Second, Nginx module optimization and process management

Blog:http://lijinhuan.blog.51cto.com/

Weibo:http://weibo.com/lijinhuanexperience

Code: Https://github.com/lijinhuan

First, module management

1, Nginx is a modular structure, but it is not the same as Apache, its modules can not be dynamically loaded or unloaded.

It is a static module system, if you want to uninstall or install a new module, you must recompile the specified

2, compile time./configure--help View all modules;--without--xx means default installation,--WITH--XX optional installation

Select Module installation method, specify can,./configure--with-http_stub_status_module--with-http_ssl_module--with-http_gzip_static_module-- With-ipv6

3, using the third-party module, using--add-module to specify

such as:--add-module=. /ngx_lua-0.9.12--add-module=. /ngx_lua_upstream-0.02

II. Process Management

1, Nginx is divided into master and single two modes of operation; As the name implies, it is a one-process operation, and Master is a master process plus n

Worker process in a way. Single mode poor fault tolerance, production environment can not be used, generally run with master mode

2, master process can only have one, mainly responsible for the global initialization and management worker process. Master can handle many signals, such as winch, and gracefully close

Worker process, Hup reload configuration, etc.

3, if you have more than one CPU, can be set in the worker_processes and CPU core number consistent, but generally can be set less one, because the system itself also needs CPU processing

4. System optimization for Nginx

(1) to close unnecessary services

(2) Optimize the Write disk operation: Nginx after each access to a file, the modification time of the file will be modified, high concurrency, the disk has a large impact

This feature needs to be turned off, such as:/dev/sdb1/data/ext3 defaults 0 0

(3) Resource restriction optimization: ULIMIT-A view

Pending signals (-i) 7894

Max locked Memory (Kbytes, L) 64

Open files (-N) 1024

Pipe Size (bytes,-p) 8

POSIX message queues (bytes,-Q) 819200

Real-time priority (-R) 0

Stack size (Kbytes,-s) 8192

MAX User Processes (-u) 7894

Mostly open files and max user processes parameters, 1024 and 7891 are not enough in high concurrency systems.

can modify cat/etc/security/limits.conf

such as: # End of File

*-Nofile 512000

(4) Optimize kernel TCP options:

/etc/sysctl.conf is an interface that allows you to change a running Linux system. It contains advanced options for the TCP/IP stack and virtual memory system, which can be used to control the Linux network configuration, because the/proc/sys/net directory content is temporary, it is recommended to add the TCPIP parameter modification to the/etc/sysctl.conf file, and then save the file, Use the command "/sbin/sysctl–p" to make it effective immediately.

#为0, which indicates that packet forwarding is prohibited, and 1 indicates that it allows

Net.ipv4.ip_forward = 0

#开启IP源地址验证, prevent IP address spoofing, in any case should be turned on, default off

Net.ipv4.conf.default.rp_filter = 1

# Disable ICMP source routing option

Net.ipv4.conf.default.accept_source_route = 0

#使用sysrq组合键是了解系统目前运行情况, set to 0 off for security reasons

KERNEL.SYSRQ = 0

#控制core文件的文件名是否添加pid作为扩展

Kernel.core_uses_pid = 1

#表示开启SYN Cookies. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;

Net.ipv4.tcp_syncookies = 1

#即队列存放消息的总字节数.

KERNEL.MSGMNB = 65536

#即一个消息的字节大小. The current expansion value is 8k, the platform one transaction message is 4 bytes, does not exceed the limit.

Kernel.msgmax = 65536

#指的是单个共享内存段的最大尺寸,

Kernel.shmmax = 68719476736

#所有内存大小

Kernel.shmall = 4294967296

Net.ipv4.tcp_max_syn_backlog = 4096

Net.ipv4.tcp_fin_timeout = 15

Net.ipv4.tcp_keepalive_time = 1800

Net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

Net.ipv4.tcp_retrans_collapse = 0

vm.swappiness = 1

Net.ipv4.tcp_rmem = 4096 87380 524288

Net.core.rmem_max = 1048576

Net.ipv4.tcp_wmem = 4096 65536 524288

Net.core.wmem_max = 1048576

Net.core.somaxconn = 10240

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.ip_local_port_range = 1025 65000

Net.ipv4.tcp_max_tw_buckets = 8192

Net.ipv4.tcp_timestamps = 0

Vm.oom_kill_allocating_task = 0

Vm.overcommit_memory = 0

5, Nginx Server optimization

(1) Close the access log as much as possible

(2) using Epoll

(3) Configuration optimization reference: http://down.chinaz.com/server/201202/1615_1.htm

Second, Nginx module optimization and process management