Linux學習之路-Nginx(2)安裝及配置文件篇【23】---20180210
一、Nginx的安裝方法及配置介紹
1、yum安裝
官方:
http://nginx.org/packages/centos/7/x86_64/RPMS
Fedora-EPEL:
https://mirrors.aliyun.com/epel/7/x86_64/
官方yum源
[nginx]
name=nginx_repo
baseurl=http://nginx.org/packages/centos/7/x86_64/
gpgcheck=0
enabled=1
2、編譯安裝
yum install pcre-devel openssl-devel zlib-devel
useradd -r nginx
./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-threads --with-file-aio
make && make install
3、編譯安裝選項簡要介紹
--prefix=/etc/nginx 安裝路徑
--sbin-path=/usr/sbin/nginx 指明nginx程序文件安裝路徑
--conf-path=/etc/nginx/nginx.conf 主配置文件安裝位置
--error-log-path=/var/log/nginx/error.log 錯誤日誌文件安裝位置
--http-log-path=/var/log/nginx/access.log 訪問日誌文件安裝位置
--pid-path=/var/run/nginx.pid 指明pid文件安裝位置
--lock-path=/var/run/nginx.lock 鎖文件安裝位置
--http-client-body-temp-path=/var/cache/nginx/client_temp 客戶端body部分的臨時文件存放路徑,如果服務器允許客戶端使用put方法提交大數據時,臨時存放的磁盤路徑
--http-proxy-temp-path=/var/cache/nginx/proxy_temp 作為代理服務器,服務器響應報文的臨時文件存放路徑
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp 作為fastcgi代理服務器,服務器響應報文的臨時文件存放路徑
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp 作為uwsgi代理服務器,服務器響應報文的臨時文件存放路徑
--http-scgi-temp-path=/var/cache/nginx/scgi_temp 作為scgi反代服務器,服務器響應報文的臨時文件存放路徑
--user=nginx 指明以那個身份運行worker進程,主控master進程一般由root運行
--group=nginx
--with-http_ssl_module 表示把指定模塊編譯進來
[root@VSserver~]#nginx -v nginx version: nginx/1.12.2 [root@VSserver~]#nginx -V #yum安裝的配置參數 nginx version: nginx/1.12.2 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
4、Nginx目錄結構和命令
ls /usr/local/nginx/ #這個是編譯路徑
html是測試頁,sbin是主程序
ls /usr/local/nginx/sbin/ #這個是編譯路徑
nginx 只有一個程序文件
ls /usr/local/nginx/html/ #這個是編譯路徑
50x.html index.html 測試網頁
Nginx:默認為啟動nginx
-h 查看幫助選項
-V 查看版本和配置選項
-t 測試nginx語法錯誤
-c filename 指定配置文件(default: /etc/nginx/nginx.conf)
-s signal 發送信號給master進程,signal可為:stop, quit, reopen, reload
示例:-s stop 停止nginx -s reload 加載配置文件
-g directives 在命令行中指明全局指令
[root@VSserver~]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@VSserver~]#nginx -h nginx version: nginx/1.12.2 Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives] Options: -?,-h : this help -v : show version and exit -V : show version and configure options then exit -t : test configuration and exit -T : test configuration, dump it and exit -q : suppress non-error messages during configuration testing -s signal : send signal to a master process: stop, quit, reopen, reload -p prefix : set prefix path (default: /etc/nginx/) -c filename : set configuration file (default: /etc/nginx/nginx.conf) -g directives : set global directives out of configuration file [root@VSserver~]#rpm -ql nginx #yum安裝的配置路徑 /etc/logrotate.d/nginx /etc/nginx /etc/nginx/conf.d /etc/nginx/conf.d/default.conf /etc/nginx/fastcgi_params /etc/nginx/koi-utf /etc/nginx/koi-win /etc/nginx/mime.types /etc/nginx/modules /etc/nginx/nginx.conf /etc/nginx/scgi_params /etc/nginx/uwsgi_params /etc/nginx/win-utf /etc/rc.d/init.d/nginx /etc/rc.d/init.d/nginx-debug /etc/sysconfig/nginx /etc/sysconfig/nginx-debug /usr/lib64/nginx /usr/lib64/nginx/modules /usr/sbin/nginx /usr/sbin/nginx-debug /usr/share/doc/nginx-1.12.2 /usr/share/doc/nginx-1.12.2/COPYRIGHT /usr/share/man/man8/nginx.8.gz /usr/share/nginx /usr/share/nginx/html /usr/share/nginx/html/50x.html /usr/share/nginx/html/index.html /var/cache/nginx /var/log/nginx
5、Nginx配置文件介紹
配置文件的組成部分:
主配置文件:nginx.conf
子配置文件 include conf.d/*.conf
fastcgi, uwsgi,scgi等協議相關的配置文件
mime.types:支持的mime類型
主配置文件的配置指令:
directive value [value2 ...];
註意:
(1) 指令必須以分號結尾
(2) 支持使用配置變量
內建變量:由Nginx模塊引入,可直接引用
自定義變量:由用戶使用set命令定義
set variable_name value;
引用變量:$variable_name
官網查詢幫助:http://nginx.org/en/docs/
6、主配置文件結構
#主配置文件結構:四部
main block: #主配置段,即全局配置段,對http,mail都有效
event {
...
