Easily use Nginx to build a Web server

If the reader has done web development before, you should know how to build a Web server to run your Web site, under Windows you may choose to use IIS, very fast, under Linux, you may first think of Apache, "a Brother" ( Ranking of W3techs website data)

Today's small series to introduce a rising star Nginx to implement the Web server. Small series in front of the blog also detailed chat about the use of Apache, and now the use of nginx, the reader may build a Web server after the words do not know what to choose, O (∩_∩) o~, don't worry, small make this to the reader to analyze the difference between Nginx and Apache, After the reader can be based on the characteristics of their web site to choose its excellent.

The difference between Project 1:nginx and Apache

1. Apache's advantages over Nginx:

• Rewrite, stronger than Nginx's rewrite
• Dynamic page, Nginx processing dynamic request is chicken, general dynamic request to Apache to do, nginx only suitable for static and reverse.
• The module is too much, the basic thought can be found
• Fewer bugs, nginx bugs relatively more super-stable

2. The advantages of nginx with respect to Apache:

• The lightweight, similarly web service, consumes less memory and resources than Apache, supports more concurrent connections, and is more efficient, which makes Nginx particularly popular with virtual hosting providers. In the case of high connection concurrency, Nginx is a good alternative to Apache server: Nginx in the United States is a virtual hosting business owners often choose one of the software platform. Capable of supporting up to 50,000 concurrent connections, thanks to Nginx choosing Epoll and Kqueue as the development model.
• Anti-concurrency, Nginx processing requests are asynchronous non-blocking, and Apache is blocking type, in high concurrency, nginx can keep low resource consumption and high performance
• Highly modular design, relatively simple to write modules
• Community active, a variety of high-performance modules produced quickly AH
• Nginx itself is a reverse proxy server
• The load balancing capability is outstanding, Nginx can support both Rails and PHP programs externally, and can support external service as HTTP proxy server. Nginx is written in C, which is much better than Perlbal, both in terms of system resource overhead and CPU efficiency.

3. Core differences: Apache is a synchronous multi-process model, a connection corresponding to a process; Nginx is asynchronous, multiple connections (million levels) can correspond to a process

In general, Web services that require performance, with Nginx. If you don't need performance for stability, then Apache. The latter of the various functional modules implemented than the former, such as the SSL module is better than the former, more configurable items. One thing to note here is that Epoll (FreeBSD is kqueue) network IO Model is the fundamental reason for the high performance of nginx processing, but not all cases are epoll victory, if you provide static services only a few files, Apache Select Models may be more performant than Epoll.

First, select:

• Socket limit: The number of sockets that the mode can operate is determined by fd_setsize, and the kernel defaults to 32*32=1024.
• Operational restrictions: By traversing the fd_setsize socket to complete the dispatch, regardless of which socket is active, all traverse over (this is the reason that Apache is slow).

Besides Epoll:

• Unlimited number of sockets
• Unrestricted operation: Based on the reflection mode provided by the kernel, when there is an active socket, the kernel accesses the socket's callback and does not need to traverse polling (this is, of course, the reason for Nginx fast).

Part of the principle of small parts of the idea that readers know this is enough, at least when others ask you to choose one of the reasons you have enough to deal with, of course, small series also recommend a compromise scheme, nginx do the front end, Apache do the back end

Project 2: Installing Nginx

Software Requirements:

Officially, the latest is nginx-1.3.16.tar.gz.

