Nginx web page optimization (b)

Nginx web page optimization (b)

Change the number of processes running Nginx

• In high concurrency scenarios, we need to start more Nginxprocesses to ensure rapid response to process the user's request, to avoid clogging
• You can use ps auxthe command to view the Nginxrunning processes of the number of

• Configure the number of process changes

  • Modify the configuration file, modify the configuration parameters of the process

• Modify the configuration file worker_ processesparameters

  • Generally set CPUnumber or auditing
  • In the case of high concurrency may be set to CPUthe number or twice the number of nuclei
• The number of running processes and more - more, when responding to access requests, Nginxit will not start a new process to provide temporary services, reducing system overhead, improve the speed of service

• Use ps auxchanges in the number of viewing running processes

• By default, Nginxthe multiple processes can run in one CPUon, you can allocate different processes to different CPUtreatment, take full advantage of multi-core hardwareCPU
• In stage 4 a nuclear physics server, as follows, the process will be distributed
  • Worker_ cpu_affinity 0001 0010 0100 1000

Configuration Example

[root@localhost conf]# ps aux | grep nginx      //查看进程数
root       5278  0.0  0.0  20548   612 ?        Ss   15:17   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      5279  0.0  0.0  23076  1396 ?        S    15:17   0:00 nginx: worker process
root       5295  0.0  0.0 112728   972 pts/0    S+   15:18   0:00 grep --color=auto nginx
[root@localhost ~]# cd /proc/     //进入设备目录
[root@localhost proc]# cat cpuinfo       //查看cpu信息
processor   : 0 
vendor_id   : GenuineIntel
cpu family  : 6
...//省略部分内容...                               //第一个cpu信息
clflush size    : 64
cache_alignment : 64
address sizes   : 43 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
...//省略部分内容...
clflush size    : 64                 //第二个cpu信息
cache_alignment : 64
address sizes   : 43 bits physical, 48 bits virtual
power management:
[root@localhost proc]# vim /usr/local/nginx/conf/nginx.conf    //进入编辑nginx配置文件
#user  nobody;
worker_processes  2;             //增加cpu个数
worker_cpu_affinity 01 10;       //设置平均分配访问请求

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}
...//省略部分内容...
:wq
[root@localhost proc]# systemctl restart nginx.service      //重启服务
[root@localhost proc]# ps aux | grep nginx       //查看进程数
root       1813  0.0  0.0  20548   616 ?        Ss   15:32   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      1814  0.0  0.0  23076  1400 ?        S    15:32   0:00 nginx: worker process
nginx      1815  0.0  0.0  23076  1400 ?        S    15:32   0:00 nginx: worker process
//增加进程数
root       1823  0.0  0.0 112728   972 pts/0    S+   15:32   0:00 grep --color=auto nginx

Nginx configuration page to achieve compression

• NginxThe ngx_http_gzip_modulecompression module provides functions for the contents of the file compression
• Allowing the Nginxserver to compress content output before sending the client to save bandwidth site to enhance the user's access experience, has been installed by default
• Compression parameters can be added in the appropriate configuration files to optimize compression performance

Compression parameters to explain

• gzip on: Open the gzipcompressed output
• gzip_min_length 1k: To set a minimum permissible number of bytes of compressed page of
• gzip_buffers 4 16k: Represents the application 4units to 16kthe stream buffer memory as a result of compression, the default is the original application of the same size of the memory space to store the data gzipcompression result
• zip_http_version 1.0: Used to set the identification httpprotocol version, the default is 1.1that the majority of browsers already support gzipdecompression, but the slowest process, but also more consumption of server CPUresources
• gzip_comp_level 2: Specifies gzipthe compression ratio, 1the compression ratio of the smallest, fastest processing; 9compression than the maximum transmission speed, the slowest processing speed, can use the default
• gzip_types text/plain: Compression type, which is to enable compression for web documents
• gzip_vary on: Option allows front-end cache server cache after gzipcompression of page

The above compression parameters added to the middle of the main configuration file httpd configuration

