Nginx Anti-Desu detailed tutorial: accelerating website Google, Gravatar and Hostloc

VPS Tutorial»nginx Anti-Desu detailed tutorials: accelerating websites for Google, Gravatar and Hostloc

Nginx Anti-Desu detailed tutorial: accelerating website Google, Gravatar and HostlocDecember 31st,•Edit•Visit: 672 times

Nginx This lightweight, high-performance Web server can do two things:

1, directly as HTTP server (need fastcgi);
2, as an anti-generation server (further can achieve a balanced load).

Here the main use of anti-function to facilitate the daily life. Choose Gravatar when the example is because I found my move gravatar the entire station wall, and Hostloc is also mobile access difficulties.

#update2016.01.11: Anti-generational Google want to lazy can use my one-click Package

One, Nginx anti-Desu detailed tutorial: Nginx Installation and basic operation

1, you can use a key package installation, the most fire should be the military brother of a key pack it (http://lnmp.org), but if the use of a key package does not pack the following two third-party modules, want to add a third-party module can refer to the following tutorial compiled a Nginx replacement, as for the original Nginx parameters can be viewed by the command nginx -V .

2, I choose to manually install, after all, I only need nginx, but also can not be used for the convenience of military elder brother compiled into the module.
My VPS is not bound to V6 IP address, V6 module I also saved, there are 1.9.5 The following version do not add --with-ngx_http_v2_module This parameter, no this module will cause configure failure.

 wget http://nginx.org/download/nginx-1.8.0.tar.gz #可以根据你的喜好选择版本号git clone https:/ /github.com/yaoweibin/ngx_http_substitutions_filter_modulegit Clone https://github.com/FRiCKLE/ngx_cache_ Purgetar xzf nginx-1.8.0.tar.gzcd nginx-1.8.0./configure--prefix=/usr/local/nginx \ #nginx安装位置--conf-path=/usr/ local/nginx/conf/nginx.conf \ #nginx配置文件路径--user=www--group=www--error-log-path=/var/log/nginx/error.log-- Http-log-path=/var/log/nginx/access.log \ #日志路径--pid-path=/var/run/nginx/nginx.pid--lock-path=/var/lock/ Nginx.lock--with-http_ssl_module--with-http_stub_status_module--with-http_gzip_static_module-- Http-client-body-temp-path=/var/tmp/nginx/client--http-proxy-temp-path=/var/tmp/nginx/proxy-- http-fastcgi-temp-path=/var/tmp/nginx/fastcgi--add-module=/root/ngx_http_substitutions_filter_module \ # Text Replacement module--add-module=/root/ngx_cache_purge #缓存模块make &&make install  

3. If you encounter a./configure:error:the HTTP rewrite module requires the PCRE library in the execution of the above command. Error prompt.

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gztar xzf prce-8.37.tar.gzcd prce-8.37./configuremake&&make install

In fact, when compiling all kinds of wonderful situation have, do not understand Baidu. But it seems that Baidu is more spicy chicken! Spicy Chicken! Spicy Chicken!
4, add Users and user groups (as if there is no problem, the estimated installation of Nginx will follow the configuration parameters added bar).

/usr/sbin/groupadd -f www/usr/sbin/useradd -g www www

5, modify the Nginx configuration file (can be omitted), it is necessary to note that the Nginx configuration file installed from the source in the/etc/nginx
Add the following to the HTTP layer of nginx.conf:

proxy_connect_timeout    5;proxy_read_timeout       60;proxy_send_timeout       5;proxy_buffer_size        16k;proxy_buffers            4 64k;proxy_busy_buffers_size 128k;proxy_temp_file_write_size 128k;proxy_temp_path   /home/cache/temp;#临时文件目录proxy_cache_path  /home/cache/path levels=1:2 keys_zone=cache_one:5m inactive=7d max_size=1g;#5m为内存占用，1g为最大硬盘占用，cache_one为缓存区名字，如果修改则下文的配置亦要相应修改。include vhost/*.conf;#导入conf目录中vhost目录里的所有以conf为后缀的文件，这样我们可以把虚拟主机的配置文件分散到单独文件中，方便修改

Yes, do not forget to create a new directory, or when you start Nginx will indicate that the directory does not exist

mkdir /home/cache/path -pmkdir /home/cache/tempchmod 777 -R /home/cache

6. You can run Nginx at this time.

/usr/local/nginx/sbin/nginx

7, each time after the modification of the configuration file to check whether there is a mistake.

