Linux Basics Command Practice DAY7-NGINX,NFS

A. Nginx

Nginx ("Engine X") is a high-performance HTTP and reverse proxy server as well as a IMAP/POP3/SMTP server. Nginx was developed by Igor Sysoev for the second rambler.ru site of Russian traffic, and the first public version 0.1.0 was released on October 4, 2004. It publishes the source code in the form of a BSD-like license, known for its stability, rich feature set, sample configuration files, and low system resource consumption and concurrency.

1. Installation of Nginx (yum installation)

The first need to install the Epel software source, because it contains many basic sources do not have software, easy to install nginx; Yum Install epel-release-y

After installing the Epel, you can then install nginx; Yum Install nginx-y

The Nginx configuration file should be "/etc/nginx/nginx.conf" by default and can be modified using VIM edit configuration

# info:the conf for Nginx
# Author:dingtm
# ctime:2010.07.01
user www www; #运行NGINX所使用的用户和组
worker_processes 4; #nginx进程数, it is recommended to specify by the number of CPUs, usually a multiple of it, each process consumes about 10M of memory
Error_log/data/logs/nginx/error.log Crit;
Pid/elain/apps/nginx/nginx.pid;
Worker_rlimit_nofile 65535; #nginx能打开文件的最大句柄数, it is best to keep the value of ulimit-n consistent with the Ulimit-shn 65535 setting
Events {
Use epoll; #使用epoll的I/O model
connections 20000; #每个进程允许的最多连接数
worker_connections 65535; #该值受系统进程最大打开文件数限制, you need to use the command ulimit-n to view the current settings
maxclients=65535*2
}
http {
include mime.types; #mine. Types define each file type image
Types {
text/html html;
image/gif gif;
image/jpeg jpg;
image/png png;
}
Default_type Application/octet-stream; #设置默认类型是二进制流, if not set, such as Not loaded PHP, is not resolved, browser access to the download window appears
server_names_hash_bucket_size 128; #不能带单位! You must set this value when configuring a host, or you cannot run Nginx or pass the test, this setting together with Server_names_hash_max_size control to save the server name of the hash table, hash bucket size is always equal to the size of the hash table, And is a multiple of the processor cache size. If the hash bucket size equals the amount of the processor cache, the worst case lookup of the key is 2 in memory. The first is to determine the address of the storage unit, and the second is to find the key value in the storage unit. If you report a hash max size or hash bucket size, we need to increase the value of server_names_hash_max_size.
client_header_buffer_size 128k; #客户端请求头部的缓冲区大小, according to the system paging size setting, the paging size can be obtained by command getconf pagesize
large_client_header_buffers 4 128k; #4为个数, 128k is the size and the default is 4k. Apply for 4 128k. When the URI of HTTP is too long or the request header is too large, it will be reported 414 request URI too large or the request, it is very likely that the value written in the cookie is too large, Because the size of the other parameters in the header is generally fixed, only the cookie may be written to large data, then the above two values can be increased, the corresponding browser will increase the maximum number of bytes of cookies.
client_max_body_size 8m; #HTTP请求的BODY最大限制值, if this value is exceeded, report 413 Request Entity Too Large
Open_file_cache max=65535 inactive=20s; #max指定缓存数量, the recommended number of open files is the same, inactive refers to how long the file has not been requested to delete the cache.
open_file_cache_valid 30s; #指多长时间检查一次缓存的有效信息
open_file_cache_min_uses 1; #open_file_cache指令中的inactive参数时间内文件的最少使用次数, if this number is exceeded, the file descriptor is always opened in the cache, as in the previous example, If a file is not used once within inactive time, it will be removed.
Server_tokens off; #关闭错误时Nginx版本显示
#提高文件传输性能
sendfile on; #打开系统函数sendfile () Support
Tcp_nopush on; #打开linux下TCP_CORK, the Sendfile is effective when opened, reducing the number of message segments
Keepalive_timeout 60; #keepalive超时时间
Tcp_nodelay on; #打开TCP_NODELAY在包含了keepalive才有效
fastcgi_connect_timeout; #指定连接到后端FastCGI的超时时间
Fastcgi_send_timeout 300; #向FastCGI传送请求的超时时间, this value is the time-out for sending a request to fastcgi after two handshakes have been completed.
Fastcgi_read_timeout 300; #接收FastCGI应答的超时时间, this value is the time-out for receiving a fastcgi response after two handshakes have been completed.
fastcgi_buffer_size 64k; #这里可以设置为fastcgi_buffers指令指定的缓冲区大小
Fastcgi_buffers 16k; #指定本地需要用多少和多大的缓冲区来缓冲FastCGI的应答
fastcgi_busy_buffers_size 128k; #建议为fastcgi_buffers的两倍
fastcgi_temp_file_write_size 128k; #在写入fastcgi_temp_path时将用多大的数据块, the default value is twice times fastcgi_buffers, setting the above value setting is too small if the load may be reported 502 bad Gateway
Fastcgi_cache Dingtm #开启FastCGI缓存并且为其制定一个名称, effectively reduces CPU load and prevents 502 errors
fastcgi_cache_valid 302 1h; #指定应答代码缓存时间为1小时
fastcgi_cache_valid 301 1d; #1天
Fastcgi_cache_valid any 1m; #其它为1分钟
fastcgi_cache_min_uses 1; #缓存在fastcgi_cache_path指令inactive参数值时间内的最少使用次数 F
gzip on; #打开GZIP压缩, real-time compressed output data stream
Gzip_min_length 1k; #从Content-length value is verified, less than 1 K will be more pressure
gzip_buffers 4 16k; #以16K为单位4倍的申请内存做压缩结果流缓存
Gzip_http_version 1.1;
Gzip_comp_level 3; #压缩比率1 -9,1 compression is the fastest, with a minimum of 9 compression, but with the slowest processing and CPU consumption
gzip_types text/plain application/x-javascript text/css application/xml; #压缩类型
include vhosts/*.conf; #虚拟主机
}
#虚拟主机
server {
Listen;
server_name www.elain.org; #多域名用空格隔开
index index.php index.html index.shtml;
Root/elain/data/htdocs/elain;
#limit_conn Connlimit 20; #限制一个IP只能最多只能发起20个连接, over-reported 503 Service unavailable to prevent malicious connections
access_log/elain/logs/nginx/access_www.elain.org.log access;
Error_log/elain/logs/nginx/error_www.elain.org.log;
Location /{
SSI on; #WEB文档根目录打开SSI支持
ssi_types text/html;
ssi_silent_errors off; #处理SSI出错时不提示
}
Location ~. *. (gif|jpg|jpeg|png|bmp|swf) $ {
Access_log off;
expires 30d;
}
Location ~. *. (JS|CSS)? $ {
expires 1h;
add_header Cache_control Private;
}
Location ~/.ht {
deny all;
}
Location/nginxstatus {#设定查看Nginx状态的地址
stub_status on;
Access_log off;
auth_basic "Nginxstatus"; #标识
Auth_basic_user_file conf/.htpasswd; #网页加密, Prompt for login box, enter user name and password to view
}
Location ~. *. (PHP|PHP5)? $ {#匹配文件后缀php, php5
#fastcgi_pass Unix:/tmp/php-cgi.sock; #SOCKET方式转交fastcgi处理
Fastcgi_pass 127.0.0.1:9000; #9000端口方式fastcgi
Fastcgi_index index.php;
include Fastcgi_params; #包含fastcgi配置
#fastcgi_param script_filename $document _root$fastcgi_script_name;
}
}