} #事件驅動相關的配置
http {
...
} #http/https #協議相關配置段
mail {
...
} #mail #協議相關配置段
stream {
...
} #stream #服務器相關配置段
7、http協議相關的配置結構
http {
...
... #各server的公共配置
server { #每個server用於定義一個虛擬主機
...
}
server {
...
server_name #虛擬主機名
root #主目錄
alias #路徑別名
location [OPERATOR] URL { #指定URL的特性
...
if CONDITION {
...
}
}
}
}
二、Nginx配置
Main 全局配置段常見的配置指令分類
正常運行必備的配置
優化性能相關的配置
用於調試及定位問題相關的配置
事件驅動相關的配置
幫助文檔
http://nginx.org/en/docs/
1、正常運行必備的配置
幫助文檔:http://nginx.org/en/docs/ngx_core_module.html
1、user
Syntax: user user [group];
Default: user nobody nobody;
Context: main
指定worker進程的運行身份,如組不指定,默認和用戶名同名
2、pid /PATH/TO/PID_FILE
指定存儲nginx主進程PID的文件路徑
3、include file | mask
指明包含進來的其它配置文件片斷
4、load_module file
模塊加載配置文件:/usr/share/nginx/modules/*.conf
指明要裝載的動態模塊路徑: /usr/lib64/nginx/modules
[root@VSservernginx]#cat nginx.conf user nginx; worker_processes 1; #worker的數量,建議小於cpu的數量 error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; #每個worker最大連接數 } http { include /etc/nginx/mime.types; #支持的媒介 default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; } [root@VSservernginx]#ps aux root 16773 0.0 0.1 45200 1056 ? Ss 22:40 0:00 nginx: master process nginx nginx 16774 0.0 0.1 45584 1784 ? S 22:40 0:00 nginx: worker process [root@VSservernginx]#pstree -p | grep nginx |-nginx(16773)---nginx(16774) [root@VSservernginx]#cat /var/run/nginx.pid #存放的是master的進程編號 16773 [root@VSservernginx]#ll total 40 drwxr-xr-x 2 root root 4096 Mar 7 22:13 conf.d drwxr-xr-x 2 root root 4096 Oct 31 2016 default.d -rw-r--r-- 1 root root 1007 Oct 17 21:25 fastcgi_params -rw-r--r-- 1 root root 2837 Oct 17 21:25 koi-utf -rw-r--r-- 1 root root 2223 Oct 17 21:25 koi-win -rw-r--r-- 1 root root 3957 Oct 17 21:25 mime.types lrwxrwxrwx 1 root root 29 Mar 7 22:13 modules -> ../../usr/lib64/nginx/modules -rw-r--r-- 1 root root 643 Oct 17 21:21 nginx.conf -rw-r--r-- 1 root root 636 Oct 17 21:25 scgi_params -rw-r--r-- 1 root root 664 Oct 17 21:25 uwsgi_params -rw-r--r-- 1 root root 3610 Oct 17 21:25 win-utf [root@VSserver~]#ulimit -n 1024 [root@VSserver~]#ulimit -n 10240 [root@VSserver~]#ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 3808 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 10240 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 3808 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited #加載第三方模塊操作 #1、下載第三方模塊 [root@VSservernginx]#wget http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm --2018-03-07 23:00:41-- http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm Resolving mirrors.aliyun.com... 202.108.249.220, 202.108.249.221, 123.125.18.87, ... Connecting to mirrors.aliyun.com|202.108.249.220|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 16016 (16K) [application/x-redhat-package-manager] Saving to: “nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm” 100%[==================================================================>] 16,016 --.-K/s in 0.04s 2018-03-07 23:00:41 (387 KB/s) - “nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm” saved [16016/16016] [root@VSservernginx]#rpm -qpl http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm warning: http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY /usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so /usr/share/nginx/modules/mod-http-xslt-filter.conf #調用模塊的配置文件 [root@VSservernginx]#cat /usr/share/nginx/modules/mod-http-xslt-filter.conf load_module "/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so"; #2、安裝模塊 [root@VSservernginx]#rpm -ivh http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm Retrieving http://mirrors.aliyun.com/epel/6/x86_64/Packages/n/nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm warning: /var/tmp/rpm-tmp.WaMXQe: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Preparing... ########################################### [100%] package nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64 is already installed #3、調用模塊 [root@VSservernginx]#vim /etc/nginx/nginx.conf load_module "/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so"; #在全局設置添加這句命令 #或者把這個/usr/share/nginx/modules/mod-http-xslt-filter.conf文件,拷貝到 /etc/nginx/conf.d/ 目錄下
2、性能優化相關的配置
1、worker_processes number | auto
worker進程的數量;通常應該為當前主機的cpu的物理核心數
2、worker_cpu_affinity cpumask ...
