concurrency scenarios, one can determine the current number of concurrent parameters based on Active connections, Reading parameters you can tell us whether or not the current nginx busy. Of course, this is just the easiest way to monitor a nginx, so it was only a few parameters. But these are other more advanced monitoring tools basis, so understanding these basic monitoring is also necessary.

---

ngxtop monitoring request information

In the previous section, we introduce how to use the connection information ngx_http_stub_status module to monitor the nginx. This section describes how to use tools to monitor ngxtop request information of nginx.

ngxtop nginx access log may be parsed in real time, and outputs the processing result to the terminal, the function is similar to system command top, so the software named ngxtop. With ngxtop, you can understand the current real-time access to the status of nginx, no longer need to refresh the screen to see the log tail.

ngxtop Project Address:

https://github.com/lebinh/ngxtop

Installation ngxtop:

[root@01server ~]# yum install -y epel-release
[root@01server ~]# yum install -y python-pip

Pip then mounted ngxtop, the following command:

[root@01server ~]# pip install ngxtop

ngxtop use:

[root@01server ~]# ngxtop --help
ngxtop - ad-hoc query for nginx access log.

Usage:
    ngxtop [options]
    ngxtop [options] (print|top|avg|sum) <var> ...
    ngxtop info
    ngxtop [options] query <query> ...

Options:

-l <file>, --access-log <file>  # 需要分析的访问日志
    -f <format>, --log-format <format>  # log_format指令指定的日志格式 [默认: combined]
    --no-follow  ngxtop default behavior is to ignore current lines in log
                     and only watch for new lines as they are written to the access log.
                     Use this flag to tell ngxtop to process the current content of the access log instead.  # 简而言之，对历史信息进行统计
    -t <seconds>, --interval <seconds>  report interval when running in follow mode [default: 2.0]  # 指定监控信息刷新的间隔，单位为秒 [默认: 2.0]
    -g <var>, --group-by <var>  # 根据变量分组 [默认: request_path]
    -w <var>, --having <expr>  # 具备子句 [默认: 1] having clause [default: 1]
    -o <var>, --order-by <var>  # 排序 [默认: count]
    -n <number>, --limit <number>  # 显示的条数 [默认: 10]
    -a <exp> ..., --a <exp> ...  add exp (must be aggregation exp: sum, avg, min, max, etc.) into output  # 添加聚合表达式到输出信息中

    -v, --verbose  # 更多的输出
    -d, --debug  # 打印所有行和解析记录，debug
    -h, --help  # 当前帮助信息.
    --version  # 输出版本信息.

advanced options:

-c <file>, --config <file>  # 运行ngxtop解析nginx配置文件
-i <filter-expression>, --filter <filter-expression>  filter in, records satisfied given expression are processed.  # 根据指定的表达式进行过滤，仅显示过滤后的信息
-p <filter-expression>, --pre-filter <filter-expression> in-filter expression to check in pre-parsing phase.  # 在筛选器表达式中检查预解析阶段

example:

All examples read nginx config file for access log location and format.
If you want to specify the access log file and / or log format, use the -f and -a options.
"top" like view of nginx requests

指定配置文件启动ngxtop: 
$ ngxtop -c /usr/local/nginx/conf/nginx.conf

404前十的请求:
$ ngxtop top request_path --filter 'status == 404'

总流量前十的请求:
$ ngxtop --order-by 'avg(bytes_sent) * count'

访问量前十的ip地址:
$ ngxtop --group-by remote_addr

输出400以上状态码的请求以及请求来源:
$ ngxtop -i 'status >= 400' print request status http_referer

Average body bytes sent of 200 responses of requested path begin with 'foo':
$ ngxtop avg bytes_sent --filter 'status == 200 and request_path.startswith("foo")'

Nginx specified configuration file to boot:

[root@01server ~]# ngxtop -c /usr/local/nginx/conf/nginx.conf

After starting as follows:

Note: Summary overview of the equivalent of the requested information, Detailed naturally are the details of the request. 2xx, 3xx, 4xx, and 5xx, http states are represented. avg_bytes_sent represents the average number of bytes transmitted request, request_path is the request path, count represents the total number of requests.

By default, ngxtop request information is not displayed before the start ngxtop, will show the new start after ngxtop request information. So we can go to the browser to refresh, just visit some pages, man-made some requests. The following diagram, Then you can see ngxtop successfully monitor to request information:

We can specify some conditions for the option, for example, I want to show only http status is 200, you can use the -i specified:

[root@01server ~]# ngxtop -c /usr/local/nginx/conf/nginx.conf -i 'status == 200'

as follows:

For example, I want to show the most visited ip, can be specified with -g:

[root@01server ~]# ngxtop -c /usr/local/nginx/conf/nginx.conf -g remote_addr

as follows:

If you want to view the requested information before you can use --no-follow option, equivalent to a request for information to do a history of statistics, as follows:

About ngxtop common operations will briefly explain to this, I hope to learn more about the most direct is to inspect the project document on the github.