Official latest libevent-2.0.21-stable.tar.gz provides event handling mechanism, Linux 5.4 comes with can also, by default installed

Pcre and Pcre-devel, the default pcre is installed, Pcre-devel needs to be installed with Yum

Step 1: Install Pcre-devel, and build Nginx user

# yum Install Pcre-devel

# groupadd-r Nginx

# Useradd-r-G nginx-m nginx

Step 2: Unzip the source of Nginx and install

# TAR-ZXVF Nginx-1.3.16.tar.gz-c/usr/local/src/

# cd/usr/local/src/nginx-1.3.16/

#./configure \

--conf-path=/etc/nginx/nginx.conf \

--error-log-path=/var/log/nginx/error.log \

--http-log-path=/var/log/nginx/access.log \

--pid-path=/var/run/nginx/nginx.pid \

--lock-path=/var/lock/nginx.lock \

--user=nginx \

--group=nginx \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--http-client-body-temp-path=/var/tmp/nginx/client/\

--http-proxy-temp-path=/var/tmp/nginx/proxy/\

--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/\

--with-pcre

# Make && make install

# mkdir-p/var/tmp/nginx/client

Step 3: Start the Nginx service and test on the client

#/usr/local/nginx/sbin/nginx &//Here is a small part of the startup script is not written, and then attached

Query the startup status of Nginx

client browser Input http://192.168.111.10 try it

Here, the simple installation of Nginx is done.

Project 3: Load test for static web pages

The front always said Nginx in the handling of static Web performance superior to Apache, then the small part here to test to try, Nginx Web site home directory in the/usr/local/nginx/html,apache Web site home directory in/var/www/ HTML, write an identical static page to each of the two Web site home directories

Step 1: Build the same test page

# rm–rf/usr/local/nginx/html/index.html//Delete the original home page

# echo "This is testpage." >/usr/local/nginx/html/index.html

# echo "This is testpage." >/var/www/html/index.html

Step 2:ab Tool Test Nginx

# Pkill Nginx

#/usr/local/nginx/sbin/nginx &

# ab-c 1000-n http://192.168.111.10:80/

# ab-c 1000-n 10000 http://192.168.111.10:80/

# ab-c 1000-n 50000 http://192.168.111.10:80/

Here's a test of Apache performance.

# Pkill Nginx

# service httpd Start

# ab-c 1000-n http://192.168.111.10:80/

You're not even going to make it, so try a 10000.

# ab-c 1000-n 10000 http://192.168.111.10:80/

All right, come on, 50000.

Readers can take a good look at the small number of pictures in the circle, it is obvious that nginx in the processing of static pages is very good

Project 4: Implementing a virtual host, this is a more common feature.

Nginx configuration file is relatively concise, configuration is not so troublesome

IP-based virtual host

Step 1: Preparing for work

Add a network card address (the original is 192.168.111.10)

# ifconfig eth0:0 192.168.111.20

Create Two site directories

# mkdir/website1

# Mkdir/website2

Set up two directories to store logs

# mkdir/var/log/nginx/website1

# Mkdir/var/log/nginx/website2

Create a two test page

# echo "This is WebSite1" >/website1/index.html

# echo "This is Website2" >/website2/index.html

Step 2: Modify the configuration file, the original configuration file has a server node by default, modify it, and then add a server node

server {

Listen 192.168.111.10:80;

server_name localhost;

#charset Koi8-r;

Access_log/var/log/nginx/website1/access.log;

Error_log/var/log/nginx/website1/error.log;

Location/{

root/website1;

Index index.html index.htm;

}

Error_page 404/404.html;

# REDIRECT Server error pages to the static page/50x.html

#

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

server {

Listen 192.168.111.20:80;

server_name localhost;

#charset Koi8-r;

Access_log/var/log/nginx/website2/access.log;

Error_log/var/log/nginx/website2/error.log;

Location/{

Root/website2;

Index index.html index.htm;

}

Error_page 404/404.html;

# REDIRECT Server error pages to the static page/50x.html

#

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

Step 3: Stop the original Apache service

# Service HTTPD Stop

#/usr/local/nginx/sbin/nginx &

Step 4: Try to access the site separately at the client

Based on the host header

Step 1: Modify the configuration file

server {

Listen 192.168.111.10:80;

server_name www.website1.com;

#charset Koi8-r;

Access_log/var/log/nginx/website1/access.log;