worker_cpu_affinity auto [cpumask] 提高緩存命中率
CPU MASK: 00000001:0號CPU
00000010:1號CPU
10000000:8號CPU
worker_cpu_affinity 0001 0010 0100 1000;
worker_cpu_affinity 0101 1010;
3、worker_priority number
指定worker進程的nice值,設定worker進程優先級:[-20,20]
4、worker_rlimit_nofile number
worker進程所能夠打開的文件數量上限,如65535
#實驗:簡單優化
#實驗:設置cup與worker綁定 [root@VSservernginx]#watch -n 0.5 ' ps axo cmd,pid,psr | grep nginx ' Every 0.5s: ps axo cmd,pid,psr | grep nginx Wed Mar 7 23:11:10 2018 nginx: master process nginx 16773 2 nginx: worker process 16774 3 nginx: worker process 16775 0 nginx: worker process 16776 1 nginx: worker process 16777 2 grep --color=auto nginx 16989 4 [root@VSservernginx]#vim /etc/nginx/nginx.conf worker_processes auto; worker_cpu_affinity 0001 0010 0100 1000; #在全局裏添加 [root@VSservernginx]#watch -n 0.5 ' ps axo cmd,pid,psr | grep nginx ' Every 0.5s: ps axo cmd,pid,psr | grep nginx Wed Mar 7 23:11:10 2018 nginx: master process nginx 16773 2 nginx: worker process 16774 0 nginx: worker process 16775 1 nginx: worker process 16776 2 nginx: worker process 16777 3 grep --color=auto nginx 16989 4 #調整優先級 [root@VSservernginx]#ps axo cmd,pid,psr,ni | grep nginx nginx: master process nginx 16773 0 0 nginx: worker process 16774 0 0 #默認就是0 grep nginx 17530 0 0 [root@VSservernginx]#vim /etc/nginx/nginx.conf worker_priority -20 #在全局設置 [root@VSservernginx]#ps axo cmd,pid,psr,ni | grep nginx nginx: master process nginx 16773 0 -20 nginx: worker process 16774 0 -20 #nice的優先級就是-20~19 grep nginx 17530 0 0 #提升線程 Syntax:worker_rlimit_nofile number; #官網翻譯 Default:— Context:main Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without restarting the main process. #提示不用重啟服務,用於在不重新啟動主進程的情況下增加限制 [root@VSservernginx]#vim /etc/nginx/nginx.conf worker_rlimit_nofile 65530 這個要配合修改worker_connections 1024; 一起使用,幾個worker乘以這個值,不要超出文件的最大上限 worker_connections 10240;
3、事件驅動相關的配置
events {
...
}
1、worker_connections number
每個worker進程所能夠打開的最大並發連接數數量,如10240
總最大並發數:worker_processes * worker_connections
2、use method
指明並發連接請求的處理方法 ,默認自動選擇最優方法
use epoll;
3、accept_mutex on | off 互斥
處理新的連接請求的方法;on指由各個worker輪流處理新請求,Off指每個新請求的到達都會通知(喚醒)所有的worker進程,但只有一個進程可獲得連接,造成“驚群”,影響性能,默認on
Syntax:accept_mutex on | off; Default:accept_mutex off; Context:events If accept_mutex is enabled, worker processes will accept new connections by turn. Otherwise, all worker processes will be notified about new connections, and if volume of new connections is low, some of the worker processes may just waste system resources. There is no need to enable accept_mutex on systems that support the EPOLLEXCLUSIVE flag (1.11.3) or when using reuseport. Prior to version 1.11.3, the default value was on. #如果accept_mutex啟用,工作進程將輪流接受新的連接。否則,所有工作進程都會收到有關新連接的通知, 並且如果新連接的數量很少,某些工作進程可能會浪費系統資源。 不需要accept_mutex 在支持EPOLLEXCLUSIVE標誌(1.11.3)的系統 上啟用或在使用復用端口時啟用。 在版本1.11.3之前,默認值是on。
4、調試和定位問題
1、daemon on|off
是否以守護進程方式運行nignx,默認是守護進程方式
2、master_process on|off
是否以master/worker模型運行nginx;默認為on
off 將不啟動worker(不建議關閉)
3、error_log file [level]
錯誤日誌文件及其級別;出於調試需要,可設定為debug;但debug僅在編譯時使用了“--with-debug”選項時才有效
方式:file /path/logfile;
stderr:發送到標準錯誤
syslog:server-address[,parameter=values]
發送到syslogmemory:size 內存
level:debug|info|notice|warn|error|crit|alter|emerg
5、http協議的相關配置
http {
... ...
server {
...
server_name
root
location [OPERATOR] /uri/ {
...
}
}
server {
...
}
}
[root@VSservernginx]#vim nginx.conf
http {
include /etc/nginx/mime.types; #媒介的設置
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on; #啟用內核級封裝
#tcp_nopush on;
keepalive_timeout 65; #持久連接,默認65秒
#gzip on; #壓縮
include /etc/nginx/conf.d/*.conf; #包含的子配置文件
}
[root@VSservernginx]#cat conf.d/default.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
Linux學習之路-Nginx(2)安裝及配置文件篇【23】---20180210