Nginx common application Technical Guide (nginx Tips) (zt)

Directory:
I. Basic nginx knowledge
Ii. nginx installation and configuration
Iii. nginx rewrite
Iv. nginx redirect
5. automatically add a slash to the nginx directory
Vi. nginx anti-leech Protection
VII. nginx expires
8. nginx Access Control
IX. nginx location
10. nginx log processing
11. nginx cache service configuration
12. nginx Load Balancing
13. nginx Optimization
14. nginx reference documents
 


[Preface ]:
This technical guide aims to popularize the use of nginx in China and help you understand and master some nginx usage skills more conveniently. Many tips in this Guide are from the Internet.
I would like to express my gratitude and greetings to friends who are willing to share on the Internet! You are welcome to enrich this technical guide with me and provide better suggestions.
!

I. Basic nginx knowledge
1. Introduction
 
Nginx ("engine X") is a high-performance HTTP and reverse proxy server.
Is also an IMAP/POP3/SMTP proxy server. Nginx is developed by the rambler.ru site, where Igor Sysoev is the second highest traffic in Russia.
It has been running on the site for more than two and a half years. Igor publishes source code in the form of a class BSD license. Although it is still a test version, nginx has been used for its stability, rich feature sets, and sample configuration files.
And low System
The consumption of resources is famous. For more information, see the official wiki: http://wiki.codemongers.com/NginxChs

2. Advantages of nginx
 
As an HTTP server, nginx has the following basic features:
1. process static files, index files, and automatic indexes; enable file descriptor buffering.
2. Non-Cache reverse proxy acceleration, simple load balancing and fault tolerance.

3. FastCGI, simple load balancing and fault tolerance.
 

4. modular structure.
Filters include gzipping, byte ranges, chunked responses, and SSI-filter. If FastCGI or another Proxy Server Processes multiple SSI in a single page, the processing can run in parallel without waiting for each other.

5. Support for SSL and tls sni.
 
Nginx is designed for performance optimization. performance is the most important consideration, and efficiency is very important in implementation. It supports the kernel poll model and can withstand the high load test. The report shows that it supports up to 50,000 concurrent connections.
Nginx has high stability. When other HTTP servers encounter access peaks or maliciously initiate slow connections, the server may also consume physical memory and exchange frequently. In this case, the server can only be restarted if the response is lost. For example, once Apache has over 200 processes, the Web response speed is obviously very slow. Nginx adopts the phased Resource Allocation technology, making it very low in CPU and memory usage. Nginx officially said that it maintains 10,000 idle connections, which only occupies MB of memory. Therefore, DOS-like attacks are basically useless for nginx. In terms of stability, nginx is better than lighthttpd.
Nginx supports hot deployment. It is easy to start and can run almost without interruption, even if it runs for several months, it does not need to be restarted. You can also
Upgrade the version.
Nginx adopts the master-slave model, which can take full advantage of SMP and reduce the blocking delay of working processes on disk I/O. When you use select ()/poll (), you can also limit the number of connections of each process.
The nginx code quality is very high, the code is very standard, the method is mature, and the module expansion is also very easy. It is particularly worth mentioning that the powerful upstream and filter chain. Upstream lays a good foundation for writing communication modules with other servers, such as reverse proxy. The coolest part of the filter chain is that each filter does not have to wait until the previous filter is executed. It can use the output of the previous filter as the input of the current filter, which is a bit like UNIX
. This means that a module can start compressing the requests sent from the backend server and redirect the compressed stream to the client before the module receives the whole request from the backend server.
Nginx adopts the latest features provided by some operating systems, such
2.2 +), accept-filter (FreeBSD
4.1 +), tcp_defer_accept (Linux 2.4 +) support, thus greatly improving the performance.

Ii. nginx installation and configuration

1. Install PCRE
Code:
./Configure

Make & make install

CD ../

3. nginx compilation and Installation
Code:
./Configure -- user = WWW -- group = WWW -- prefix =/usr/local/nginx/-- with-http_stub_status_module -- With-OpenSSL =/usr/local/OpenSSL

Make & make install

For more detailed module customization and installation, refer to the official wiki.