after setting the nginx.conf, you should turn off the firewall of the Linux system, because it will prevent remote access to nginx default port 80; command: Systemctl stop firewalld (Turn off firewall), Systemctl disable FIREWALLD (boot does not start the firewall)SELinux prevents the HTML file under the remote access of several HTML files, need to modify the SELinux configuration file; command: Vim/etc/selinux/config, The second selinux=disabled, save exit, restart the system;

At this point, you can start the Nginx service, command: Systemctl start Nginx (start Nginx),systemctl enable Nginx (set to boot).

2. Installation of Nginx (source installation)-The great God has written in great detail.

3. Use of Nginx configuration

4. Nginx Balanced Load (LB)

Load balancing technology is one of the necessary architectural strategies for building large Web sites. The purpose of this is to distribute the user's request to multiple backend devices to balance the load on the server.

The features of the Nginx load balancer are:
1). Work on the 7 level of the network, you can do some diversion strategies for HTTP applications, such as for the domain name, directory structure;
2). Nginx installation and configuration is relatively simple, easy to test;
3). Can also bear high load pressure and stability, generally can support more than tens of times of concurrency;
4). Nginx can detect the internal failure of the server through the port, for example, according to the server processing the status code returned by the Web page, timeout and so on, and will return the wrong request back to another node, but the disadvantage is that the URL is not supported to detect;
5). The asynchronous processing of the request by Nginx can help the node server to reduce the load;
6). Nginx can support HTTP and email, so it is much smaller in the scope of application;
7). There are three scheduling algorithms by default: polling, weight, and Ip_hash (which solves the problem of session retention), and supports third-party scheduling algorithms such as fair and url_hash;

Two. NFS

NFS is the abbreviation for the network file system, which is the web filesystem. A contract for the decentralized file system, developed by Sun, was announced in 1984. The function is to enable different machines, different operating systems to share individual data with each other, so that the application can access the data on the server disk through the network, and it is a way to implement disk file sharing among Unix-like systems.

The basic principle of NFS is to "allow different clients and services to share the same file system through a set of RPC", which is independent of the operating system, allowing different hardware and operating systems to share files together.

