Linux系统环境
[root@nginx01 ~]# cat /etc/redhat-release #==》系统版本
CentOS release 6.7 (Final)
[root@nginx01 ~]# uname –r #==》内核版本
2.6.32-573.el6.x86_64
[root@nginx01 ~]# uname -m #==》系统架构
x86_64
[root@nginx01 ~]# echo $LANG #==》系统字符集
en_US.UTF-8
[root@nginx01 conf]# /application/nginx/sbin/nginx –v #==》Nginx版本
nginx version: nginx/1.16.0
一、简化server { } 标签,优化Nginx.conf主配置文件
[root@nginx01 nginx]# pwd
[root@nginx01 nginx]# mkdir extras
#==》创建一个目录统一存放server标签配置文件的目录
[root@nginx01 nginx]# vim /application/nginx/extras/testwebsiet01.conf
server {
listen 80;
server_name www.testwebsite.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /www/50x.html;
location = /www/50x.html {
root html;
}
access_log /var/log/www.testwebsite_access.log main;
}
}
[root@nginx01 conf]# vim /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /application/nginx/extras/testwebsite01.conf;
}
[root@nginx01 conf]# /application/nginx/sbin/nginx –t #==》检查Nginx语法
nginx: the configuration file /application/nginx1.6.2/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx1.6.2/conf/nginx.conf test is successful
[root@nginx01 conf]# /application/nginx/sbin/nginx -s reload #==》平滑重启Nginx
二、隐藏Nginx header内版本号信息
[root@nginx01 ~]# curl -I 10.0.0.8
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Fri, 12 Jul 2019 07:46:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 09 Jul 2019 06:14:36 GMT
Connection: keep-alive
ETag: "5d2430cc-264"
Accept-Ranges: bytes
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
#==》只要在HTTP{}标签里添加以下标红色字体的字符串
http {
server_tokens off;
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/http/ngx_http_core_module.html](http://nginx.org/en/docs/http/ngx_http_core_module.html)
Syntax:*server_tokens on | off | build | string;
Default: server_tokens on;
Context:http, server, location
Enables or disables emitting nginx version on error pages and in the “Server” response header field.
The build parameter (1.11.10) enables emitting a build name along with nginx version.
Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.
[root@nginx01 ~]# curl -I 10.0.0.8
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jul 2019 08:56:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 09 Jul 2019 06:14:36 GMT
Connection: keep-alive
ETag: "5d2430cc-264"
Accept-Ranges: bytes
三、更改nginx默认用户及用户组nobody
[root@nginx01 ~]# grep "#user" /application/nginx/conf/nginx.conf
#user nobody;
#==》创建nginx用户不能登录也没有家目录
[root@nginx01 ~]# useradd -s /sbin/nologin -M nginx
[root@nginx01 ~]# grep nginx /etc/passwd
nginx:x:501:501::/home/nginx:/sbin/nologin
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
#user nobody;
修改为
user nginx nginx;
[root@nginx01 ~]# grep "user nginx nginx" /application/nginx/conf/nginx.conf
user nginx nginx;
[root@nginx01 ~]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx1.6.2/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx1.6.2/conf/nginx.conf test is successful
[root@nginx01 ~]# /application/nginx/sbin/nginx -s reload
#==》Nginx主进程依然是root执行,需要使用特殊的方法处理
[root@nginx01 ~]# ps -ef | grep nginx
nginx 70250 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70251 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70252 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70253 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70254 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70255 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70256 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70257 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70258 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70259 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70260 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70261 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70262 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70263 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70264 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
nginx 70265 70249 0 Jul11 ? 00:00:00 php-fpm: pool www
root 76200 1 0 17:02 ? 00:00:00 nginx: master process /application/nginx/sbin/nginx
nginx 76220 76200 0 17:09 ? 00:00:00 nginx: worker process
nginx 76221 76200 0 17:09 ? 00:00:00 nginx: worker process
root 76223 76158 0 17:09 pts/0 00:00:00 grep nginx
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax: user user [group];
Default:user nobody nobody;
Context:main
Defines user and group credentials used by worker processes. If group is omitted, a group whose name equals that of user is used.
