编程知识 cdmana.com

Nginx learning

What is? nginx?

Nginx It's a lightweight model Web The server / Reverse proxy server and email (IMAP/POP3) proxy server , stay BSD-like Issue under agreement . It is characterized by less memory , Strong concurrency , in fact nginx The concurrency ability of is better in the same type of web server

nginx install

1、 Manual installation

# install  nginx 
$ yum install nginx

# start-up nginx
$ systemctl start nginx

# chkconfig mysqld on 
$ systmctl enable nginx

# see nginx The state of 
$ systemctl status nginx

# Check  nginx  Is the file syntax correct 
$ nginx -t

#  heavy load  nginx  To configure 
$ nginx -s reload

2、docker install

#  Pull the mirror image 
$ docker pull nginx

#  function docker
$  docker run  -p 80:80 --name docker-nginx -d nginx

#  Copy the files in the container to a folder 
$ docker cp docker-nginx:/etc/nginx/nginx.conf /usr/local/nginx/conf/nginx.conf

#  Delete the last running  nginx  Containers 
$ docker rm -f docker -nginx

#  Restart a container   Map the data volume to the directory you just created 
$ docker run  -p 80:80 --name docker-nginx1 -d nginx 
		-v /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf  
        -v /usr/local/nginx/conf.d:/etc/nginx/conf.d
        -v /usr/local/nginx/log:/var/log/nginx

3、docker-compose install

version: '3.1'
services:
  nginx:
    image: nginx
    restart: always
    container_name: nginx
    environment:
      - TZ=Asia/Shanghai
    ports:
      - 80:80
      - 443:443
    volumes:
      - /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
      - /usr/local/nginx/log:/var/log/nginx

nginx Redirect

notes : You need to change the server's ip To the domain name

Redirect the domain name to the current address and port

server {
    #  Listening port 
    listen 80;
    #  domain name 
    server_name www.xxx.xxx;
    rewrite ^(.*)$ https://$host$1 permanent;
    client_max_body_size 1024m;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #  You need an agent   Address and port 
        proxy_pass http://127.0.0.1:8080/;
    }
}

To configure https

server {
    #  Listening port   And open ssl
    listen 443 ssl; 
    #  domain name 
    server_name www.xxx.xxx;
    #  certificate   Different websites apply for different certificates   All are OK   It's just suffixes 
    ssl_certificate cert/xxx.crt;
    ssl_certificate_key cert/xxx.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    #ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://127.0.0.1:8080/;
        #add_header Content-Security-Policy upgrade-insecure-requests;
    }
}

nginx Set up a file server

location /images/ {
    root   /root/;
    autoindex on;
}

root Configuration means , Will be in root The configuration directory is followed by URL, Make up the corresponding file path .

It means that the address we entered in the browser actually accesses

root/images

It's going to take our location hinder /images After the actual access path

root/images/images

1、 The way to deal with it is to take root hinder images Get rid of

2、root Replace with alias

location /images/ {
    alias   /root/images/;
    autoindex on;
}

nginx Page caching

proxy_cache_path

Format :proxy_cache_path path [levels=numbers] keys_zone=zone_name:zone_size[inactive=time] [max_size=size]

explain :

path - Location of cache files

levels- Cache directory structure , It can be 1、2、3 A few digits as a directory , At most 3 A number of digits such as :1,1:2

keys_zone - Specify the name and size of the cache pool , Each definition cache path must be different

inactive - Set the effective length of time for each cache to cache files , The cache that has not been accessed for more than this time is deleted

max_size - Set the inactive cache size , Inactive cache is deleted when it exceeds the size

$upstream_cache_status It includes the following states :

·MISS  Not hit , The request is sent to the back end 
·HIT  A cache hit 
·EXPIRED  The cache has expired and the request is sent to the back end 
·UPDATING  Updating cache , The old reply will be used 
·STALE  The back end will get an expired reply 
To configure
#  Turn on gzip
gzip  on;
#  Enable gzip The smallest compressed file , Files less than the set value will not be compressed 
gzip_min_length 1k;
# gzip  Compression level ,1-10, The bigger the number, the better the compression , More and more occupied CPU Time . General Settings 1 and 2
gzip_comp_level 2;

proxy_cache_path /root/cache/ levels=1:2 keys_zone=tmpcache:100m max_size=10g;