Error_log/var/log/nginx/website1/error.log;

Location/{

root/website1;

Index index.html index.htm;

}

Error_page 404/404.html;

# REDIRECT Server error pages to the static page/50x.html

#

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

server {

Listen 192.168.111.20:80;

server_name www.website2.com;

#charset Koi8-r;

Access_log/var/log/nginx/website2/access.log;

Error_log/var/log/nginx/website2/error.log;

Location/{

Root/website2;

Index index.html index.htm;

}

Error_page 404/404.html;

# REDIRECT Server error pages to the static page/50x.html

#

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

Step 2: Modify the Hosts file on this computer and restart the Nginx service

192.168.111.10 www.website1.com

192.168.111.10 www.website2.com

# Pkill Nginx

#/usr/local/nginx/sbin/nginx &

Step 3: Try entering www.website1.com and www.website2.com separately in the browser

Finished, the following small series to achieve simple security access (using SSL control), which involves the creation of a certificate, where the small part of the server as a Web server, and as a CA server, if as a CA server, then the first to create a certificate to the CA

Project 5:

Step 1: Configure the profile that created the certificate, and create the certificate

# VIM/ETC/PKI/TLS/OPENSSL.CNF

45 Line modified to Dir =/etc/pki/ca

Create related folders and files based on the requirements of your profile

# mkdir Certs CRL Newcerts

# Touch Index.txt Serial

# echo >>serial//initialization file

Create a private key

# OpenSSL Genrsa 1024x768 >private/cakey.pem

# chmod Private/cakey.pem

Generate a certificate file

Step 2: Establish the Nginx Security directory and generate the associated private key and certificate file

# Mkdir/usr/local/nginx/certs

# cd/usr/local/nginx/certs/

# OpenSSL Genrsa 1024x768 >nginx.key

# chmod Nginx.key

Because the small series of this server as a CA and as a Web server, so the process can be a certificate request can be directly in the machine

Generate certificate

Step 3: Modify the Nginx configuration file to add a site for secure access

server {

Listen 192.168.111.10:443;

server_name www.zzu.com;

SSL on;

Ssl_certificate/usr/local/nginx/certs/nginx.cert;

Ssl_certificate_key/usr/local/nginx/certs/nginx.key;

Ssl_session_timeout 5m;

Access_log/var/log/nginx/access.log;

Error_log/var/log/nginx/error.log;

Ssl_protocols SSLv2 SSLv3 TLSv1;

Ssl_ciphers high:!anull:! MD5;

Ssl_prefer_server_ciphers on;

Location/{

root HTML;

Index index.html index.htm;

}

}

Step 4: Restart the Nginx service, modify the client's Hosts file and access

# Pkill Nginx

#/usr/local/nginx/sbin/nginx &

Modify the Hosts file

192.168.111.10 www.zzu.com

Risk is indicated on first visit

Since there is no credible institution to admit the certificate, then the small part to an organization, remember the small part of the original to the server generated CA certificate, Web site certificate is this CA sent, if the client trusts this CA, that does not trust the Web certificate, then to achieve it, The principle is to use a certificate chain, which comes with a certificate from its superior when the Web certificate is sent.

Step 5: Modify the Web certificate, add the contents of the CA's certificate, but be aware of the order of the Web certificate, the contents of the website before the CA certificate

# Cp/etc/pki/ca/cacert.pem/usr/local/nginx/certs

# cd/usr/local/nginx/certs/

# cat Cacert.pem >> Nginx.cert

Restarting the Ngnix service is a must

# Pkill Nginx

#/usr/local/nginx/sbin/nginx &

Client Access Test

Go on

Go on

GOON

Click "Yes"

Turn off browser reopen try

OK, small series to achieve a few are nearly finished, of course, this is just a few simple applications, in the back of the blog will introduce how to build "Lnmp",

Easily use Nginx to build a Web server