Iii. nginx rewrite

1. nginx rewrite basic mark (flags)
Copy the content to the clipboard code: Last-this flag is basically used.
Break-Abort rewirte and do not continue matching
Redirect-return the HTTP status 302 of the temporary redirect
Permanent-returns the HTTP status 301 for permanent redirection
2. Regular Expression matching,
Code:
*~ Case-sensitive matching

*~ * Case-insensitive match

*!~ And !~ * Case-insensitive and case-insensitive

3. file and directory matching,
Code:
*-F and! -F is used to determine whether a file exists.

*-D and! -D is used to determine whether a directory exists.

*-E and! -E is used to determine whether a file or directory exists.

*-X and! -X is used to determine whether a file is executable.

4. Some available global variables of nginx can be used for condition judgment:

Code:
$ ARGs

$ Content_length

$ Content_type

$ Document_root

$ Document_uri

$ Host

$ Http_user_agent

$ Http_cookie

$ Limit_rate

$ Request_body_file

$ Request_method

$ Remote_addr

$ Remote_port

$ Remote_user

$ Request_filename

$ Request_uri

$ QUERY_STRING

$ Scheme

$ Server_protocol

$ Server_addr

$ SERVER_NAME

$ Server_port

$ URI

Iv. nginx redirect
Redirect all linuxtone.org and abc.linuxtone.org domain names from the http://www.linuxtone.org code:
Server

{

Listen 80;

SERVER_NAME linuxtone.org abc.linuxtone.org;

Index index.html index. php;

Root/data/www/wwwroot;

If ($ http_host !~ "^ Www/. linxtone/. org $ "){

Rewrite ^ (. *) [url] http://www.linuxtone.org
$1 redirect;

}

........................

}

5. automatically add a slash to the nginx Directory: code:
If (-d $ request_filename ){

Rewrite ^/(. *) ([^/]) $ http: // $ host/$1 $2/permanent;

}

6. nginx anti-leech code:
# Preventing hot linking of images and other file types

Location ~ * ^. +/. (GIF | JPG | PNG | SWF | FLV | RAR | zip) $ {

Valid_referers none blocked server_names * .linuxtone.org http: // localhost Baidu.com;

If ($ invalid_referer ){

Rewrite ^ /;

# Return 403;

}

}

VII. nginx expires

1. expires Based on the file type

Code:
# Add Expires header for static content

Location ~ */. (JS | CSS | JPG | JPEG | GIF | PNG | SWF) $ {

If (-F $ request_filename ){

Root/data/www/wwwroot/BBS;

Expires 1D;

Break;

}

}

2. Determine a directory

Code:
# Serve static files

Location ~ ^/(Images | JavaScript | JS | CSS | flash | media | static )/{

Root/data/www/wwwroot/down;

Expires 30d;

}

8. nginx Access Control

1. nginx ID card verification

Code:
# Cd/usr/local/nginx/Conf

# Mkdir htpasswd

/Usr/local/apache2/bin/htpasswd-C/usr/local/nginx/CONF/htpasswd/Tongji linuxtone # Add a user
Name: linuxtone

New Password: (enter your password here)

Re-type new password: (enter your password again)

Adding password for user

Http://count.linuxtone.org/tongji/data/index.html
(The directory contains/data/www/wwwroot/Tongji/data)

Place the following configuration in the VM directory when accessing the http://count.linuxtone/tongji/
The system prompts password verification:

Location ~ ^/(Tongji )/{

Root/data/www/wwwroot/count;

Auth_basic "lt-count-Tongji ";

Auth_basic_user_file/usr/local/nginx/CONF/htpasswd/Tongji;

}

2. nginx prohibits access to a certain type of files.


For example, to prohibit access to the *. txt file in nginx, the configuration method is as follows. Code:
Location ~ */. (Txt | DOC) $ {

If (-F $ request_filename ){

Root/data/www/wwwroot/linuxtone/test;

Break;

}

}

Method 2: code:
Location ~ */. (Txt | DOC) $ {

Root/data/www/wwwroot/linuxtone/test;

Deny all;

}

Prohibit Access to a directory code:

Location ~ ^/(WEB-INF )/{

Deny all;

}

3. Use ngx_http_access_module to restrict IP Access

Code:
Location /{

Deny 192.168.1.1;

Allow 192.168.1.0/24;

Allow 10.1.1.0/16;

Deny all;

}

For details, refer to wiki: [url = Wikipedia

4. nginx download
Limit concurrency and speed

Code:

Limit_zone one $ binary_remote_addr 10 m;

Server

{

Listen 80;

SERVER_NAME down.linuxotne.org;

Index index.html index.htm index. php;

Root/data/www/wwwroot/down;

# Zone limit

Location /{

Limit_conn one 1;

Limit_rate 20 K;

}

..........