/usr/local/nginx/sbin/nginx -t

8. Hot Reload (no interruption of service).

/usr/local/nginx/sbin/nginx -s reload

Second, Nginx anti-Desu detailed tutorial: Nginx Basic Reverse proxy

1, nginx.conf inside there is such a sentence include conf.d/*.conf , but a key pack more, I used to put in vhost inside, I basically will change into include vhost/*.conf .
2, directly to the Vhost directory to create a new conf file, the following is a basic example of a configuration file.

server{listen 80;server_name g.32.pm;#server_name是你绑定的域名location /avatar {#生效的uri，例如我这里是//g.32.pm/avatar反代https://secure.gravatar.com/avatarproxy_pass https://secure.gravatar.com/avatar;#你需要反代的网站}}

3, anti-generation Gravatar avatar copy above can be.

4, anti-Google a little special, proxy_pass change to Google also not, but also to set the header, but there is a problem: With more people may be Google as a robot can be judged by the verification code, this time you can use the upstream solution. Add the upstream code to the HTTP layer. As for how to find Google's IP, ask Google to go.

upstream google.com {server 223.255.227.156:80 max_fails=3;server 223.255.227.157:80 max_fails=3;server 223.255.227.158:80 max_fails=3;server 223.255.227.159:80 max_fails=3;}server {listen 80;server_name g.32.pm;location / {proxy_pass http://www.google.com;proxy_set_header Host www.google.com;proxy_set_header User-Agent $http_user_agent;proxy_set_header Referer http://www.google.com;}}

5. As for the last example, the Global Host Exchange Forum (HOSTLOC) mentioned in the title is the same as above.

Three, Nginx anti-Desu Detailed tutorial: Reverse proxy optimization

1, most people gravatar will not be constantly modified, but the above configuration is every access through the VPS to access a Gravatar source station, so the efficiency is obviously insufficient, this time reflects the role of the cache.

Add the Cache setting to the HTTP layer first: refer here

server{listen 80;server_name g.32.pm;location / {proxy_pass https://secure.gravatar.com/;#告诉后端你的真实IPproxy_cache cache_one;#cache空间名字proxy_cache_valid  200 304 3d;proxy_cache_key $host$uri$is_args$args;expires 10d;#网上照抄的缓存设定}}

2, often login to various DZ forum is sure to know that DZ login will prompt you login IP changes, if you are directly according to the above basic configuration anti-generation, no matter who through your anti-generation access to Hostloc, will prompt IP into your VPS IP, how to tell the backend server your IP it, Nginx happens to have this parameter passed IP. It is recommended that the reverse generation be added .

server{listen 80;server_name 不能告诉你;location / {proxy_pass http://www.hostloc.com/;proxy_set_header    X-Real-IP       $remote_addr;proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;#告诉后端你的真实IP}}

3, add SSL function, SSL encrypted communication can reduce the possibility of illegal anti-generation (such as Google Mirror) by the wall.

 server {listen 443;server_name g.32.pm;if ($host = ' www.g.32.pm ') {rewrite ^/(. *) $ https://g.32.pm$1 permanent; #统一www域名到不带www域名}ssl_certificate/root/ssl/crt.crt;ssl_certificate_key/root/ssl/ Crt.key;ssl_protocols TLSv1 TLSv1.1 tlsv1.2;ssl_ciphers ecdhe-rsa-aes256-gcm-sha384:ecdhe-rsa-aes128-gcm-sha256: Ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha256:ecdhe-rsa-rc4-sha:ecdhe-rsa-aes256-sha:dhe-rsa-aes256-sha:d he-rsa-aes128-sha:rc4-sha:!anull:!enull:! export:! des:!3des:! md5:! Dss:! Pks;ssl_prefer_server_ciphers on;ssl_session_cache shared:ssl:10m;ssl_session_timeout 5m; #网上照抄的SSL参数location/{ Proxy_redirect off;proxy_pass https://www.google.com/;p roxy_set_header Host www.google.com;proxy_set_header User-agent $http _user_agent;proxy_set_header Referer http://www.google.com;proxy_set_header x-real-ip $remote _addr; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;proxy_set_header x-forwarded-proto HTTPS;}}  

4, use Subs_filter to optimize the request.
This is after you visit your Google image will also have direct access to the google.com request, you can use the F12 in the network section or fiddle view, here is not elaborated, the tutorial Baidu has.
If you follow the above tutorial, then the horse Subs_filter module must be installed, the direct transmission of the turn back to see.
Add a filter statement to the location layer

server {location / {proxy_set_header Accept-Encoding "";#关闭Gzip是subs_filter能正常工作proxy_pass https://www.google.com/;subs_filter www.google.com g.32.pm;}}

Subs_filter detailed usage here: https://github.com/yaoweibin/ngx_http_substitutions_filter_module

At last

I am anxious someone asked me you know which several app server program, then I answered Tomcat and Nginx, but I was told that Nginx is a proxy server, now contact more, I understand

This article was created by Ryan and licensed by the Creative Commons Attribution 4.0 International license.
Original link: https://blog.iplayloli.com/nginx-reserve-proxy-google-gravatar.html

Nginx Anti-Desu detailed tutorial: accelerating website Google, Gravatar and Hostloc