[Introduction]
nginx is now very popular on the Internet, high-performance Web server and reverse proxy, also a IMAP / POP3 / SMTP proxy server.
Now many Internet applications use nginx as a load balancing is used, then the case of high concurrency, use Nginx instead of Apache is a very good choice.
【installation】
· Install compilation tools and libraries ·
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
· Install PCRE ·
PCRE role is to support Nginx Rewrite function.
1. Download the installation package PCRE
cd /usr/local/src/
wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
2. Extract
tar zxvf pcre-8.35.tar.gz
3. Enter the installation package directory, compiled and installed
cd pcre-8.35
./configure
make && make install
4. View version
pcre-config --version
Install nginx · ·
1. Download the installation package
cd /usr/local/src/
wget http://nginx.org/download/nginx-1.6.2.tar.gz
2. Extract
tar zxvf nginx-1.6.2.tar.gz
3. Enter the installation package directory, compiled and installed
cd nginx-1.6.2
./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35
make && make install
4. View nginx version
/usr/local/webserver/nginx/sbin/nginx -v
5. The global command is set to nginx
cp /usr/local/webserver/nginx/sbin/nginx /usr/bin
[Configuration]
vim /usr/local/webserver/nginx/conf/nginx.conf
worker_processes 2; # consistent set value and the number of CPU cores
server {
listen 80; # listening port
}
【start up】
After modifying the configuration is complete, use the following command to check the configuration:
nginx -c /usr/local/webserver/nginx/conf/nginx.conf
nginx -t
Use the following command to load the configuration file and reboot:
nginx -s reload
Check the firewall is turned off, you need to be closed if not closed, otherwise the access port 80 may be blocked from your browser.
systemctl status firewalld
systemctl stop firewalld
Enter the IP plus port on the browser page, you can display the following pages is the successful installation (may take several minutes)
[Configuration optimization]
The above configuration is only the most basic configuration, only to get up and running nginx simple, we still need to make the following configurations to achieve nginx reverse proxy or load balancing.
Set user
#user nobody;
Number of worker processes, generally set cpu cores
worker_processes 1;
pid file (ensure that the process is only one)
pid /run/nginx.pid;
events {
The maximum number of connections, generally set cpu * 2048
worker_connections 1024;
}
http {
Open gzip compression (increase the transmission rate) (need to support the client browser and nginx server)
gzip on;
The minimum size of the compressed file
gzip_min_lenth 1k;
Compression Application Memory (16k data stream 4)
gzip_buffers 4 16k;
http protocol version (do not correspond to words does not support compression)
gzip_http_version 1.1;
If the client browser does not support, will not be compressed
gzip_vary on;
Log Format
log_format main
Client IP client user name request URL
'$remote_addr - $remote_user [$time_local] "$request" '
Status is returned to the client requesting the page number of bytes source (Baidu -> Baidu Post Bar)
'$status $body_bytes_sent "$http_referer" '
The client browser information the client IP address (and almost $ remote_addr)
'"$http_user_agent" "$http_x_forwarded_for"';
Log log format representative of the path is not stored log off, log back position followed, using main representatives
access_log off
access_log logs/access.log main;
The client link timeout (when there is a long connection, this field needs to be set larger)
keepalive_timeout 65;
When multiple server nodes, the default server names cache size is not enough, you need to manually set bigger
server_names_hash_bucket_size 512;
represents the virtual server host can be understood as a site, you can configure multiple server nodes to build multiple sites
Each of which a request comes in from the server determine server_name
server {
Site listening port
listen 8800;
Site access domain, which server can use this field to determine by
server_name localhost;
Encoding format, to avoid distortion parameters url
charset utf-8;
location to match the access rule under the same domain name multiple dynamic resource URI, such as how to jump, how to jump and other static resources to follow behind the location / on behalf of matching rules
location / {
Site root directory, can be a relative path, or an absolute path
root html;
The default home page
index index.html;
Backend site address forwarding, generally used to make soft load, back-end server poll
proxy_pass http://10.11.12.237:8080;
Deny the request and returns 403, it is generally used for block access to certain directories
#deny all;
Allow requests
#allow all;
Add a host header name to the requesting client request
proxy_set_header Host $host;
Header to request a client IP
proxy_set_header X-Real-IP $remote_addr;
The value of the variable $ REMOTE_ADDR added after the client "X-Forwarded-For" header in the request, and separated by commas.
If the client request does not carry the "X-Forwarded-For" header request, $ proxy_add_x_forwarded_for variable value will be the same variable $ REMOTE_ADDR
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Cookie request header is added to the client
proxy_set_header Cookie $http_cookie;
Modify coming from the proxy server response header "Location" and "Refresh" field.
proxy_redirect [ default | off | redirect replacement ]
If you use the "default" parameter settings will be determined according to location and proxy_pass parameters.
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect default;
}
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
}
The argument off disables all proxy_redirect instruction in this field
proxy_redirect off;
Is returned to the proxy server Location field: http: // localhost: 8000 / two / some / uri /
The Location field rewritten as http: // frontend / one / some / uri /.
proxy_redirect http://localhost:8000/two/ http://frontend/one/;
Use the server name and port base, even if it comes from non-port 80
proxy_redirect http://localhost:8000/two/ /;
There are many restrictions on the browser Cookie, Cookie if part of the Domain Domain does not match the current page can not be written.
Therefore, if the domain name request A, B to the domain name server proxy_pass, the server B then outputs the Domian = Cookie B,
The front page still remain in the A domain name, then the browser will not be able to write Cookie.
Not only is the domain name, browser Path is limited.
We often proxy_pass under a Path to the target server, do not expose this Path to the browser.
This time if the target server's Cookie Cookie write died Path problem can not be written will appear.
Set "Set-Cookie" domain in response to the replacement text attribute header, its value may be a string or a regular expression pattern of a reference variable
If you need to back-end server forwards Cookie cookie domain you will need to be converted, or front-end and back-end domain domain cookie is not inconsistent access
Configuration rules.
proxy_cookie_domain serverDomain (backend server domain) nginxDomain (nginx server domain)
proxy_cookie_domain localhost .testcaigou800.com;
Proxy_cookie_domain instructions to cancel all current configuration level
proxy_cookie_domain off;
Establish a connection timeout with back-end servers. Generally not be greater than 75 seconds; (but generally, some long processing time may be longer timeout)
proxy_connect_timeout 30;
}
The back-end server returns a 404 page displayed
error_page 404 /404.html;
And other back-end server returns a 500 error when the displayed page
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
When the need to listen to the same port on multiple domain names, the following configuration, different ports same domain, may also be used server_name regular configuration
But pay attention to server too need to manually expand the size of the buffer server_names_hash_bucket_size
server {
listen 80;
server_name bbb.abc.com;
charset utf-8;
location / {
proxy_pass http://localhost:10001;
}
}
server {
listen 80;
server_name aaa.abc.com;
charset utf-8;
location / {
proxy_pass http://localhost:20002;
}
}
}