HTTP literacy and nginx Basic module Common Command collation

First part: HTTP basics

When describing the instructions in the Nginx Common module, let's review the relevant knowledge of http:

1. How HTTP Works

HTTP works roughly like this:

A), the client and the server first establish a TCP connection;

b), the client sends an HTTP request message to the server through an established TCP connection;

c), the server receives the request message, begins to parse the message, locates the requested resource, reads the resource and encapsulates the response message and sends it to the client;

D), if a persistent connection is not enabled, the server side actively disconnects the TCP connection, the client shuts down passively, and if persistent connection is enabled, the TCP connection is maintained for a period of time after which the client can use this TCP connection to disconnect the request resource;

f), the client receives the response message and parses the message (HTML document) and displays it on the browser.

2. Two important features of HTTP

A), HTTP stateless: the same client two successive access server side, the server will not know that the two requests are from the same client, the server will not realize that the client has been visited before, the server side will not recognize the different clients. This stateless nature of HTTP makes the design of HTTP easier and more efficient, allowing the server to host high-concurrency HTTP requests.

b), HTTP Persistent connection: In http1.0, the persistent connection is not supported, which means that each request client and the server need to establish a new TCP connection, and TCP is a reliable connection, each connection needs to go through three handshake, each disconnection needs to go through four disconnects, and in today's Internet environment, a page of resources up to several 10, that open a page speed will be very slow, this short connection way also increased the burden of the network. http1.1 begins to support keepalive persistent connections, allowing the client to maintain a TCP connection with the server for a period of time after it is established, and in subsequent requests it can take advantage of this TCP connection for resource requests and responses. HTTP1.1 's persistent connection also has two modes: a persistent connection called non-pipelining, which indicates that the client cannot send a second request message without receiving a response message from the last request, and a persistent connection called pipelining, which indicates that the client may still be unable to receive a response message from the last request. Send a second request message.

3. HTTP protocol Request message and Response message format

Request message Format (image from Network):

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6D/39/wKiom1Veom-xh9H8AADwxVsUbAc671.jpg "title=" 1.jpg " alt= "Wkiom1veom-xh9h8aadwxvsubac671.jpg"/>

The request message includes the request line, the request header, and the request package body three parts, as shown in.

Response message Format (image from Network):

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6D/35/wKioL1VepBWD9S_iAAEqfkG4YK8529.jpg "title=" 1.jpg " alt= "Wkiol1vepbwd9s_iaaeqfkg4yk8529.jpg"/>

The response message includes the status line, the response head, and the response package body three parts, as shown in.

4. HTTP response code

1XX: Pure status information code, indicating request received, intermittent processing

2XX: Success Response code, behavior is successfully accepted, understood and adopted

3XX: Redirect class, the action must be further executed in order to complete the request

4XX: Client error, request contains syntax error or the requested resource does not exist

5XX: Server error, server cannot implement an apparently invalid request

Part II: Common configuration of Nginx

Nginx is a highly modular architecture that is divided into the following types of modules:

Nginx is a highly modular architecture, which is divided into the following types of modules: "Nginx core module", "Standard HTTP Modules" (normal module), "Optional HTTP Modules" (Optional module ), "Mail Modules" (mail-related modules), "third party modules" (third parties module). This blog post only on the Nginx Core module and the HTTP core module commonly used in the instruction usage, in the Nginx core module instructions, according to the function of the instructions are different, you can also put these instructions into several categories, the bottom of the slow way.

The instructions for the Nginx Core module are used to configure the main section of the nginx.conf, which is used for the setting of Nginx's own startup, the scope is main, envents, HTTP, server, mail sections, Nginx Core module to ensure that Nginx Normal startup must have several instructions:

1. User user [GROUP];

Specifies the users and groups that run the worker process, which can be omitted, which means that the user's group is used as the group for the worker process.

2, PID FILE;

Specifies the Nginx PID file.

3, worker_rlimit_sigpending LIMIT;

Sets the number of signals each user can send to the worker process, that is, the size of the specified signal queue, which has now been deleted by Nginx and is no longer supported by this command.

optimization-related directives (main configuration segment)

1, worker_processes number | AUTO;

Specifies the number of worker processes that are started when Nginx starts, based on the core of the CPU, which typically subtracts 1 or 2 of the physical cores of the CPU, leaving 1 to 2 cores for the system itself, with a default value of 1.