---

nginx-rrd graphical monitoring

In the two subsections, we introduce two nginx-based tool that monitors the connection information and request information, they are based on the command line. This section describes the nginx a graphical monitoring tool that is nginx-rrd. nginx-rrd is Nginx Nginx official recommended a monitoring tool, you can easily generate charts use nginx-rrd, it can monitor the connection information and request information.

nginx-rrd official website address:

https://www.nginx.com/resources/wiki/modules/rrd_graph/

So we are going to take a look at how to install and use nginx-rrd it. nginx-rrd part function is based on two subsections Tools introduced implemented, it is necessary to install the required before installation nginx-rrd The introduction of the two. Since nginx-rrd is implemented so before using php, php we have to install the operating environment, as well as the installation of dependencies of rrdtool. I am here to use yum install command as follows:

[root@01server ~]# yum install -y php php-gd php-soap php-mbstring php-xmlrpc php-dom php-fpm
[root@01server ~]# yum install -y perl rrdtool perl-libwww-perl libwww-perl perl-rrdtool

After installing the operating environment and php rrdtool, we also need to nginx and php-fpm be a consolidation. Php-fpm modified configuration file, the file user and group nginx.conf modified to match the user:

[root@01server ~]# vim /etc/php-fpm.d/www.conf
user = nobody
group = nobody
[root@01server ~]# 

Need to let nginx support parsing php, in the virtual host configuration file, add the following:

[root@01server ~]# vim /usr/local/nginx/conf/vhost/default.conf  # 添加以下内容
location ~ \.php$
{
    include fastcgi_params;
    fastcgi_pass unix:/tmp/php-fcgi.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
[root@01server ~]# 

Once configured, start php-fpm services, and reload nginx:

[root@01server ~]# systemctl start php-fpm
[root@01server ~]# netstat -lntp |grep 9000
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      24418/php-fpm: mast 
[root@01server ~]# nginx -s reload

Then at the virtual host configuration file pointed to by the site's root directory, create a simple php documents to test whether nginx has been able to properly resolve the php code:

[root@01server ~]# vim /usr/local/nginx/html/index.php  # 文件内容如下
<?php phpinfo(); ?>
[root@01server ~]# 

Then a visit to the browser, as it is representative of nginx has been able to support the analytic php:

---

Now we can begin to install nginx-rrd, first use the following command to download the compressed package nginx-rrd:

[root@01server ~]# cd /usr/local/src/
[root@01server /usr/local/src]# wget http://soft.vpser.net/status/nginx-rrd/nginx-rrd-0.1.4.tgz

Then decompressed and copied a number of script files and configuration files to the appropriate system directory:

[root@01server /usr/local/src]# tar -zvxf nginx-rrd-0.1.4.tgz
[root@01server /usr/local/src]# cd nginx-rrd-0.1.4
[root@01server /usr/local/src/nginx-rrd-0.1.4]# ls
etc  html  usr
[root@01server /usr/local/src/nginx-rrd-0.1.4]# cp etc/nginx-rrd.conf /etc
[root@01server /usr/local/src/nginx-rrd-0.1.4]# cp usr/sbin/* /usr/sbin
[root@01server /usr/local/src/nginx-rrd-0.1.4]# rm -rf /usr/local/nginx/html/index.php  # 删除之前测试用的php文件
[root@01server /usr/local/src/nginx-rrd-0.1.4]# cp html/index.php /usr/local/nginx/html/

Nginx-rrd modify configuration files, configuration data storage directory and picture storage directory, as follows:

[root@01server ~]# vim /etc/nginx-rrd.conf
# dir where rrd databases are stored
RRD_DIR="/usr/local/nginx/html/nginx-rrd";  # 数据存储目录
# dir where png images are presented
WWW_DIR="/usr/local/nginx/html";  # 图片存储目录
[root@01server ~]# 

After configuring, we also need to use the new crontab scheduled tasks for regular implementation of the two scripts nginx-rrd because nginx-rrd needs time to collect data in order to achieve the effect of a monitor:

[root@01server ~]# crontab -e
* * * * * /bin/sh /usr/sbin/nginx-collect  # 采集数据脚本
*/1 * * * * /bin/sh /usr/sbin/nginx-graph  # 生成图片脚本
[root@01server ~]# 

Our regular tasks set here is executed once every minute, you can use the following command to see if there are regular tasks in the implementation of:

