If the reader has done web development before, you should know how to build a Web server to run your Web site, under Windows you may choose to use IIS, very fast, under Linux, you may first think of Apache, "a Brother" ( Ranking of W3techs website data)
Today's small series to introduce a rising star Nginx to implement the Web server. Small series in front of the blog also detailed chat about the use of Apache, and now the use of nginx, the reader may build a Web server after the words do not know what to choose, O (∩_∩) o~, don't worry, small make this to the reader to analyze the difference between Nginx and Apache, After the reader can be based on the characteristics of their web site to choose its excellent.
The difference between Project 1:nginx and Apache
1. Apache's advantages over Nginx:
- Rewrite, stronger than Nginx's rewrite
- Dynamic page, Nginx processing dynamic request is chicken, general dynamic request to Apache to do, nginx only suitable for static and reverse.
- The module is too much, the basic thought can be found
- Fewer bugs, nginx bugs relatively more super-stable
2. The advantages of nginx with respect to Apache:
- The lightweight, similarly web service, consumes less memory and resources than Apache, supports more concurrent connections, and is more efficient, which makes Nginx particularly popular with virtual hosting providers. In the case of high connection concurrency, Nginx is a good alternative to Apache server: Nginx in the United States is a virtual hosting business owners often choose one of the software platform. Capable of supporting up to 50,000 concurrent connections, thanks to Nginx choosing Epoll and Kqueue as the development model.
- Anti-concurrency, Nginx processing requests are asynchronous non-blocking, and Apache is blocking type, in high concurrency, nginx can keep low resource consumption and high performance
- Highly modular design, relatively simple to write modules
- Community active, a variety of high-performance modules produced quickly AH
- Nginx itself is a reverse proxy server
- The load balancing capability is outstanding, Nginx can support both Rails and PHP programs externally, and can support external service as HTTP proxy server. Nginx is written in C, which is much better than Perlbal, both in terms of system resource overhead and CPU efficiency.
3. Core differences: Apache is a synchronous multi-process model, a connection corresponding to a process; Nginx is asynchronous, multiple connections (million levels) can correspond to a process
In general, Web services that require performance, with Nginx. If you don't need performance for stability, then Apache. The latter of the various functional modules implemented than the former, such as the SSL module is better than the former, more configurable items. One thing to note here is that Epoll (FreeBSD is kqueue) network IO Model is the fundamental reason for the high performance of nginx processing, but not all cases are epoll victory, if you provide static services only a few files, Apache Select Models may be more performant than Epoll.
First, select:
- Socket limit: The number of sockets that the mode can operate is determined by fd_setsize, and the kernel defaults to 32*32=1024.
- Operational restrictions: By traversing the fd_setsize socket to complete the dispatch, regardless of which socket is active, all traverse over (this is the reason that Apache is slow).
Besides Epoll:
- Unlimited number of sockets
- Unrestricted operation: Based on the reflection mode provided by the kernel, when there is an active socket, the kernel accesses the socket's callback and does not need to traverse polling (this is, of course, the reason for Nginx fast).
Part of the principle of small parts of the idea that readers know this is enough, at least when others ask you to choose one of the reasons you have enough to deal with, of course, small series also recommend a compromise scheme, nginx do the front end, Apache do the back end
Project 2: Installing Nginx
Software Requirements:
Officially, the latest is nginx-1.3.16.tar.gz.
Official latest libevent-2.0.21-stable.tar.gz provides event handling mechanism, Linux 5.4 comes with can also, by default installed
Pcre and Pcre-devel, the default pcre is installed, Pcre-devel needs to be installed with Yum
Step 1: Install Pcre-devel, and build Nginx user
# yum Install Pcre-devel
# groupadd-r Nginx
# Useradd-r-G nginx-m nginx
Step 2: Unzip the source of Nginx and install
# TAR-ZXVF Nginx-1.3.16.tar.gz-c/usr/local/src/
# cd/usr/local/src/nginx-1.3.16/
#./configure \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/\
--http-proxy-temp-path=/var/tmp/nginx/proxy/\
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/\
--with-pcre
# Make && make install
# mkdir-p/var/tmp/nginx/client
Step 3: Start the Nginx service and test on the client
#/usr/local/nginx/sbin/nginx &//Here is a small part of the startup script is not written, and then attached
Query the startup status of Nginx
client browser Input http://192.168.111.10 try it
Here, the simple installation of Nginx is done.
Project 3: Load test for static web pages
The front always said Nginx in the handling of static Web performance superior to Apache, then the small part here to test to try, Nginx Web site home directory in the/usr/local/nginx/html,apache Web site home directory in/var/www/ HTML, write an identical static page to each of the two Web site home directories
Step 1: Build the same test page
# rm–rf/usr/local/nginx/html/index.html//Delete the original home page
# echo "This is testpage." >/usr/local/nginx/html/index.html
# echo "This is testpage." >/var/www/html/index.html
Step 2:ab Tool Test Nginx
# Pkill Nginx
#/usr/local/nginx/sbin/nginx &
# ab-c 1000-n http://192.168.111.10:80/
# ab-c 1000-n 10000 http://192.168.111.10:80/
# ab-c 1000-n 50000 http://192.168.111.10:80/
Here's a test of Apache performance.
# Pkill Nginx
# service httpd Start
# ab-c 1000-n http://192.168.111.10:80/
You're not even going to make it, so try a 10000.
# ab-c 1000-n 10000 http://192.168.111.10:80/
All right, come on, 50000.
