1. Basic installation
Official site http://nginx.net/
Wiki: http://wiki.codemongers.com/Main
Module usage http://wiki.codemongers.com/NginxModules
Compile the parameter:./configure-user = www-group = www-with-http_stub_status_module-with-http_flv_module-add-module =./nginx_mp4_streaming_public-Prefix =/blog.zhangjianfeng.com/app/nginx-0.7.27
2. Configuration
++ Nginx redirect
Server
{
Listen 80;
SERVER_NAME linuxtone.org abc.linuxtone.org;
Index index.html index. php;
Root/data/www/wwwroot;
If ($ http_host !~ "^ Www/. linxtone/. org $ "){
Rewrite ^ (. *) http://www.linuxtone.org $1 redirect;
}
........................
}
++ Automatically adds a slash to the directory to ensure that the IE browser does not recognize the Directory
If (-d $ request_filename ){
Rewrite ^/(. *) ([^/]) $ http: // $ host/$1 $2/permanent;
}
++ Nginx anti-leech
# Preventing hot linking of images and other file types
Location ~ * ^. +/. (GIF | JPG | PNG | SWF | FLV | RAR | zip) $ {
Valid_referers none blocked server_names * .linuxtone.org http: // localhost Baidu.com;
If ($ invalid_referer ){
Rewrite ^/http://www.linuxtone.org/images/default/logo.gif;
# Return 403;
}
}
++ Nginx expires
Method 1: expires
# Add Expires header for static content
Location ~ */. (JS | CSS | JPG | JPEG | GIF | PNG | SWF) $ {
If (-F $ request_filename ){
Root/data/www/wwwroot/BBS;
Expires 1D;
Break;
}
Method 2: determine a directory
# Serve static files
Location ~ ^/(Images | JavaScript | JS | CSS | flash | media | static )/{
Root/data/www/wwwroot/down;
Expires 30d;
}
++ Nginx Access Control
#/Usr/local/apache2/bin/htpasswd-C/usr/local/nginx/CONF/htpasswd/Tongji linuxtone create a user
Location ~ ^/(Tongji )/{
Root/data/www/wwwroot/count;
Auth_basic "LT-count-Tongji ";
Auth_basic_user_file/usr/local/nginx/CONF/htpasswd/Tongji;
}
++ Nginx prohibits access to a certain type of files.
Method 1:
Location ~ */. (Txt | DOC) $ {
If (-F $ request_filename ){
Root/data/www/wwwroot/linuxtone/test;
Break;
}
}
Method 2
Location ~ */. (Txt | DOC) $ {
Root/data/www/wwwroot/linuxtone/test;
Deny all;
}
}
++ Prohibit access to a directory
Location ~ ^/(WEB-INF )/{
Deny all;
}
++ Use ngx_http_access_module to restrict IP Access
Location /{
Deny 192.168.1.1;
Allow 192.168.1.0/24;
Allow 10.1.1.0/16;
Deny all;
}
See wiki: http://wiki.codemongers.com/NginxHttpAccessModule#allow
++ Limits the concurrency and speed of nginx downloads
Limit_zone one $ binary_remote_addr 10 m;
Server
{
Listen 80;
SERVER_NAME down.linuxotne.org;
Index index.html index.htm index. php;
Root/data/www/wwwroot/down;
# Zone limit
Location /{
Limit_conn one 1;
Limit_rate 20 K;
}
..........
}
++ Nginx implements the same directory list as Apache
Location /{
Autoindex on;
}
++ How does nginx not record parts?Logs
Location ~ . */. (JS | JPG | JPEG | CSS | BMP | GIF) $
{
Access_log off;
}
++ VM Configuration
HTTP {
Server {
Listen 80;
SERVER_NAME www.domain1.com;
Access_log logs/domain1.access. Log main;
Location /{
Index index.html;
Root/var/www/domain1.com/htdocs;
}
}
Server {
Listen 80;
SERVER_NAME www.domain2.com;
Access_log logs/domain2.access. Log main;
Location /{
Index index.html;
Root/var/www/domain2.com/htdocs;
}
}
}
3. nginx log processing
# Contab-e
59 23 ***/usr/local/sbin/logcron. sh/dev/null 2> & 1
# Cat/usr/local/sbin/logcron. Sh
#! /Bin/bash
Log_dir = "/data/logs"
Time = 'date + % Y % m % d'
/Bin/mv $ {log_dir}/access_linuxtone.org.log $ {log_dir}/access_count.linuxtone.org. $ time. Log
Kill-usr1 'cat/var/run/nginx. Pi'
++ How does nginx not record partial logs?
