nginx reverse proxy and part optimization

Prepare the environment:

               Two web service installation and start http written document

yum -y install httpd

echo "192.168.2.100" > /var/www/html/index.html

  systemctl restart httpd          

Install nginx

1. Configure Nginx server, add the server pool to achieve reverse proxy functionality

/Usr/local/nginx/conf/nginx.conf modify configuration files

http {

.. ..

# Use upstream definition of back-end server cluster, the cluster name any (such as webserver )

# Use server-defined cluster specific server and port

upstream webserver {

server 192.168.2.100:80;

server 192.168.2.200:80;

}

.. ..

server {

listen        80;

server_name localhost;

location / {

# User's request will be forwarded to the webserver cluster by proxy_pass

proxy_pass http://webserver;

}

}

/ usr / local / nginx / sbin / nginx -s reload reload configuration

HTTP curl : //192.168.4.5 // Use this command several visits to see the effect
2. Configure the scheduling algorithm upstream server clusters

upstream webserver {

# Ip_hash set by scheduling rule is: the same client to access the same server

                 ip_hash;

server 192.168.2.100 weight=1 max_fails=2 fail_timeout=10;

server 192.168.2.200 weight=2 max_fails=2 fail_timeout=10;

server 192.168.2.101 down;

}

1. #weight set weight values weight the server, the default value is 1
2. #max_fails set the maximum number of failures, the test server server failed several times before confirmation
3. #fail_timeout failed to set the timeout in seconds
4. #down mark server has been shut down, does not participate in cluster scheduling

(You can change the properties of the cluster pool on demand)

3. the Nginx the TCP / UDP scheduler

Nginx server deployment supports Layer 4 TCP / UDP proxy

yum -Y PCRE the install GCC -devel OpenSSL -devel         // install dependencies

wget http://nginx.org/download/nginx-1.12.2.tar.gz (Ali source can also be configured with a mounting yum)

tar -xf nginx -1.12.2 tar rpm

cd nginx-1.12.2

./configure   --with-http_ssl_module   --with-stream     

                    // Open SSL encryption         // open reverse proxy function layer 4    

        the make && the make install     // compile and install

Nginx server configuration, add the server pool to achieve TCP / UDP reverse proxy functionality

vim /usr/local/nginx/conf/nginx.conf

stream {

        upstream backend {

    Server 192.168.2.100 : 22 ;             // IP and port of SSH back-end server

    server 192.168.2.200:22;

}

         server {

         the listen 12345 ;                     // Nginx listening port

        proxy_pass backend;

}

}

/ usr / local / nginx / sbin / nginx -s reload                  reload configuration

SSH 192.168.4.5 -p 12345             // Use this command to see the effect of multiple visits

4. Optimize page 404

Nginx modify configuration files, custom error page

vim /usr/local/nginx/conf/nginx.conf

UTF charset -8 ; // modify this option only when needed Chinese

error_page 404 / 404 .html ;     // custom error page

.. ..

 

vim / usr / local / nginx / HTML / 404 .html         // generate an error page

Oops,No NO no page …

/ usr / local / nginx / sbin / nginx -s reload reload configuration

HTTP Firefox : //192.168.4.5/xxxxx // access a page that does not exist

Nginx concurrency optimization

Use ab high concurrency testing before optimization

         ab -n 2000 -c 2000 http://192.168.4.5/ 

Benchmarking 192.168.4.5 (be patient)

socket : Too MANY Open Files ( 24- )                 // prompt too many open files

vim /usr/local/nginx/conf/nginx.conf
.. ..

worker_processes 2 ;                     consistent with the number of CPU cores //

events {

worker_connections 65535 ;         // Maximum number of concurrent connections each worker

}

.. ..

Optimized Linux kernel parameters (maximum number of files)

ulimit -a                         // view all property values

ulimit -Hn 100000                 // set a hard limit (temporary rule)

ulimit -Sn 100000                 // Set the limit (temporary rule)

vim /etc/security/limits.conf

 

 

* Soft nofile        100000

* Hard nofile        100000

ab -n 2000 -c 2000 HTTP : After //192.168.4.5/ optimize the test server concurrency

Optimization of cache header Nginx
whether before optimization, using test scripts can be obtained in response to a request header length

cat lnmp_soft/buffer.sh

#!/bin/bash

URL=http://192.168.4.5/index.html?

for i in {1..5000}

do

    URL = $ {URL } v $ i = $ i

done

$ URL curl                                 // After 5000 cycles, generate a long URL address bar

[root@proxy ~]# ./buffer.sh

.. ..

<Center > <h1 of > 414 the Request -URI Too Large < / h1 of> </ Center >         // prompt message header too large

Nginx modify the profile, increasing cache size packet header

vim /usr/local/nginx/conf/nginx.conf

.. ..

http {

1K client_header_buffer_size ;         // default cache request header information    

large_client_header_buffers . 4 4K ;         // Number of registers with a large capacity request packet header information

.. ..

/ usr / local / nginx / sbin / nginx -s reload reload configuration

After optimization, the use of test scripts long head request if you can get a response

 

5. Modify Nginx configuration file, define the cache time for static pages

vim /usr/local/nginx/conf/nginx.conf

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {

30d the Expires ;             // define the client cache for 30 days

}

}

 

cp /usr/share/backgrounds/day.jpg /usr/local/nginx/html

/ usr / local / nginx / sbin / nginx -s reload reload configuration