四、配置worker_processes进程个数
提示:worker_processes参数可以设置等同于cpu的个数(路数)或核数
#==》查看CPU的个数和核数
[root@nginx01 ~]# grep "physical id" /proc/cpuinfo
physical id : 0
physical id : 0
[root@nginx01 ~]# grep "worker_processes" /application/nginx/conf/nginx.conf
worker_processes 1;
[root@nginx01 ~]# ps -ef | grep -v grep | grep "worker process"
nginx 76231 76200 0 17:25 ? 00:00:00 nginx: worker process
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
worker_processes 1;
修改为
worker_processes 2;
[root@nginx01 ~]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx1.6.2/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx1.6.2/conf/nginx.conf test is successful
[root@nginx01 ~]# /application/nginx/sbin/nginx -s reload
[root@nginx01 ~]# ps -ef | grep -v grep | grep "worker process"
nginx 76243 76200 0 17:27 ? 00:00:00 nginx: worker process
nginx 76244 76200 0 17:27 ? 00:00:00 nginx: worker process
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax:worker_processes number | auto;
Default: worker_processes 1;
Context:main
Defines the number of worker processes.
The optimal value depends on many factors including (but not limited to) the number of CPU cores, the number of hard disk drives that store data, and load pattern. When one is in doubt, setting it to the number of available CPU cores would be a good start (the value “auto” will try to autodetect it).
五、配置每个worker_processes允许客户端最大连接数
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
events {
worker_connections 4096;
worker_connections也是个事件模块指令,用于定义Nginx每个进程的最大连接数,默认是1024.最大客户端连接数由 worker_processes和worker_connections 决定,即Max_client=worker_processes乘于worker_connections。进程的最大连接数受Linux系统进程的最大打开文件数限制,在执行操作系统命令“ulimit-HSn65535”或配置相应文件后worker_connections的设置才能生效。
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax: worker_connections number;
Default: worker_connections 512;
Context: events
Sets the maximum number of simultaneous connections that can be opened by a worker process.
It should be kept in mind that this number includes all connections (e.g. connections with proxied servers, among others), not only connections with clients. Another consideration is that the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files, which can be changed by worker_rlimit_nofile.
六、根据CPU核数对Nginx进程优化
`提示:默认情况nginx的多个进程可能更多的跑在一颗CPU上,此项优化让不同的进程分配不同的CPU处理,充分利用硬件资源`
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
worker_processes 2;
worker_cpu_affinity 0101 1010;
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax:worker_cpu_affinity cpumask ...;
worker_cpu_affinity auto [cpumask];
Default: —
Context: main
Binds worker processes to the sets of CPUs. Each CPU set is represented by a bitmask of allowed CPUs. There should be a separate set defined for each of the worker processes. By default, worker processes are not bound to any specific CPUs.
For example,
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
binds each worker process to a separate CPU, while
worker_processes 2;
worker_cpu_affinity 0101 1010;
binds the first worker process to CPU0/CPU2, and the second worker process to CPU1/CPU3\. The second example is suitable for hyper-threading.
The special value auto (1.9.10) allows binding worker processes automatically to available CPUs:
worker_processes auto;
worker_cpu_affinity auto;
The optional mask parameter can be used to limit the CPUs available for automatic binding:
worker_cpu_affinity auto 01010101;
The directive is only available on FreeBSD and Linux.
七、事件处理模型优化
提示:nginx的连接处理机制在于不同的操作系统采用不同的IO模型,在limux使用epoll的I0多路复用模型
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
events {
worker_connections 1024;
use epoll;
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax:use method;
Default: —
Context: events
Specifies the connection processing method to use. There is normally no need to specify it explicitly, because nginx will by default use the most efficient method.