[root@01server ~]# tail -f /var/log/cron

After confirming the normal execution timing of the task, we install the apache a pressure measurement tool, we facilitate a large amount of request data:

[root@01server ~]# yum -y install httpd-tools

After installation is complete, using the following command to nginx pressure-measurement can be performed multiple times:

[root@01server ~]# ab -n 10000 -c 10 http://127.0.0.1/index.html

Command Description:

• -n specifies the total number of requests
• -c specify how many simultaneous requests

After some of the request data is generated using a press metrology tool, access to the browser nginx-rrd index.php file, the following results:

---

nginx optimization

In the above section, we introduce some nginx monitoring tools. After know how to nginx performance monitoring, we naturally need to know some common nginx optimization of parameters and configuration, so this section is to introduce some of the common ways to optimize the nginx.

1. Configure the number of worker processes and the number of concurrent connections.

By default, nginx is only one worker process, 1024 concurrent connections. When we need to improve concurrent nginx load capacity, it can be appropriate to increase the number of work processes and the number of concurrent connections. Configured in nginx.conf in:

[root@01server ~]# vim /usr/local/nginx/conf/nginx.conf  # 修改或增加如下几个参数
worker_processes 2;  # 工作进程数受cpu核心数的限制，数量不能超过cpu的核心数
events
{
    use epoll;  # 使用epoll模型，可以提高并发效率
    multi_accept on;  # 开启一次建立多个连接
    worker_connections 10240; # 每一个工作进程能够打开的最大连接数，包含了nginx与客户端和nginx与upstream之间的连接
}
[root@01server ~]# 

---

2. Reverse Proxy Configuration (Server rear end) of the long connection

Nginx upstream connected to the rear end of the default short connections, initiate a connection through the rear end of HTTP / 1.0, the request and the "Connection" header is set to "close". Nginx default connection with the front end of a long connection, after establishing a connection with a user Nginx, send multiple requests via the long connections. If you Nginx only, a user may need to connect a plurality of short reverse proxy connected to the rear end. If the backend server (or source station cache server) connected to the concurrent processing is not strong, it may cause a bottleneck. So we need to configure a reverse proxy is a long connection, in order to alleviate the problem of bottlenecks. Example configured as follows:

[root@01server ~]# vim /usr/local/nginx/conf/vhost/default.conf
upstream server_pool{
    server localhost:8080 weight=1 max_fails=2 fail_timeout=30s;
    server localhost:9080 weight=1 max_fails=2 fail_timeout=30s;
    keepalive 300;  # 设置300个长连接，长连接能够大大提高请求转换的效率
}

location / {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://server_pool/;
}
[root@01server ~]# 

---

3. Configure gzip compression

We know that the text data are basically http transmission, the text data is compressed, the volume of data can be reduced. This can greatly improve the efficiency of access, and loading speed of the page, and also to reduce the consumption of bandwidth resources. Example configured as follows:

[root@01server ~]# vim /usr/local/nginx/conf/nginx.conf
gzip on;  # 开启Gzip
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";  # ie6不提供gzip
gzip_proxied any;
gzip_types text/plain application/x-javascript text/css application/xml application/json application/x-font-ttf application/sfg+xml application/x-icon text/javascript application/x-httpd-php image/jpeg image/gif image/png;  # 需要压缩的类型
gzip_vary on;
gzip_static on;  # 如果有压缩好的，直接使用
[root@01server ~]# 

---

4. Operating System Optimization

In the Linux operating system, we can modify /etc/sysctl.confthe configuration file system, in order to set the parameters tcp / ip connection, you can improve the efficiency of network connections at the operating system level. Example configured as follows:

[root@01server ~]# vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1 # 防止一个套接字在有过多试图连接到达时引起过载
net.core.somaxconn = 1024  # 连接队列的长度，默认值为128,
net.ipv4.tcp_fin_timeout = 10  # timewait的超时时间，设置短一些
net.ipv4.tcp_tw_reuse = 1  # os直接使用timewait的连接
net.ipv4.tcp_tw_recycle = 0  # 回收禁用，不回收timewait连接
[root@01server ~]#

Also in /etc/security/limits.confthe configuration file, the configuration process can open a maximum number of files. Example configured as follows:

[root@01server ~]# vim /etc/security/limits.conf
* hard nofile 204800
* soft nofile 204800
* soft core unlimited
* soft stack 204800
[root@01server ~]#

---

5. Other optimization:

Example configured as follows:

[root@01server ~]# vim /usr/local/nginx/conf/nginx.conf
sendfile on;  # 减少文件在应用和内核之间的拷贝
tcp_nopush on;  # 当数据包达到一定大小再发送，避免频繁发送数据包
tcp_nodelay off;  # 关闭有数据就随时发送，也是避免频繁发送数据包
[root@01server ~]#