}

5. Implement Apache in nginx
Same directory list

Code:
Location /{

Autoindex on;

}
IX. nginx location

1. Basic syntax
: [Basically the same as the above rewrite Regular Expression matching syntax] Code:
Location [= | ~ | ~ * | ^ ~] /Uri /{... }

*~ Case-sensitive matching

*~ * Case-insensitive match

*!~ And !~ * Case-insensitive and case-insensitive

Example 1: code:
Location = /{

# Matches the query/only.

# Match/query only.

}

Match any query because all requests start. However, regular expression rules and long block rules are preferentially matched with queries.
Example 2: code:

Location ^ ~ /Images /{

# Matches any query beginning with/images/and halts searching,

# So regular expressions will not be checked. # match any queries starting with/images/and stop searching. No regular expression will be tested.

Example 3: code:

Location ~ */. (GIF | JPG | JPEG) $ {

# Matches any request ending in GIF, JPG, or JPEG. However, all

# Requests to the/images/directory will be handled

} # Match any request that has ended with GIF, JPG, or JPEG.

10. nginx log processing
1. nginx log Cutting
Code:
# Contab-e

59 23 ***/usr/local/sbin/logcron. sh/dev/null 2> & 1

[Root @ count ~] # Cat/usr/local/sbin/logcron. Sh code:
#! /Bin/bash

Log_dir = "/data/logs"

Time = 'date + % Y % m % d'

/Bin/mv $ {log_dir}/access_linuxtone.org.log $ {log_dir}/access_count.linuxtone.org. $ time. Log

Kill-usr1 'cat/var/run/nginx. Pi'

More log analysis and processing on the follow (also welcome to the discussion): http://bbs.linuxtone.org/forum-8-1.html

2. How does nginx not record partial logs?


There are too many logs, several Gbit/s each day, with less logs. The following configuration can be written to the server {} segment for the Code:
Location ~ . */. (JS | JPG | JPEG | CSS | BMP | GIF) $

{

Access_log off;

}

11. nginx cache service configuration
To Cache the file locally, add the following sub-parameters: code:

Proxy_store on;

Proxy_store_access User: RW group: RW all: RW;

Proxy_temp_path cache directory; where,

Proxy_store on is used to enable the local cache function,

Proxy_temp_path is used to specify the directory in which the cache is stored, for example, proxy_temp_path HTML;

After configuration in the previous step, although the file is cached on the local disk, the file will be pulled from the remote end in each request. To avoid pulling files from the remote end, you must modify proxy_pass: code:
If (! -E $ request_filename ){

Proxy_pass http: // mysvr;

}

If the requested file does not exist in the directory specified by the local proxy_temp_path, then the request is pulled from the backend.

12. nginx Load Balancing
1. Basic nginx knowledge
Currently, nginx upstream supports four allocation methods.

1) Round Robin (default)

Each request is distributed to different backend servers one by one in chronological order. If the backend servers are down, they can be removed automatically.

2) Weight

Specify the round-robin probability. weight is proportional to the access ratio, which is used when the backend server performance is uneven.

2) ip_hash

Each request is allocated according to the hash result of the access IP address, so that each visitor accesses a backend server at a fixed time, which can solve the session problem.

3) Fair (third party)

Requests are allocated based on the response time of the backend server. Requests with short response time are prioritized.

4), url_hash (third-party)

3. nginx Load Balancing
 
Instance 1 code:
Upstream bbs.linuxtone.org {# define the IP address and device status of the Server Load balancer Device

Server 127.0.0.1: 9090 down;

Server 127.0.0.1: 8080 Weight = 2;

Server 127.0.0.1: 6060;

Server 127.0.0.1: 7070 backup;

}

Add the following code to the server that needs to use Server Load balancer:
Proxy_pass [url] http://bbs.linuxtone.org/
;

The status of each device is set to: code:

1. Down indicates that the server before a ticket is not involved in the load

2. The default weight value is 1. The larger the weight value, the larger the load weight.

3. max_fails: the default number of failed requests is 1. If the maximum number of failed requests is exceeded, an error defined by the proxy_next_upstream module is returned.