server {
    listen       80;
    server_name  localhost;
    charset utf-8;
    #  Cached service address 
    add_header X-Via $server_addr;
    #  The state of the cache   It is used to distinguish whether the accessed resources are cached or loaded 
    add_header X-Cache $upstream_cache_status;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        #  Cache name 
        proxy_cache tmpcache;
        #  The state of the data that needs to be cached   How long does the cache need to be kept 
        proxy_cache_valid any 1h;
        #  Agency address 
        proxy_pass http://127.0.0.1:8080;
    }
About gzip Command specification
gzip Common parameters of configuration 

gzip on|off; # Open or not gzip

gzip_buffers 32 4K| 16 8K # buffer ( Compress to buffer several blocks in memory ?  How big is each piece ?)

gzip_comp_level [1-9] # recommend 6  Compression level ( The higher the level , The smaller the pressure , More wasteful CPU Computing resources )

gzip_disable # Regular matching UA  Like what? Uri Don't make gzip

gzip_min_length 200 #  Minimum length to start compression ( No matter how small it is, don't compress it , The point is not )

gzip_http_version 1.0|1.1 #  Start compressing http Protocol version ( You can leave it blank , Now it's almost all 1.1 agreement )

gzip_proxied #  Set up the requester proxy , How to cache content 

gzip_types text/plain application/xml #  For which types of files to compress   Such as txt,xml,html ,css

gzip_vary on|off #  Whether to transmit gzip Compress logo 

nginx Access control

deny Instructions
allow
 grammar :    allow address | CIDR | unix: | all;
 The default value is :    —
 Configuration section :    http, server, location, limit_except

 Allow someone to ip Or a ip Section visit . If specified unix:, That will allow socket The interview of .
 Be careful :unix stay 1.5.1 New features in , If your version is lower than this one , Please don't use this method .

deny
 grammar :    deny address | CIDR | unix: | all;
 The default value is :    —
 Configuration section :    http, server, location, limit_except

Unix yes 20 century 70 An operating system that emerged in the early's , In addition to being a network operating system , It can also be used as a stand-alone operating system . CIDR In general, it refers to classless inter domain routing . Classless inter domain routing (Classless Inter-Domain Routing、CIDR) It's a tool for assigning IP Address and efficient routing over the Internet IP Pair of packets IP Address classification method .

nginx.conf

#  add to nginx Scanned files 
include blockips.conf;

blockips.conf

#  Disable access 
deny 192.168.1.101;
#  allow access to 
allow 192.168.1.102;

nginx Load balancing

1、 Default assignment
upstream ipaddr { 
      server 192.168.1.101:8080; 
      server 192.168.1.102:8081; 
}

location / { 
    root  html; 
    index  index.html index.htm; 
    #  Addresses that need to be load balanced 
    proxy_pass http://ip; 
}
2、 Poll in proportion to
upstream ipaddr { 
	# weight  The greater the value of   The greater the chance of being requested 
    server 192.168.1.101:8080 weight=1; 
    server 192.168.1.102:8081 weight=2; 
} 
3、 Response allocation
upstream ipaddr {
    #  Fairly according to the response time of the back-end server (rt) To assign requests , Short response time rt Small back-end servers give priority to requests 
    server 192.168.1.101;
    server 192.168.1.102;
    fair;
}
4、 Fix ip Distribute
upstream ipaddr {
    #  Request access to ip( namely Nginx Front server or client of IP) Of hash Result distribution , In this way, each visitor will visit a back-end server , Can solve session Consensus problem .
    ip_hash;
    server 192.168.1.101;
    server 192.168.1.102;
}
5、 Request result allocation
upstream ipaddr {
    #  And ip_hash similar , But according to the interview url Of hash Results to allocate requests , Make each url Directed to the same back-end server , It is mainly used in the scenario when the back-end server is cache .
    server 192.168.1.101;
    server 192.168.1.102;
    server 192.168.1.103;
    hash $request_uri;
    hash_method crc32;
}

The above is commonly used nginx Feature sharing , If you are wrong, please correct , Thank you very much. !

Learn about it , It's not a lack of time , It's a lack of effort .

Participation of this paper Tencent cloud media sharing plan , You are welcome to join us , share .

版权声明
本文为[Shao Jie]所创,转载请带上原文链接,感谢
https://cdmana.com/2021/08/20210809183600749a.html

Scroll to Top