1. Introduction to Nginx
1.1 what is Nginx
nginx Chinese documents: https://www.nginx.cn/doc/
Nginx is a high-performance Http and reverse proxy web server that provides IMAP/POP3/SMTP services
Nginx features less memory, strong concurrency, simple installation and concise configuration files
1.2 reverse proxy
- Forward proxy: configure a proxy server in the client (browser) to access the network through the proxy server
- Reverse proxy: the client sends a request to the reverse proxy server. The reverse proxy server selects the target server to obtain the data and returns it to the client. The client requests the address of the proxy server and hides the IP address of the real server
1.3 load balancing
The client sends multiple requests to the server. The server processes the requests. Some may interact with the database. After the server processes them, the results will be returned to the client
A single server cannot solve the problem. We increase the number of servers and change the original situation of concentrating requests on a single server to distribute requests to multiple servers and distribute the load to different servers, which is what we call load balancing
1.4 dynamic and static separation
In order to speed up the website analysis, dynamic resources and static resources are separated and analyzed by different servers to speed up the analysis speed and reduce the pressure of the original single server
2. Nginx installation under Linux
nginx download address: http://nginx.org/en/download.html
# Install make: yum -y install gcc automake autoconf libtool make # Install g + +: yum install gcc gcc-c++ # Switch to the directory where you want to install cd /home/Nginx ################################################## # https://ftp.pcre.org/pub/pcre/ Download the latest PCRE source package wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz tar -zxvf pcre-8.44.tar.gz cd pcre-8.44 ./configure make make install # Check for installation pcre-config --version ################################################## # http://zlib.net/zlib-1.2.11.tar.gz Download the latest zlib source package and install it with the following command wget http://zlib.net/zlib-1.2.11.tar.gz tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure make make install # Install Nginx wget http://nginx.org/download/nginx-1.18.0.tar.gz tar -zxvf nginx-1.18.0.tar.gz # After entering the unzipped folder ./configure make && make install
3. Nginx common commands
Enter sbin directory under nginx
- View version number:/ nginx -v
- Start: enter the sbin directory/ nginx
- Off:/ nginx -s stop
- Reload:/ nginx -s reload
4. Nginx profile
4.1 location of nginx configuration file
Enter the conf directory under the installation directory and find nginx conf
4.2 composition of nginx configuration file
The Nginx configuration file consists of three parts
- Global block
- The content of the configuration file from the beginning to the events block mainly sets some configuration instructions that affect the overall operation of the nginx server
user root root; # Number of concurrent processes worker_processes auto; error_log /home/nginx/nginx_error.log crit; pid /home/nginx/logs/nginx.pid; worker_rlimit_nofile 51200
- events block
- Affect the network connection between Nginx server and users
events
{
use epoll;
# Maximum number of connections supported by Nginx
worker_connections 51200;
multi_accept on;
}
- http global block
- Including file import, MIME-TYPE definition, log customization, connection timeout, and maximum number of single link requests
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
# Listening port number
listen 9000;
server_name 127.0.0.1;
index index.html index.htm index.php;
root /home/nginx/html;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/nginx/logs/access.log;
}
include /home/nginx/panel/vhost/nginx/*.conf;
}
5. Nginx configuration instance
First, on Linux Install Tomcat , use default port 8080
5.1 reverse proxy configuration
Use Nginx reverse proxy to jump to services on different ports according to the access path
Install two Tomcat servers, one on port 8080 and one on port 8081. Create folders and test pages
Specific configuration
Configure in Nginx configuration file
server
{
listen 9000;
server_name 192.168.31.219;
location ~ /tomcat1/ {
proxy_pass http://127.0.0.1:8080;
}
location ~ /tomcat2/ {
proxy_pass http://127.0.0.1:8082;
}
}
location instruction description
location [= | ~ | ~* | ^~]{
}
- =: before the URI without regular expression, the request string needs to be strictly matched with the URI, and the matching is successful
- ~: indicates that the URI contains regular expressions and is case sensitive
- ~*: indicates that the URI contains regular expressions and is not case sensitive
- ^~: before the URI without regular expression, Nginx finds the location with the highest matching degree between the identification URI and the request string, and uses the location to process the request
The URI contains a regular expression and must be identified by ~ or ~ *
5.2 load balancing configuration
Add upstream
upstream myserver {
server 192.168.31.219:8080 weight=5;
server 192.168.31.219:8082 weight=10;
}
server
{
listen 9000;
server_name 192.168.31.219;
location ~ /tomcat/ {
proxy_pass http://myserver;
}
}
Nginx load balancing strategy
- Polling (default): each request is allocated to different servers one by one in chronological order
- Weight: the higher the weight, the more clients are assigned
- Add weight =? After IP?;
- ip_hash: each request is allocated to a fixed server according to the hash of the IP
- Add IP in upstream_ hash;
- fair: allocate requests according to the corresponding time of the server, and give priority to those with short corresponding time
5.3 Nginx dynamic and static separation configuration
location /image/ {
root /www/server/nginx/html;
# List directory
autoindex on;
expires 12h;
}
5.4 Nginx high availability configuration
Install nginx and keepalive on both servers
yum -y install keepalived # After installation, a keepalived file is generated under the etc file cd /etc/keepalived/
keepalive profile
! Configuration File for keepalived
# Global definition
global_defs {
# email notification, send the failure to the mailbox
notification_email {
10086@qq.com
}
# Specify sender
notification_email_from Alexandre.Cassen@firewall.loc
# Specify smtp server address
smtp_server 0.0.0.0
# Connection timeout
smtp_connect_timeout 30
# ID of running keepalives
router_id LVS_DEVEL
}
# script
vrrp_script chk_http_port {
# Script address
script ""
# Detect script execution interval
interval 2
# weight
weight -20
}
# Virtual IP configuration
vrrp_instance VI_1 {
# BACKUP the web server and change the MASTER to BACKUP
state MASTER
# network card
interface eth0
# Virtual of primary and standby machines_ router_ ID must be the same
virtual_router_id 51
# The primary and standby machines have different priorities, and the host value is large
priority 100
# Check interval: 1 second by default
advert_int 1
# Set authentication
authentication {
# Authentication mode
auth_type PASS
# password
auth_pass 1111
}
# Virtual address
virtual_ipaddress {
192.168.200.16
}
}
# Virtual server, IP and virtual_ipaddress address is consistent
virtual_server 192.168.200.16 443 {
# Inspection interval
delay_loop 6
# VS scheduling algorithm rr|wrr|lc|wlc|lblc|sh|dh
lb_algo rr
# Load balancing forwarding rule NAT|DR|RUN
lb_kind NAT
# Session duration
persistence_timeout 50
# agreement
protocol TCP
# Real IP address
real_server 0.0.0.0 443 {
# The default value is 1, which is 0 and becomes invalid
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}