NFS relies on the RPC protocol during file transfer or information transfer. RPC, remote procedure invocation (Procedure call) is a mechanism that enables clients to perform programs in other systems. NFS itself does not provide the protocol and functionality for transmitting information, but NFS allows us to share information over the network, because NFS uses some other transport protocols. And these transport protocols are used for this RPC function. It can be said that NFS itself is a program that uses RPC. Or, NFS is also an RPC SERVER. So whenever you use NFS, you start the RPC service, whether it's NFS server or NFS CLIENT. This allows the server and client to implement the program port correspondence via RPC. You can understand the relationship between RPC and NFS: NFS is a file system, and RPC is responsible for the transfer of information.

1. NFS installation, yum install Rpcbind nfs-utils-y

2. NFS Configuration, Vim/etc/exports

Configuration file format:< output directory > [Client 1 options (access rights, user mappings, others)] [Client 2 options (access rights, user mappings, others)]

A. Output directory:

The output directory is the directory that the NFS system needs to share with the client;

B. Client:

A client is a computer in the network that can access this NFS output directory

Common ways for clients to specify

• Specify the IP address of the host: 192.168.0.200
• Specify all hosts in the subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0
• Host of the specified domain name: david.bsmart.cn
• Specify all hosts in the domain: *.bsmart.cn
• All hosts: *

C. Options:

option to set the access permissions, user mappings, and so on for the output directory.

There are 3 main types of NFS options:

Access Permissions Options

• Set output Directory read-only: RO
• Set output directory Read/write: RW

User mapping Options

• All_squash: Maps all normal users and groups that are accessed remotely to anonymous users or user groups (Nfsnobody);
• No_all_squash: Reverse with All_squash (default setting);
• Root_squash: The root user and the owning group are mapped to anonymous users or groups of users (default setting);
• No_root_squash: Reverse with Rootsquash;
• ANONUID=XXX: Maps All remote access users to anonymous users and specifies that the user is a local user (uid=xxx);
• ANONGID=XXX: Maps All remote Access user groups to anonymous user group accounts and specifies that the anonymous user group account is a local user group account (GID=XXX);

Other options

• Secure: Restrict clients from connecting to Server for NFS (default setting) only from TCP/IP ports less than 1024;
• Insecure: Allow clients to connect to the server from TCP/IP ports greater than 1024;
• Sync: It is inefficient to write data synchronously to memory buffer and disk, but it can guarantee the consistency of data;
• Async: Save the data in the memory buffer first, and write to disk if necessary;
• Wdelay: Check if there is a related write operation, if any, then perform these writes together, which can improve the efficiency (default setting);
• No_wdelay: If a write operation is performed immediately, it should be used in conjunction with sync;
• Subtree: If the output directory is a subdirectory, the NFS server will check the permissions of its parent directory (default setting);
• No_subtree: Even if the output directory is a subdirectory, the NFS server does not check the permissions of its parent directory, which can improve efficiency;

3. NFS Boot

1). If we set/share as the shared directory, because other users need permission to access, you need to modify the directory and its subdirectories file read and Write permissions; command: Chmod-r o=rw-/share

2). Start the service

First you need to start the relevant service Rpcbind, command: Systemctl start Rpcbind.service (start), systemctl enable Rpcbind.service (set to boot)

Then start NFS, command: Systemctl start Nfs-server.service (start), Systemctl enable Nfs-server.service (set to boot)

Confirm NFS Boot success, command: Rpcinfo,exportfs (with output, for example:/share 192.168.31.0/24)

View service information, command: Showmount-e #默认查看自己共享的服务, the premise is to DNS to resolve their own, otherwise prone to error; Showmount-a #显示已经与客户端连接上的目录信息

3). Client Configuration

The client installs the NFS service in the same way and starts without modifying the exports configuration file, but needs to mount the host's shared directory in its own default-accessed HTML

Command: Mount 192.168.47.133:/share/usr/nginx/html (green font depends on your machine's settings)

4). Next, you can verify the results in the browser

5). NGINX+NFS Shared cluster configuration

Resources

1. Http://baike.baidu.com/link?url=Rx4o-b2mkZxEiom-QWgVUlKwZRdeECcaXeAh2PKj0SllpFqwtY6yVc7SQNGqEXUC51pbA03HJLH_PhLEocmnP_

2. http://www.cnblogs.com/shengshuai/archive/2013/01/11/2856339.html

3. http://blog.csdn.net/lsm135/article/details/51863276

4. http://blog.csdn.net/finded/article/details/51889914

5. http://nginx.org/en/docs/http/load_balancing.html

6. http://www.cnblogs.com/langtianya/p/5242653.html

7. Http://www.cnblogs.com/linhaifeng/articles/6045600.html#_label19

Linux Basics Command Practice DAY7-NGINX,NFS