Configuration Example

[root@localhost proc]# cd /usr/local/nginx/conf/       //进入配置文件目录
[root@localhost conf]# vim nginx.conf                 //编辑配置文件
...//省略部分内容...
    #keepalive_timeout  0;
    keepalive_timeout  65 180;
    client_header_timeout 80;
    client_body_timeout 80;

    gzip  on;                               //开启压缩功能
    gzip_min_length 1k;                     //编辑压缩功能条目
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javascript application/json;
    gzip_disable "MSIE [1-6]\.";
    gzip_vary on;

    server {
        listen       80;
        server_name  localhost;
...//省略部分内容...
:wq
[root@localhost conf]# systemctl restart nginx.service     //重启服务

• Visit a web page in the client, and use packet capture tool to see if compression is turned on

Nginx configuration to achieve security chain

• In corporate website services, - - as are configured with security chain function to prevent illegal use of the site content, resulting in economic losses
• Nginx security chain function is also very powerful. By default, you need only a simple configuration, you can achieve security chain process

Configuration Example

[root@localhost ~]# mount.cifs //192.168.100.10/lamp-c7 /mnt/  //将准备的防盗链图片目录挂载到Linux系统
Password for root@//192.168.100.10/lamp-c7: 
root@localhost mnt]# cd /mnt/        //进入挂载目录
[root@localhost mnt]# ls
apr-1.6.2.tar.gz       cronolog-1.6.2-14.el7.x86_64.rpm  httpd-2.4.29.tar.bz2  mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz  Discuz_X2.5_SC_UTF8.zip           LAMP-php5.6.txt       nginx-1.12.0.tar.gz
awstats-7.6.tar.gz     error.png                         miao.jpg              php-5.6.11.tar.bz2
[root@localhost mnt]# cp error.png /usr/local/nginx/html/      //将防盗链图片复制到nginx站点目录
[root@localhost mnt]# cd /usr/local/nginx/html/          //进入站点目录
[root@localhost html]# ls                      //查看
50x.html  error.png  index.html  miao.jpg      //图片成功复制
[root@localhost html]# yum install bind -y     //安装DNS功能
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
...//省略部分内容...
已安装:
  bind.x86_64 32:9.11.4-9.P2.el7                                                                 
作为依赖被安装:
  bind-export-libs.x86_64 32:9.11.4-9.P2.el7                                                     
作为依赖被升级:
  bind-libs.x86_64 32:9.11.4-9.P2.el7                  bind-libs-lite.x86_64 32:9.11.4-9.P2.el7   
  bind-license.noarch 32:9.11.4-9.P2.el7               bind-utils.x86_64 32:9.11.4-9.P2.el7      
  dhclient.x86_64 12:4.2.5-77.el7.centos               dhcp-common.x86_64 12:4.2.5-77.el7.centos 
  dhcp-libs.x86_64 12:4.2.5-77.el7.centos             
完毕！
[root@localhost html]# vim /etc/named.conf      //编辑DNS主配置文件
...//省略部分内容...
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
...//省略部分内容...
:wq
[root@localhost html]# vim /etc/named.rfc1912.zones     //编辑DNS区域配置文件
...//省略部分内容...
zone "kgc.com" IN {
        type master;
        file "kgc.com.zone";
        allow-update { none; };
};
...//省略部分内容...
:wq
[root@localhost named]# cp -p named.localhost kgc.com.zone    //复制DNS区域数据文件，并更改文件名
[root@localhost named]# vim kgc.com.zone        //编辑DNS区域数据配置文件
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.144.133            //设置解析地址
:wq
[root@localhost named]# systemctl start named      //启动DNS服务

• Open a win10 client and a customer win 7, win 7 installed on client web services, the establishment Irvine site, and test the client to access the site

[root@localhost html]# cd ../conf/             //进入nginx配置文件目录
[root@localhost conf]# vim nginx.conf         //编辑配置文件
...//省略部分内容...
# redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location ~*\.(jpg|gif|swf)$ {         //在server模块下添加防盗链条目
             valid_referers none blocked *.kgc.com kgc.com;
             if ( $invalid_referer ) {
                 rewrite ^/ http://www.kgc.com/error.png;
            }
        }
...//省略部分内容...
:wq
[root@localhost conf]# systemctl restart nginx.service

• Test anti-hotlinking function is enabled in the client win 10