Nginx web page optimization (b)
Change the number of processes running Nginx
- In high concurrency scenarios, we need to start more
Nginx
processes to ensure rapid response to process the user's request, to avoid clogging - You can use
ps aux
the command to view theNginx
running processes of the number of -
Configure the number of process changes
- Modify the configuration file, modify the configuration parameters of the process
-
Modify the configuration file
worker_ processes
parameters- Generally set
CPU
number or auditing - In the case of high concurrency may be set to
CPU
the number or twice the number of nuclei
- Generally set
- The number of running processes and more - more, when responding to access requests,
Nginx
it will not start a new process to provide temporary services, reducing system overhead, improve the speed of service -
Use
ps aux
changes in the number of viewing running processes - By default,
Nginx
the multiple processes can run in oneCPU
on, you can allocate different processes to differentCPU
treatment, take full advantage of multi-core hardwareCPU
- In stage 4 a nuclear physics server, as follows, the process will be distributed
Worker_ cpu_affinity 0001 0010 0100 1000
Configuration Example
[root@localhost conf]# ps aux | grep nginx //查看进程数
root 5278 0.0 0.0 20548 612 ? Ss 15:17 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 5279 0.0 0.0 23076 1396 ? S 15:17 0:00 nginx: worker process
root 5295 0.0 0.0 112728 972 pts/0 S+ 15:18 0:00 grep --color=auto nginx
[root@localhost ~]# cd /proc/ //进入设备目录
[root@localhost proc]# cat cpuinfo //查看cpu信息
processor : 0
vendor_id : GenuineIntel
cpu family : 6
...//省略部分内容... //第一个cpu信息
clflush size : 64
cache_alignment : 64
address sizes : 43 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
...//省略部分内容...
clflush size : 64 //第二个cpu信息
cache_alignment : 64
address sizes : 43 bits physical, 48 bits virtual
power management:
[root@localhost proc]# vim /usr/local/nginx/conf/nginx.conf //进入编辑nginx配置文件
#user nobody;
worker_processes 2; //增加cpu个数
worker_cpu_affinity 01 10; //设置平均分配访问请求
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
...//省略部分内容...
:wq
[root@localhost proc]# systemctl restart nginx.service //重启服务
[root@localhost proc]# ps aux | grep nginx //查看进程数
root 1813 0.0 0.0 20548 616 ? Ss 15:32 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1814 0.0 0.0 23076 1400 ? S 15:32 0:00 nginx: worker process
nginx 1815 0.0 0.0 23076 1400 ? S 15:32 0:00 nginx: worker process
//增加进程数
root 1823 0.0 0.0 112728 972 pts/0 S+ 15:32 0:00 grep --color=auto nginx
Nginx configuration page to achieve compression
Nginx
Thengx_http_gzip_module
compression module provides functions for the contents of the file compression- Allowing the
Nginx
server to compress content output before sending the client to save bandwidth site to enhance the user's access experience, has been installed by default - Compression parameters can be added in the appropriate configuration files to optimize compression performance
Compression parameters to explain
gzip on
: Open thegzip
compressed outputgzip_min_length 1k
: To set a minimum permissible number of bytes of compressed page ofgzip_buffers 4 16k
: Represents the application4
units to16k
the stream buffer memory as a result of compression, the default is the original application of the same size of the memory space to store the datagzip
compression resultzip_http_version 1.0
: Used to set the identificationhttp
protocol version, the default is1.1
that the majority of browsers already supportgzip
decompression, but the slowest process, but also more consumption of serverCPU
resourcesgzip_comp_level 2
: Specifiesgzip
the compression ratio,1
the compression ratio of the smallest, fastest processing;9
compression than the maximum transmission speed, the slowest processing speed, can use the defaultgzip_types text/plain
: Compression type, which is to enable compression for web documentsgzip_vary on
: Option allows front-end cache server cache aftergzip
compression of page
The above compression parameters added to the middle of the main configuration file httpd configuration
Configuration Example
[root@localhost proc]# cd /usr/local/nginx/conf/ //进入配置文件目录
[root@localhost conf]# vim nginx.conf //编辑配置文件
...//省略部分内容...