八、配置每个进程最大文件打开数
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 2;
worker_cpu_affinity 0101 1010;
worker_rlimit_nofile 4096;
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/ngx_core_module.html](http://nginx.org/en/docs/ngx_core_module.html)
Syntax:worker_rlimit_nofile number;
Default: —
Context:main
Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without restarting the main process.
九、优化服务器名字的HASH表大小
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
http {
server_names_hash_bucket_size 64;
server_names_hash_max_size 1024;
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/http/ngx_http_core_module.html](http://nginx.org/en/docs/http/ngx_http_core_module.html)
Syntax:server_names_hash_max_size size;
Default:server_names_hash_max_size 512;
Context:http
Sets the maximum size of the **server names** hash tables. The details of setting up hash tables are provided in a separate document.
Syntax:server_names_hash_bucket_size size;
Default:server_names_hash_bucket_size 32|64|128;
Context:http
Sets the bucket size for the server names hash tables. The default value depends on the size of the processor’s cache line. The details of setting up hash tables are provided in a separate document.
十、开启高效文件传输模式
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
http {
sendfile on;
tcp_nopush on; #==》开启tpc_nopush选项,sendfile参数才有效
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/http/ngx_http_core_module.html](http://nginx.org/en/docs/http/ngx_http_core_module.html)
Syntax:sendfile on | off;
Default: sendfile off;
Context: http, server, location, if in location
Enables or disables the use of sendfile().
Starting from nginx 0.8.12 and FreeBSD 5.2.1, aio can be used to pre-load data for sendfile():
location /video/ {
sendfile on;
tcp_nopush on;
aio on;
}
In this configuration, sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the read_ahead directive.
Syntax: tcp_nopush on | off;
Default: tcp_nopush off;
Context:http, server, location
Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. The options are enabled only when sendfile is used. Enabling the option allows
十一、设置连接超时时间
[root@nginx01 ~]# vim /application/nginx/conf/nginx.conf
http {
#==》设置客户端连接保持会话超时时间,PHP建议短连接,JAVA建议长连接
keepalive_timeout 60;
#==》打开tcp_nodelay,包含了keepalive参数才有效
tcp_nodelay on;
#==》设置客户端请求读取超时时间,如超过这个时间,客户端还没有发送任何数据,Nginx将返回”Request time out(408)”错误
client_header_timeout 15s;
#==》设置客户端请求主体读取超时时间,如超过这个时间,客户端还没有发送任何数据,Nginx将返回”Request time out(408)”错误,默认值60秒
client_max_body_size 15;
#==》指定响应客户端的超时时间,这个超时仅限于两个连接活动之间的时间,如果超过这个时间,客户端没有任何活动,Nginx将会关闭连接
send_timeout 15s;
}
#==》以下是Nginx官方说明
Nginx官网地址 [http://nginx.org/en/docs/http/ngx_http_core_module.html](http://nginx.org/en/docs/http/ngx_http_core_module.html)
Syntax: keepalive_timeout timeout [header_timeout];
Default:keepalive_timeout 75s;
Context: http, server, location
The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ.
The “Keep-Alive: timeout=time” header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.
Syntax: tcp_nodelay on | off;
Default: tcp_nodelay on;
Context: http, server, location
Enables or disables the use of the TCP_NODELAY option. The option is enabled when a connection is transitioned into the keep-alive state. Additionally, it is enabled on SSL connections, for unbuffered proxying, and for WebSocket proxying.
Syntax: client_header_timeout time;
Default: client_header_timeout 60s;
Context: http, server
Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the request is terminated with the 408 (Request Time-out) error.
Syntax:client_max_body_size size;
Default:client_max_body_size 1m;
Context: http, server, location
Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size.
Syntax:send_timeout time;
Default:send_timeout 60s;
Context: http, server, location
Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.
网友评论