Detailed nginx server configuration Sysguard module to prevent high load of the program _nginx

Source: Internet
Author: User
Tags curl 503 service temporarily unavailable nginx server

Nginx as an HTTP server, with the following basic features:

Process static files, index files, and auto index; Open file descriptor buffering.

Non-cached reverse proxy acceleration, simple load balancing and fault tolerance.

FastCGI, simple load balancing and fault tolerance.

Modular structure. Includes gzipping, byte ranges, chunked responses, and Ssi-filter et. If multiple SSI exists on a single page by a fastcgi or other proxy server, the processing can run in parallel without having to wait for each other.

Nginx is designed for performance optimization, performance is its most important consideration, the implementation of very focused on efficiency. It supports the kernel Epoll model, which can withstand high load, and reports indicate that it can support up to 50,000 concurrent connections.

The nginx has a high stability. Other HTTP servers, when they encounter spikes in access, or when someone maliciously initiates a slow connection, are likely to cause the server to run out of physical memory for frequent swapping, losing response, and restarting the server. For example, when Apache is up to more than 200 processes at the moment, the Web response is significantly slower. Nginx has adopted a phased resource allocation technique, which makes its CPU and memory occupancy rate very low. Nginx officially maintains 10,000 inactive connections, which only account for 2.5M of memory, so attacks like DOS are essentially useless for nginx. As far as stability is concerned, nginx is better than lighthttpd.

However, if the nginx is attacked or the volume of traffic suddenly becomes larger, Nginx will also cause the server to go down because of high load or insufficient memory, resulting in the site being inaccessible. The solution to be discussed today is from the module Nginx-http-sysguard developed by Taobao, which is mainly used to perform corresponding actions when the load and memory reach a certain threshold, such as direct return of 503, 504 or something. Until the memory or load returns to the threshold, site recovery is available. Simply put, these modules are to let Nginx have a buffer time, slowly.
1. Install Nginx Sysguard Module
1.1 Download files

# wget http://nginx.org/download/nginx-1.4.2.tar.gz
# wget https://github.com/alibaba/nginx-http-sysguard/ Archive/master.zip \
o nginx-http-sysguard-master.zip
# unzip Nginx-http-sysguard-master.zip
# Tar- XZVF nginx-1.4.2.tar.gz

1.2 Dozen Sysgrard Patches
This is not found nginx-1.4.2 corresponding patches, only 1.2 9 and 1.3.9, just try to try 1.3.9, it should be almost.

# CD nginx-1.4.2
# PATCH-P1 <. /nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

1.3 Installation Nginx

#./configure--prefix=/usr/local/nginx-1.4.2 \
--with-http_stub_status_module--add-module=. /nginx-http-sysguard
# make
# make install

2. sysguard directive
syntax: Sysguard [on | off]
Default value: Sysguard off
Configuration segment: HTTP, server, location
Switch module
Grammar:

Sysguard_load Load=number [Action=/url]

Default value: None
Configuration segment: HTTP, server, location
Specifies the load threshold, and when the system load exceeds this value, all requests are redirected to the URI request defined by the action. If no URL action is defined, the server returns 503 directly
Grammar:

Sysguard_mem swapratio=ratio% [Action=/url]

Default value: None
Configuration segment: HTTP, server, location
Defines the thresholds used by the swap partition, and if the swap partition uses more than this threshold, then all subsequent requests are redirected to the URI request defined by the action. If no URL action is defined, the server returns 503 directly
Grammar:

Sysguard_interval time

Default value: Sysguard_interval 1s
Configuration segment: HTTP, server, location
Define the frequency of system information updates by default of 1 seconds.
Grammar:

Sysguard_log_level Info | Notice | Warn | Error

Default value: Sysguard_log_level error
Configuration segment: HTTP, server, location
Define log levels for Sysguard
3. Sysguard Use examples
3.1 Nginx Configuration

server {
  listen    ;
  server_name www.jb51.net www.heytool.com;
  Access_log/data/logs/nginx/www.jb51.net.access.log main;
 
  Index index.html index.php index.html;
  root/data/site/www.jb51.net;
 
  Sysguard on;
  # in order to facilitate testing, load threshold of 0.01, usually everyone in 5 or 10+
  sysguard_load load=0.01 action=/loadlimit; 
  Sysguard_mem swapratio=20% Action=/swaplimit;
 
  Location/{
 
  }
 
  location/loadlimit {return
    503;
  }
 
  Location/swaplimit {return
    503
  }}

3.2 Test
load OK, access Nginx

# uptime 
 16:23:37 up 6 days, 8:04, 2 users, load average:0.00, 0.01, 0.05
# curl-i Www.jb51.net
http/1.1 403 Forbidden
Server:nginx
Date:thu, Oct 2013 16:27:13 GMT content-type:text/html
content-length:162
connection:keep-alive

Because there is no file under the site, so returned 403, in fact, it doesn't matter.
The load exceeds the threshold of the case, access to the Nginx

# uptime 
 16:25:59 up 6 days, 8:06, 2 users, load average:0.05, 0.04, 0.05
# curl-i Www.jb51.net
http/1.1 503 Service temporarily unavailable
Server:nginx
Date:thu, Oct 2013 16:26:19 GMT Content-typ
e:text/html
content-length:206
connection:keep-alive

Swap exceeds the threshold function I'm not testing anymore. You can go home and test yourself.
closing
in cases where nginx is realserver, individuals also recommend using this method, and if the server load once climbed, it generally takes a long time to return to normal levels, and in the case of this plugin, The load reaches the threshold, the Nginx returns 503, the preceding section uses failover to send the request to another server, which, without access, can quickly recover to its normal level and be able to work immediately. Exceeding the threshold of the server processing request speed will also be greatly compromised, the use of this module, cleverly sent the request to a faster server, to some extent to avoid the problem of slow access. The above is in the cluster environment, in a single point of the environment, with no one to think about.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.