#keepalive_timeout 0;
keepalive_timeout 65 180;
client_header_timeout 80;
client_body_timeout 80;
gzip on; //开启压缩功能
gzip_min_length 1k; //编辑压缩功能条目
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javascript application/json;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
server {
listen 80;
server_name localhost;
...//省略部分内容...
:wq
[root@localhost conf]# systemctl restart nginx.service //重启服务
- Visit a web page in the client, and use packet capture tool to see if compression is turned on
Nginx configuration to achieve security chain
- In corporate website services, - - as are configured with security chain function to prevent illegal use of the site content, resulting in economic losses
- Nginx security chain function is also very powerful. By default, you need only a simple configuration, you can achieve security chain process
Configuration Example
[root@localhost ~]# mount.cifs //192.168.100.10/lamp-c7 /mnt/ //将准备的防盗链图片目录挂载到Linux系统
Password for root@//192.168.100.10/lamp-c7:
root@localhost mnt]# cd /mnt/ //进入挂载目录
[root@localhost mnt]# ls
apr-1.6.2.tar.gz cronolog-1.6.2-14.el7.x86_64.rpm httpd-2.4.29.tar.bz2 mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz Discuz_X2.5_SC_UTF8.zip LAMP-php5.6.txt nginx-1.12.0.tar.gz
awstats-7.6.tar.gz error.png miao.jpg php-5.6.11.tar.bz2
[root@localhost mnt]# cp error.png /usr/local/nginx/html/ //将防盗链图片复制到nginx站点目录
[root@localhost mnt]# cd /usr/local/nginx/html/ //进入站点目录
[root@localhost html]# ls //查看
50x.html error.png index.html miao.jpg //图片成功复制
[root@localhost html]# yum install bind -y //安装DNS功能
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
...//省略部分内容...
已安装:
bind.x86_64 32:9.11.4-9.P2.el7
作为依赖被安装:
bind-export-libs.x86_64 32:9.11.4-9.P2.el7
作为依赖被升级:
bind-libs.x86_64 32:9.11.4-9.P2.el7 bind-libs-lite.x86_64 32:9.11.4-9.P2.el7
bind-license.noarch 32:9.11.4-9.P2.el7 bind-utils.x86_64 32:9.11.4-9.P2.el7
dhclient.x86_64 12:4.2.5-77.el7.centos dhcp-common.x86_64 12:4.2.5-77.el7.centos
dhcp-libs.x86_64 12:4.2.5-77.el7.centos
完毕!
[root@localhost html]# vim /etc/named.conf //编辑DNS主配置文件
...//省略部分内容...
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
...//省略部分内容...
:wq
[root@localhost html]# vim /etc/named.rfc1912.zones //编辑DNS区域配置文件
...//省略部分内容...
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
...//省略部分内容...
:wq
[root@localhost named]# cp -p named.localhost kgc.com.zone //复制DNS区域数据文件,并更改文件名
[root@localhost named]# vim kgc.com.zone //编辑DNS区域数据配置文件
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.144.133 //设置解析地址
:wq
[root@localhost named]# systemctl start named //启动DNS服务
- Open a win10 client and a customer win 7, win 7 installed on client web services, the establishment Irvine site, and test the client to access the site
[root@localhost html]# cd ../conf/ //进入nginx配置文件目录
[root@localhost conf]# vim nginx.conf //编辑配置文件
...//省略部分内容...
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~*\.(jpg|gif|swf)$ { //在server模块下添加防盗链条目
valid_referers none blocked *.kgc.com kgc.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.kgc.com/error.png;
}
}
...//省略部分内容...
:wq
[root@localhost conf]# systemctl restart nginx.service
- Test anti-hotlinking function is enabled in the client win 10