Nginx services

Nginx is a high-performance, lightweight Web service software, which has the advantages of high stability, low system resource consumption and high processing capacity for HTTP concurrent connections (a single physical server can support 30000 ~ 50000 concurrent requests)

Advantages of Nginx over Apache:

Lightweight, also a Web service, occupies less memory and resources than Apache

High concurrency, Nginx handles requests asynchronously and non blocking, while Apache is blocking. Under high concurrency, Nginx can maintain low resources, low consumption and high performance;

Highly modular design
Writing modules is relatively simple; The community is active and various high-performance modules are produced rapidly.

Advantages of Apache over Nginx:
Rewrite is more powerful than Nginx's rewrite; There are so many modules that you can find everything you think of; There are few bugs, and there are relatively many bugs in Nginx; Superstable

Existence is the reason. Generally speaking, web services that need performance use nginx. If you don't need performance but stability, use Apache. Nginx is weak in processing dynamic requests. Generally, Apache is required to do dynamic requests. Nginx is only suitable for processing static web pages or reverse proxies.

Compiling and installing Nginx services

1. Close the firewall, transfer the Nginx software package to the / opt directory, and install the dependent package

2. Compile and install

 make && make install 

3. Add Nginx to the / usr/local/sbin directory

4. Start service

Check, start, restart, stop, nginx service

nginx -t ##start-up
nginx    ##stop it

cat /usr/local/nginx/logs/nginx.pid   ##Check the PID number of nginx

kill -3 <PID number>

kill -s OUIT <PID number>

killall -3 nginx

killall -s QUIT nginx

#heavy load
kill -s HUP <PID number>

#Log separator, reopen log file
kill -USR1 <PID number>

#Smooth upgrade
kill -USR2 <PID number>

#View version number
nginx -v

Manage nginx services

[root@zzz opt]# cd nginx-1.12.2/
[root@zzz nginx-1.12.2]# cd objs/
[root@zzz objs]# cd /etc/init.d/
[root@zzz init.d]# vim nginx

#!/bin/bash
#chkconfig: 35 99 21
#desc: this is used for control nginx service
COM="/usr/local/nginx/sbin/nginx"
PID="/usr/local/nginx/logs/nginx.pid"

case $1 in
start)
  $COM
  ;;

stop)
  kill -s QUIT `cat $PID`
  ;;

restart)
  $0 stop
  $0 start
  ;;

reload)
  kill -s HUP `cat $PID`
  ;;

status)
tmp=`ps -ef | grep nginx | egrep -cv "grep|$$"`
  ps -ef | grep nginx | egrep -v "grep|$$"
  if [ "$tmp" -le 1 ];then
    echo "Nginx Service not started"
  else
    echo "Nginx Service started"
  fi
  ;;
*)
  echo "Usage: $0 {start|stop|restart|status|reload}"
  exit 1
esac
exit 0

Give permission to join the system service

[root@zzz init.d]# chmod +x nginx
[root@zzz init.d]# chkconfig --add nginx 
[root@zzz init.d]# service nginx status

The second method is to add the system file

[Unit]		Description of the service
Description=nginx  Describe service
After=network.target  Dependency: the white defined service is started after the dependent service is started

[Service] Setting of service operation parameters

Type=forking  Is the form of background operation. This startup type should be specified at the same time PIDFile=，so that				systemd Can track the main process of the service.


PIDFile=/usr/local/nginx/logs/nginx.pid

ExecStart=/usr/local/nginx/sbin/nginx  Specific run commands for the service

ExecReload=/bin/kil1 -s HUP $MAINPID  Restart command
ExecStop=/bin/kill -s QUIT $MAINPID  Stop command
PrivateTmp=true   Independent temporary space allocated by the service
[Install]
WantedBy=multi-user.target  The related settings of service installation can be set to multi-user

Understanding Nginx profiles

Location of the Nginx configuration file

View valid rows

1. Global block: configure instructions that affect nginx global. Generally, there are user groups running nginx server, pid storage path of nginx process, log storage path, introduction of configuration file, number of worker process es allowed to be generated, etc.

2. events block: the configuration affects the nginx server or the network connection with the user. There is the maximum number of connections per process, which event driven model is selected to process connection requests, whether multiple network connections are allowed to be accepted at the same time, and opening multiple network connection serialization.

3. http block: it can nest multiple server s, configure most functions such as proxy, level storage, log definition and the configuration of third-party modules. Such as file import, MIME type definition, log customization, whether to use sendfile to transfer files, connection timeout, number of single connection requests, etc.

4. server block: configure the relevant parameters of the virtual host. There can be multiple servers in one http.

5. location block: configure the routing of requests and the processing of various pages.

To increase the number of connections per process, you also need to execute the command "ulimit -n 65535" to temporarily modify the maximum number of files that can be opened simultaneously by each local process. Set based on cpu performance

On the Linux platform, when processing highly concurrent TCP connections, the maximum number of concurrent connections is limited by the system to the number of files that can be opened by a single user process at the same time (this is because the system creates a socket handle for each TCP connection, and each socket handle is also a file handle).

You can use the ulimit -a command to view the limit on the number of files that the system allows the current user process to open.

epoll is a poll improved by the Linux kernel to handle a large number of handles. It is an enhanced version of the multiplexed IO interface select/poll under Linux. It can significantly reduce the system CPU utilization when the program is only active in a large number of concurrent connections.

Log format setting:

$ remote_addr and $http_ x _ forwarded_for is used to record the ip address of the client;

$remote_user: used to record the client user name;

$time_local: used to record access time and time zone;

$request: url and http protocol used to record the request

$status: used to record request status; Success is 200

$body bytes_ Send: record the size of the main content of the file sent to the client;

$http_referer: used to record which page link to access from;

$http user agent: record the relevant information of the client browser;
Usually, the web server is placed behind the reverse proxy, so you can't get the customer's IP address through $remote_ The IP address obtained by add is the IP address of the reverse proxy server. The reverse proxy server can add x to the http header information of the forwarding request_ The forwarded for information is used to record the IP address of the original client and the server address requested by the original client.

location common configuration instructions, root, alias, proxy_pass

Root (root path configuration): root /var/ www / html
Request www kgc. com/test/1. HTML, the file / var / www / HTML / test / 1 will be returned html

Alias (alias configuration): alias /var/ www / html
Request www kgc. com/test/1. HTML, the file / var / www / HTML / 1 is returned html

proxy_pass (reverse proxy configuration)

Access status statistics configuration

After restarting the service. We'll verify the browser again

Meaning of field representation

Active connections :Indicates the current number of active connections:
server accepts handled requests :Represents the processed connection information. The three numbers represent the number of processed connections and the number of successful connections in turn TCP Number of handshakes, number of requests processed.

Authorization based access control

1. Generate user password authentication file

2. Modify the directory corresponding to the main configuration file and add authentication configuration items

3. Restart the service

4. Open web page verification

Client based access control

The access control rules are as follows:
deny IP/IP segment: deny client access to an IP or IP segment.

allow IP/IP segment: allows client access to an IP or IP segment.

The rule is executed from top to bottom. If it matches, it will stop and no longer match from bottom to top.

Example: only 103 hosts are allowed to access, and all others are rejected

1. Modify the configuration file

[root@zzz system]#  vim /etc/nginx.conf

2. Open browser verification

Switch to the host of 102 to access (nginx service is on the machine of 102). Once this configuration is set, the local machine will not have access rights

Switch to the 103 machine for access

Domain name based Nginx virtual host

Set on client

Switch to server

Edit profile

vim /etc/nginx.conf

Restart service

[root@zzz conf]# systemctl restart nginx.service 

Open web page verification