4. fail_timeout: The pause time after max_fails fails.

5. Backup: Requests the backup machine when all other non-Backup machines are down or busy. Therefore, this machine is under the least pressure. Nginx supports setting multiple groups of Server Load balancer instances for unused servers.

Client_body_in_file_only is set to on. You can use the client post data record in the file for debugging.

Client_body_temp_path: Set the directory of the record file to a maximum of three levels.

Location matches the URL. You can perform redirection or perform new proxy load balancing.

4. nginx Server Load balancer instance
2
Requests are allocated based on the hash result of the access URL so that each URL is directed to the same backend server. The backend server is effective when caching and can be used to increase the Squid cache hit rate.

Simple Load Balancing instance:
# Vi nginx. conf // core configuration code of the nginx main configuration file:

..........

# Loadblance my.linuxtone.org

Upstream my.linuxtone.org {

Ip_hash;

Server 127.0.0.1: 8080;

Server 192.168.169.136: 8080;

Server 219.101.75.138: 8080;

Server 192.168.169.117;

Server 192.168.169.118;

Server 192.168.169.119;

}

..............

Include vhosts/linuxtone_lb.conf;

.........

# Vi proxy. conf

Proxy_redirect off;

Proxy_set_header host $ host;

Proxy_set_header X-real-IP $ remote_addr;

Proxy_set_header X-forwarded-for $ proxy_add_x_forwarded_for;

Client_max_body_size 50 m;

Client_body_buffer_size 256 K;

Proxy_connect_timeout 30;

Proxy_send_timeout 30;

Proxy_read_timeout 60;

Proxy_buffer_size 4 K;

Proxy_buffers 4 32 K;

Proxy_busy_buffers_size 64 K;

Proxy_temp_file_write_size 64 K;

Proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;

Proxy_max_temp_file_size 128 m;

Proxy_store on;

Proxy_store_access User: RW group: RW all: R;

# Nginx Cache

Client_body_temp_path/data/nginx_cache/client_body 1 2;

Proxy_temp_path/data/nginx_cache/proxy_temp 1 2; # vi linuxtone_lb.conf
Code:
Server

{

Listen 80;

SERVER_NAME my.linuxtone.org;

Index index. php;

Root/data/www/wwwroot/mylinuxtone;

If (-F $ request_filename ){

Break;

}

If (-F $ request_filename/index. php ){

Rewrite (. *) $1/index. php break;

}

Error_page 403 http://my.linuxtone.org/member.php? M = user & A = Login
;

Location /{

If (! -E $ request_filename ){

Proxy_pass http://my.linuxtone.org
;

Break;

}

Include/usr/local/nginx/CONF/Proxy. conf;

}

}

13. nginx Optimization

1. Reduce the size of nginx compiled files (reduce file size of nginx)
 
The default nginx compilation option uses the debug mode (-g) (many tracing and assert will be inserted in the debug mode). After compilation, an nginx has several megabytes. Remove nginx debug mode compilation, with only several hundred kb after compilation
In auto/CC/GCC, the last few lines are:
# Debug
Cflags = "$ cflags-g"
Comment out or delete these lines and recompile them.

2. Modify nginx header to disguise the server

Code:
# Cd nginx-0.6.31

# Vi src/CORE/nginx. h

# Ifndef _ nginx_h_included _

# DEFINE _ nginx_h_included _

# Define nginx version "1.3"

# Define nginx_ver "ltws/" nginx_version

# Define nginx_var "nginx"

# Define ngx_oldpid_ext ". oldbin"

# Endif/* _ nginx_h_included _*/

# Curl-I my.linuxtone.org

HTTP/1.1 200 OK

Server: ltws/1.3

Date: Mon, 24 Nov 2008 02:42:51 GMT

Content-Type: text/html; charset = GBK

Transfer-encoding: chunked

Connection: keep-alive

14. nginx reference documents

1. nginx debug skills

/Usr/local/nginx/sbin/nginx-T Whether the debugging configuration has a syntax error.