Location ~ . */. (JS | JPG | JPEG | CSS | BMP | GIF) $
{
Access_log off;
}
4. nginx cache service configuration
To Cache the file locally, add the following sub-parameters:
Proxy_store on;
Proxy_store_access User: RW group: RW all: RW;
Proxy_temp_path cache directory; where,
Proxy_store on is used to enable the local cache function,
Proxy_temp_path is used to specify the directory in which the cache is stored, for example, proxy_temp_path HTML;
# After configuration in the previous step, although the file is cached on the local disk, the file will still be pulled from the remote end in each request. To avoid pulling the file from the remote end, you must modify proxy_pass: code:
If (! -E $ request_filename ){
Proxy_pass http: // mysvr;
}
# It is changed to conditional execution of proxy_pass. This condition is that when the requested file does not exist in the directory specified by the local proxy_temp_path, It is pulled to the backend.
5. nginx Load Balancing
1. Basic nginx knowledge
Currently, nginx upstream supports four allocation methods.
1) Round Robin (default)
Each request is distributed to different backend servers one by one in chronological order. If the backend servers are down, they can be removed automatically.
2) Weight
Specify the round-robin probability. weight is proportional to the access ratio, which is used when the backend server performance is uneven.
2) ip_hash
Each request is allocated according to the hash result of the access IP address, so that each visitor accesses a backend server at a fixed time, which can solve the session problem.
3) Fair (third party)
Requests are allocated based on the response time of the backend server. Requests with short response time are prioritized.
4), url_hash (third-party)
Nginx Load Balancing
Instance 1 code:
Upstream bbs.linuxtone.org {# define the IP address and device status of the Server Load balancer Device
Server 127.0.0.1: 9090 down;
Server 127.0.0.1: 8080 Weight = 2;
Server 127.0.0.1: 6060;
Server 127.0.0.1: 7070 backup;
}
Add the following code to the server that needs to use Server Load balancer:
Proxy_pass http://bbs.linuxtone.org /;
The status of each device is set to: code:
1. Down indicates that the server before a ticket is not involved in the load
2. The default weight value is 1. The larger the weight value, the larger the load weight.
3. max_fails: the default number of failed requests is 1. If the maximum number of failed requests is exceeded, an error defined by the proxy_next_upstream module is returned.
4. fail_timeout: The pause time after max_fails fails.
5. Backup:OthersWhen all non-Backup machines are down or busy, request the backup machine. Therefore, this machine is under the least pressure. Nginx supports setting multiple groups of Server Load balancer instances for unused servers.
Client_body_in_file_only is set to on. You can use the client post data record in the file for debugging.
Client_body_temp_path: Set the directory of the record file to a maximum of three levels.
Location matches the URL. You can perform redirection or perform new proxy load balancing.
++ Nginx Server Load balancer instance 2
Requests are allocated based on the hash result of the access URL so that each URL is directed to the same backend server. The backend server is effective when caching and can be used to increase the Squid cache hit rate.
Simple Load Balancing instance:
# Vi nginx. conf // core configuration code of the nginx main configuration file:
..........
# Loadblance my.linuxtone.org
Upstream my.linuxtone.org {
Ip_hash;
Server 127.0.0.1: 8080;
Server 192.168.169.136: 8080;
Server 219.101.75.138: 8080;
Server 192.168.169.117;
Server 192.168.169.118;
Server 192.168.169.119;
}
..............
Include vhosts/linuxtone_lb.conf;
.........