2, worker_cpu_affinity cpumask;

To bind the worker process to the specified CPU core, this instruction can only be used on Linx and FreeBSD systems. Like what:

Worker_processes 4;

Worker_cpu_affinity 0001 0010 0100 1000;

Indicates that 4 worker processes are started and bound on Cpu0, cpu1, CPU2, CPU3, respectively.

If the CPU has Hyper-threading technology turned on, the following configuration is recommended:

Worker_processes 2;

Worker_cpu_affinity 0101 1010;

Represents the start of two worker processes, binds the first process to cpu0 and CPU2, and binds the second process to CPU1 and CPU3.

3, Ssl_engine DEVICE;

Specify a hardware SSL device on a server with SSL hardware acceleration to allow the hardware device to maintain an SSL session

4, Timer_resolution INTERVAL;

Each time the kernel's event call (if epool) returns, it uses Gettimeofday () to update the nginx cache clock, which is used to define how long the cache clock is updated by Gettimeofday (), in "Ms", on the x86 server, The cost of Gettimeofday () is extremely low, ignoring the setting of some instructions

5, worker_priority number;

The range of number ( -20,19), which specifies the priority level of the worker process, and the lower the value the higher the priority, the default is 0

6, Worker_rlimit_nofile SIZE;

Specifies the maximum number of file handles that a worker process can open, setting this value to break the system's limits without restarting the main process. The default is generally 1024, in high concurrency environment need to increase this value, generally set to 51200.

Event-related configuration (events{})

1, Accep_mutex on | Off

The default is turned on, whether to open the Nginx load Balancer lock, because Nginx is working in the Master-worker process model, the worker receive request is assigned by the master process, set this option to "on", The master process allocates new requests to the worker processes individually, otherwise (set to OFF) each worker process receives a notification that a new request is being received, and some worker processes may simply be wasting resources in a small number of requests. When the worker process load reaches 7/8 of its upper limit, master will no longer assign the request to this worker as much as possible.

2, Lock_file file;

Nginx uses the locking mechanism to implement ACCEP_MUTEX and serialize access to shared memory, which sets the storage path for the lock file, by default in "Lock_file Logs/nginx.lock;".

3, Accept_mutex_delay time;

If Accept_mutex is set to ON, the time here indicates that if a worker process is processing a new connection and another process wants to take the accept lock to process the new request, the worker process waits for the maximum length, which defaults to 500ms.

4, multi_accept on | Off

If the Off,worker process is set to accept a new connection request at a time, the worker process will be all new connection requests at one time, which is off by default.

5, use [Epoll|rtsig|select|poll];

The method for defining Nginx connection handling Events is "Select, poll, Kqueue, Epoll", and Nginx will use the most efficient method to handle the event by default, so this directive is not explicitly defined.

6, Worker_connections NUM;

Defines the maximum number of connections that a worker process can concurrently respond to.

configuration for debugging, locating problems (main segment)

1, daemon on | Off

Whether to let Nginx run in the background, the default is "on", when debugging should be set to "off", so that all information output to the standard output, mainly developers use.

2, master_process on | Off

Whether to run in the Master-worker model, the default is "on", debugging can be set to "off", mainly developers use.

3, Error_log/path/to/error_log level;

Set the error log file and its levels, set the level to debug when debugging, the default is the error level, but require "--with-debug" to turn on this feature when compiling the installation.

configuration related to HTTP (web) Services

Nginx must use a virtual host to provide the site, each virtual host needs a "server{}" segment to configure, non-virtual host or public configuration, need to be placed outside of server{}, http{}.

1, server{}

Defines a virtual host that supports host-name, IP-based, Port-based virtual hosts

2, listen ipaddress[:P ort];

Each sub-directive in the listen:

Default_server: Define this server as the default server in HTTP, if none of the server{} uses this parameter, the first server{} is the default

Rcvbuf=size: Sets the receive buffer size of the receive listener on the socket

Sndbuf=size: Set the send buffer size of the receive listener on the socket

SSL: Indicates that this is an HTTPS server

3, server_name server_name;

You can use a wildcard character (beginning with "~") with multiple host names, and when Nginx receives a request, it takes out the "host" header and compares it to all server_name. The comparison method is:

A, do the exact match first:

B, left wildcard match:

C, right wildcard match:

D, regular expression matching:

4, Server_name_hash_bucket_size 32|64|128

In order to implement the fast host lookup, Nginx uses the hash table to save the host name, which is used to set the size of the hash tables.