Readers can take a good look at the small number of pictures in the circle, it is obvious that nginx in the processing of static pages is very good
Project 4: Implementing a virtual host, this is a more common feature.
Nginx configuration file is relatively concise, configuration is not so troublesome
IP-based virtual host
Step 1: Preparing for work
Add a network card address (the original is 192.168.111.10)
# ifconfig eth0:0 192.168.111.20
Create Two site directories
# mkdir/website1
# Mkdir/website2
Set up two directories to store logs
# mkdir/var/log/nginx/website1
# Mkdir/var/log/nginx/website2
Create a two test page
# echo "This is WebSite1" >/website1/index.html
# echo "This is Website2" >/website2/index.html
Step 2: Modify the configuration file, the original configuration file has a server node by default, modify it, and then add a server node
server {
Listen 192.168.111.10:80;
server_name localhost;
#charset Koi8-r;
Access_log/var/log/nginx/website1/access.log;
Error_log/var/log/nginx/website1/error.log;
Location/{
root/website1;
Index index.html index.htm;
}
Error_page 404/404.html;
# REDIRECT Server error pages to the static page/50x.html
#
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
server {
Listen 192.168.111.20:80;
server_name localhost;
#charset Koi8-r;
Access_log/var/log/nginx/website2/access.log;
Error_log/var/log/nginx/website2/error.log;
Location/{
Root/website2;
Index index.html index.htm;
}
Error_page 404/404.html;
# REDIRECT Server error pages to the static page/50x.html
#
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
Step 3: Stop the original Apache service
# Service HTTPD Stop
#/usr/local/nginx/sbin/nginx &
Step 4: Try to access the site separately at the client
Based on the host header
Step 1: Modify the configuration file
server {
Listen 192.168.111.10:80;
server_name www.website1.com;
#charset Koi8-r;
Access_log/var/log/nginx/website1/access.log;
Error_log/var/log/nginx/website1/error.log;
Location/{
root/website1;
Index index.html index.htm;
}
Error_page 404/404.html;
# REDIRECT Server error pages to the static page/50x.html
#
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
server {
Listen 192.168.111.20:80;
server_name www.website2.com;
#charset Koi8-r;
Access_log/var/log/nginx/website2/access.log;
Error_log/var/log/nginx/website2/error.log;
Location/{
Root/website2;
Index index.html index.htm;
}
Error_page 404/404.html;
# REDIRECT Server error pages to the static page/50x.html
#
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
Step 2: Modify the Hosts file on this computer and restart the Nginx service
192.168.111.10 www.website1.com
192.168.111.10 www.website2.com
# Pkill Nginx
#/usr/local/nginx/sbin/nginx &
Step 3: Try entering www.website1.com and www.website2.com separately in the browser
Finished, the following small series to achieve simple security access (using SSL control), which involves the creation of a certificate, where the small part of the server as a Web server, and as a CA server, if as a CA server, then the first to create a certificate to the CA
Project 5:
Step 1: Configure the profile that created the certificate, and create the certificate
# VIM/ETC/PKI/TLS/OPENSSL.CNF
45 Line modified to Dir =/etc/pki/ca
Create related folders and files based on the requirements of your profile
# mkdir Certs CRL Newcerts
# Touch Index.txt Serial
# echo >>serial//initialization file
Create a private key
# OpenSSL Genrsa 1024x768 >private/cakey.pem
# chmod Private/cakey.pem
Generate a certificate file
Step 2: Establish the Nginx Security directory and generate the associated private key and certificate file
# Mkdir/usr/local/nginx/certs
# cd/usr/local/nginx/certs/
# OpenSSL Genrsa 1024x768 >nginx.key
# chmod Nginx.key
Because the small series of this server as a CA and as a Web server, so the process can be a certificate request can be directly in the machine
Generate certificate
Step 3: Modify the Nginx configuration file to add a site for secure access
server {
Listen 192.168.111.10:443;
server_name www.zzu.com;
SSL on;
Ssl_certificate/usr/local/nginx/certs/nginx.cert;
Ssl_certificate_key/usr/local/nginx/certs/nginx.key;
Ssl_session_timeout 5m;
Access_log/var/log/nginx/access.log;
Error_log/var/log/nginx/error.log;
Ssl_protocols SSLv2 SSLv3 TLSv1;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
Location/{
root HTML;
Index index.html index.htm;
}
}
Step 4: Restart the Nginx service, modify the client's Hosts file and access
# Pkill Nginx
#/usr/local/nginx/sbin/nginx &
Modify the Hosts file
192.168.111.10 www.zzu.com
Risk is indicated on first visit
Since there is no credible institution to admit the certificate, then the small part to an organization, remember the small part of the original to the server generated CA certificate, Web site certificate is this CA sent, if the client trusts this CA, that does not trust the Web certificate, then to achieve it, The principle is to use a certificate chain, which comes with a certificate from its superior when the Web certificate is sent.
Step 5: Modify the Web certificate, add the contents of the CA's certificate, but be aware of the order of the Web certificate, the contents of the website before the CA certificate
# Cp/etc/pki/ca/cacert.pem/usr/local/nginx/certs
# cd/usr/local/nginx/certs/
# cat Cacert.pem >> Nginx.cert
Restarting the Ngnix service is a must
# Pkill Nginx
#/usr/local/nginx/sbin/nginx &
Client Access Test
Go on
Go on
GOON
Click "Yes"
Turn off browser reopen try
OK, small series to achieve a few are nearly finished, of course, this is just a few simple applications, in the back of the blog will introduce how to build "Lnmp",
Easily use Nginx to build a Web server