Nginx configuration and Linux system memory high concurrency optimization __java

Original address: http://blog.csdn.net/qq_23598037/article/details/79505398 optimization of Nginx

1.    gzip compression Optimization
2. The    expires cache is still
3.    Network IO Event model optimization
4.    hide the software name and version number
5.    anti-theft chain Optimization
6.    prohibit malicious domain name resolution
7.    prohibit access to Web sites by IP address
8.    HTTP request method optimization
9.    anti-dos attack single IP concurrent connection control, and connection rate control
.    Strictly set permissions on the Web site Directory one by one
.    Run the Nginx process and the site in prison mode
.    Through the robot protocol and Http_user_agent Crawler optimization
.    The configuration error page specifies the page feedback to the user based on the error code
.    Nginx log-related optimization Access log cutting polling, do not record the specified element log, minimize log directory permissions
.    Restrictions uploaded to the Resource directory program is accessed to prevent Trojan intrusion system damage file
.    FastCGI parameter buffer and cache configuration file optimization
.    Optimization of php.ini and php-fpm.conf configuration files
.    Deep optimizations for the Linux kernel aspects of Web services (network connectivity, IO, memory, and so on)
.    Nginx Encryption Transfer Optimization (SSL)
.    Web server disk mount and network File system optimization
.    Using Nginx Cache

1. Basic Security Optimization 1.1 Hidden version information

In general, software vulnerabilities are related to versioning, so we want to hide or eliminate the various sensitive information that Web services display to access users.

1 [root@db01 rpm]# curl-i 10.0.0.8
 2 http/1.1 401 Unauthorized
 3 Server:nginx                #隐藏版 This number
 4 Date:thu, June 2016 03:23:38 GMT
 5 content-type:text/html
 6 content-length:188
 7 Connection:kee P-alive
 8 www-authenticate:basic realm= "Oldboy Training"
 9 process:
vim/application/nginx/conf/nginx.conf
11 Add under HTTP Module:
server_tokens off;
13/application/nginx/sbin/nginx-t
14/application/nginx/sbin/nginx-s Reload

1.2 Hide Nginx To modify the source code

To modify the path of the content:

First path:

1/home/oldboy/tools/nginx-1.6.3/src/core/nginx.h 14th, 16 lines
2 #define nginx_version  "1.6.2" modified to the desired version number such as 2.4.3
3 #define Nginx_ver "nginx/" nginx_version changes NGINX to the name of the software you want to modify, such as Apache.

Second path

1/home/oldboy/tools/nginx-1.6.3/src/http/ngx_http_header_filter_module.c 49th Line
2 grep ' Server:nginx ' ngx_http_ Header_filter_module.cstatic
3 sed-i ' s#server:nginx#server:apache#g ' ngx_http_header_filter_module.c

Third Path

/HOME/OLDBOY/TOOLS/NGINX-1.6.3/SRC/HTTP/NGX_HTTP_SPECIAL_RESPONSE.C 21st, 30 line
"
 
Then recompile 1.3 Change the default user for the Nginx service

The first method:

Change the configuration file Nginx.conf.default parameter directly, the default #user nobody, and change to user Nginx.nginx;

The second method:

Specify user and user group commands directly when compiling Nginx:

./configure--prefix=/application/nginx-1.6.3--user=nginx--group=nginx--with-http_ssl_module--with-http_stub_ Status_module 1.4 Down right start nginx

1 Useradd Inca
2 cd/home/inca/
3 mkdir conf logs www
4 echo inca >www/index.html
5 chown-r Inca.inca *
6 ln-s/application/nginx/conf/mime.types conf/mime.types  #mime. Types Media Type File
 
Egrep-v "#|^$"/application/nginx/conf/nginx.conf.default >conf/nginx.conf

nginx.conf configuration file

Worker_processes  1;
Error_log  /home/inca/logs/error.log;
Pid/home/inca/logs/nginx.pid;
Events {
    worker_connections  1024;
}
HTTP {
    include       mime.types;
    Log_format  main  ' $remote _addr-$remote _user [$time _local] "$request" "
                                 $status $body _bytes_sent" $ "Http_referer" "
                                 $http _user_agent" "$http _x_forwarded_for";
    Default_type  Application/octet-stream;
    Sendfile on        ;
    Keepalive_timeout  ;
    server {
        listen       8080;
        server_name  localhost;
        Location/{
            root   /home/inca/www;
            Index  index.html index.htm;
            }
            Access_log/home/inca/logs/access.log main;
}
 
Su-inca-c "/application/nginx/sbin/nginx-c/home/inca/conf/nginx.conf" #启动nginx服务

Emphasis is placed on:

The relevant paths in the 1.nginx.conf are to be changed

2. Common user's port question 2, according to the parameter optimization Nginx service ability 2.1 optimizes Nginx process number the strategy

In a highly concurrent, highly accessed Web service scenario, more nginx processes need to be started in advance to ensure rapid response and processing of a large number of concurrent user requests.

Worker_processes 1; typically adjusted to the same number as the CPU (for example, 2 four cores with 8 CPUs)

(1) View Linux to see the number of CPUs and the total number of cores

grep processor/proc/cpuinfo|wc-l
 
(2) View the total number of CPUs

grep ' physical ID '/proc/cpuinfo|sort|uniq|wc-l
 
(3) All CPU cores can be displayed by executing the top command and then by the number 1

Top Press the 1 key to display the first message

Cpu0  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0% Si,  0.0
 
2.2 Optimizing binding of different nginx processes to different CPUs 
     By default, Nginx processes run on one core of a CPU or CPU, causing nginx processes to use hardware with uneven resources, and this section is optimized for different nginx processes to handle different CPUs, Fully and effectively utilize the effective hardware resources