5, location, there are two modes, the first type: "Location [= | ~ | ~* | ^~] URI {...} ", the second type:" Location @name {...} "

Function: Match each location according to the URI requested by the user, and the match will be handled by the control policy of location.

The meaning of the operator after location:

=: Exact match

~: Regular expression pattern matching, match-case-sensitive character capitalization

~*: Regular expression pattern matching, ignoring character case when matching

^~: Matches the first half of the URI without checking the regular expression

Match Priority level:

First character exact match, then regular expression (more than one regular expression can match, that is the first match to the processing), and then match by the character

Directives related to file paths in location:

A), Root PATH

Set the storage path for the Web resource,

Example:

Location ^~/image/{

Root/photo;

}

If the URL being accessed is "http://www.test.com/image/a.jpg", the resource is stored with "/photo/image/a.jpg" and "image" is a true path after the path defined by "Root/photo".

b), alias PATH

Set path aliases

Location ^~/image/{

Alias/photo;

}

If the URL of the access is "http://www.test.com/image/a.jpg", then the storage path of this resource is "/photo/a.jpg", "image" is a virtual path, in the path of storage resources is not at all, is a false access path , when matched to, is replaced by alias with the real path it defines.

c), index FILE ...;

Defines the default home page, which can be followed by multiple values

d), error page code ... [=[response]] URI;

When an error is returned to a request, if it matches the code set in the Error_page directive, it is redirected to the new URI to define the error page redirection, using "=response" (Response is a response code) you can define the response code that is returned to the client as its own defined value.

f), try_files file ... uri;

Go to request Try_files followed by the file, if you can request to return to the user, if the file after all has been tried or not the requested resource, the definition of the URI as a response to the user. Often used for redirection of error files.

For example:

location/documents/{

Root/www/htdocs;

Try_files $uri/temp.html

}

This definition means that when a user requests a URI that matches "/documents/", it tries to get the resource requested by the user, and if the user requests a resource that does not exist, just use the "/www/htdocs/temp.html" resource to respond to the user. "$uri" means that each resource requested by the user is assigned to this variable to find the URI of the corresponding resource.

Try_files file ... =code;

If followed by a "=code", "code" is a response code, then in the response message will bring the specified response code, for example:

Location/{

Try_files $uri $uri/index.html $uri. html = 404;

}

This example indicates that when a user visits the site root, the site is assumed to be

Http://www.test.com, when the user accesses http://www.test.com, try to access the http://www.test.com,http://www.test.com/index.html,http://in turn Www.test.com.html, if you can't get the resources, set the response code to 404.

Network connection-related settings

1, keepalive_timeout time;

Defines the time-out for maintaining a connection, which is 75 seconds by default.

2, keepalive_requests NUM;

Defines the maximum number of requests that can be hosted on a long connection, even if no time is reached for the keepalive_timeout definition, the connection will be broken if the maximum number of requests is reached, and the default is 100.

3, keepalive_disable [Msie6 | safari | none];

Disable long connections for the specified browser

4, Tcp_nodelay on | Off

The KeepAlive connection whether to use the Tcp_nodelay option, the default is "on", in the TCP data sent to the other side, the other party will give a confirmation of the data received confirmation message, delay is to indicate a delay response to this acknowledgment message, a plurality of confirmation messages sent to each other, TCP performance can be improved. However, delayed response in KeepAlive will cause the browser may mistakenly believe that the other party did not receive the correct data sent to the other party, because in a certain period of time did not receive the confirmation message, so the scene in keepalive due to the delay confirmation, that is, "Tcp_nodelay on".