# Vi proxy. conf
Proxy_redirect off;
Proxy_set_header host $ host;
Proxy_set_header X-real-IP $ remote_addr;
Proxy_set_header X-forwarded-for $ proxy_add_x_forwarded_for;
Client_max_body_size 50 m;
Client_body_buffer_size 256 K;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 60;
Proxy_buffer_size 4 K;
Proxy_buffers 4 32 K;
Proxy_busy_buffers_size 64 K;
Proxy_temp_file_write_size 64 K;
Proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
Proxy_max_temp_file_size 128 m;
Proxy_store on;
Proxy_store_access User: RW group: RW all: R;
# Nginx Cache
Client_body_temp_path/data/nginx_cache/client_body 1 2;
Proxy_temp_path/data/nginx_cache/proxy_temp 1 2; # vi linuxtone_lb.conf
Server
{
Listen 80;
SERVER_NAME my.linuxtone.org;
Index index. php;
Root/data/www/wwwroot/mylinuxtone;
If (-F $ request_filename ){
Break;
}
If (-F $ request_filename/index. php ){
Rewrite (. *) $1/index. php break;
}
Error_page 403 http://my.linuxtone.org/member.php? M = user & A = login;
Location /{
If (! -E $ request_filename ){
Proxy_pass http://my.linuxtone.org;
Break;
}
Include/usr/local/nginx/CONF/Proxy. conf;
}
}
6. nginx Optimization
1). Reduce the size of nginx compiled files (reduce file size of nginx)
The default nginx compilation option uses the debug mode (-g) (many tracing and assert will be inserted in the debug mode). After compilation, an nginx has several megabytes. Remove nginx debug mode compilation, with only several hundred kb after compilation
In auto/CC/GCC, the last few lines are:
# Debug
Cflags = "$ cflags-g"
Comment out or delete these lines and recompile them.
2) modify the nginx header to disguise the server
Code:
# Vi src/CORE/nginx. h
# Ifndef _ nginx_h_included _
# DEFINE _ nginx_h_included _
# Define nginx_version 1.3 ″
# Define nginx_ver "ltws/" nginx_version
# Define nginx_var "nginx"
# Define ngx_oldpid_ext ". oldbin"
# Endif/* _ nginx_h_included _*/
# Curl-I my.linuxtone.org
HTTP/1.1 200 OK
Server: ltws/1.3
Date: Mon, 24 Nov 2008 02:42:51 GMT
Content-Type: text/html; charset = GBK
Transfer-encoding: chunked
Connection: keep-alive
7. Simple Control script of the nagdeskservice
See attachment. nagixd
Other Instructions
++ Nginx Parameters
-C specifies a configuration file for nginx to replace the default one.
-T does not run, but only tests the configuration file. Nginx checks the syntax of the configuration file and tries to open the file referenced in the configuration file.
-V displays the nginx version.
-V displays the nginx version, compiler version, and configuration parameters.
++ Nginx location
Basic syntax
Location [= | ~ | ~ * | ^ ~] /Uri /{... }
= Strict match. If the query matches, the search is stopped and the request is processed immediately.
~ Case-sensitive matching
~ * Case-insensitive match
!~ And !~ * Case-insensitive and case-insensitive
^ ~ If this prefix is used for a regular string, it indicates that if the path matches, the regular expression is not tested.
Example:
Location =/{# Only matches/queries.
Location/{# match any query because all requests start. However, regular expression rules and long block rules are preferentially matched with queries.
Location ^ ~ /Images/{# match any queries starting with/images/and stop searching. No regular expression will be tested.
Location ~ */. (GIF | JPG | JPEG) $ {# match any request that has ended with GIF, JPG, or JPEG.
++ File and directory matching
*-F and! -F is used to determine whether a file exists.
*-D and! -D is used to determine whether a directory exists.
*-E and! -E is used to determine whether a file or directory exists.
*-X and! -X is used to determine whether a file is executable.
++ Some available global variables
$ ARGs
$ Content_length
$ Content_type
$ Document_root
$ Document_uri
$ Host
$ Http_user_agent
$ Http_cookie
$ Limit_rate
$ Request_body_file
$ Request_method
$ Remote_addr
$ Remote_port
$ Remote_user
$ Request_filename
$ Request_uri
$ QUERY_STRING
$ Scheme
$ Server_protocol
$ Server_addr
$ SERVER_NAME
$ Server_port
$ URI
From http://www.tzsy.cn/blog/146/viewspace-46581.html