5, Client_header_timeout time;

Timeout for reading HTTP request header, in seconds, default is 60 seconds

6, Client_body_timeout time;

The timeout length of the packet that reads the HTTP request is 60 seconds by default

7, Send_timeout time;

Timeout duration for sending HTTP response messages, default is 60 seconds

throttling parameters for client requests

1, limit_except Method ... { ... }

Restrict access control to methods other than the specified range, for example:

Limit_except GET {

Allow 192.168.1.0/24;

Deny all;

}

Indicates that a method other than the "GET" (or "HEAD") method can only be used by a 192.168.1.0 network segment

2, client_max_body_size size;

Limit the maximum value of the HTTP request packet body, the default is 1M, often used to limit the client can request the largest package, according to the request header Content_length to detect, so as not useless transmission.

3, limit_rate speed;

Limit the number of bytes transmitted per second by the client, by default 0, indicating no limit

4, Limit_rate_after SIZE;

When the Nginx server sends a response message to the client, if the message size exceeds the size specified here, then the subsequent sending process starts using limit_rate to speed the limit. For example:

location/flv/{

flv

Limit_rate_after 500k;

Limit_rate 50k;

}

Indicates that when a user accesses a URI that matches "/flv/" and the response message is greater than 500k, the subsequent response speed is limited to 50k/s

optimized configuration of file operations

1, Sendfile on | Off

Whether the Sendfile feature is enabled, it is recommended to enable

2. Aio on | Off

Whether to enable AIO features, it is recommended to enable

3, open_file_cache off;

Open_file_cache max=n [Inactive=time];

If the file caching feature is turned on, Max defines the maximum number of cached elements, which are replaced by the LRU algorithm when the cache fills up; inactive indicates that a cache entry is automatically cleaned when the set length is not accessed, and the default length is 60 seconds. The information that is cached here includes the file handle, the file size, the last modified time, the directory structure that has been opened, the information that is not found or has no access rights (this is by "open_file_cache_errors on | "Off" to control whether the cache is cached).

4, open_file_cache_errors on | Off

Whether the cache caches information about files that are not found or have access to them.

5, Open_file_cache_valid time;

How often do you check if the entries in the cache exceed the inactive duration by default of 60 seconds, and this value should be greater than or equal to the value in Inactive=time in Open_file_cache.

6, open_file_cache_min_uses NUM;

Within the length specified by inactive in Open_file_cache, the number of accesses exceeds the specified num value, the cache entry is not deleted, otherwise the cache entry is accessed within the length of time specified by the inactive, but does not reach the NUM value and is still cleared.

Special handling of client requests

1, ignore_invalid_headers on | Off

Whether to ignore the illegal HTTP header request, the default is On,off means that there is an illegal header in the request that does not respond.

2, Log_not_found on | Off

If the resource requested by the user does not exist, the relevant information that the resource cannot find is also logged in the error log.

3, resolver_address;

Specifies the DNS server address used by Nginx to resolve the IP address of the upstream server

4, Resolver_timeout time;

Specifies the time-out period for DNS resolution, which defaults to 30 seconds

5, Server_tokens on | Off

Whether to open the information in the response message "Server" field and the information in the message that the server has an error when it contains nginx version information.

built-in variables for HTTP core modules:

$uri

The URI of the client request, with no parameter part

$request _uri

The URI of the client request, with the Full parameters section

$host

The host header in the HTTP request message, if there is no host header in the request, is replaced by the hostname of the virtual host that handles the request.

$hostname

Host name of the host on which the Nginx service is running

$remote _addr

IP of the client

$remote _port

Port of the client

$remote _user

When using user authentication, the user name entered by the client

$request _filename

Refers to the local path of the URI in the user request that is mapped after the local root or alias transformation, which is the true path to the local disk

$request _method

User's request method

$server _addr

Server address IP

$server _name

The name of the server_name configured in Nginx

$server _port

Server port, default is 80

$server _protocol

The protocol version when the server sends a response to the client, such as http/1.1

$scheme

Scheme used in the request, such as HTTs in Https://www.test.com, which is the protocol used

$http _header

Matches the header specified in the request message, such as: $http the host header in the _host matching request message

$sent _http_header

Matches the header specified in the response message, for example: The Content_Type header in the $sent _http_content_type matching response message

$document _root

The path of the root instruction configuration to which the current request maps

This article is from the "focus on operations, and Linux Dances" blog, please be sure to keep this source http://zhaochj.blog.51cto.com/368705/1653807

HTTP literacy and nginx Basic module Common Command collation