Nginx Knowledge

-
Proxy server: work for clients. Example: CDN

Reverse Proxy server: work for server. Example Nginx

Apache: used as static web server

Nginx: only work mode, one work max support 30,000 parallel requests, used for Reverse Proxy

Contain One master process and several worker processes, cache loader and cache manager
Master process: 
1. Check and Verify the config file;
2. Create, bond and close socket;
3. Start, stop and maintain the worker processes;
4. Reload config file;
5. No need stop service, upgrade and rollback the version;

Worker process:
1. Support httpd protocol
2. Response to reverse proxy request

Cache loader:
1. Check cache objects;
2. Create memory database;

Cache manager:
1. Check the expird data of cache objects

Nginx modules: only install the required ones.

Nginx characters:
1. Modules
2. Upgrade or rollback no need stop service
3. Low memory cost (10000 keep-alive connection only cost 3.5MB memory) 

Nginx basic features:
1. Static web service;
2. Reverse proxy service; fastcgi
3. SSL service;

Nginx structure:
1. one master process creates several worker process
2. event motivation
3. AIO(asynchronism I/0) module 


Binary Installation
yum install gcc pcre-devel openssl-devel
tar xvf nginx-1.6.2.tar.gz (attachment nginx-1.6.2.tar.gz)
cd nginx-1.6.2
./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi
make && make install

Configure Description
Install folder: --prefix=/usr/local/nginx 
Config file folder: --conf-path=/etc/nginx/nginx.conf 
Worker process user: --user=nginx 
Worker process group: --group=nginx 
Nginx Error Log: --error-log-path=/var/log/nginx/error.log 
Nginx Access Log: --http-log-path=/var/log/nginx/access.log 
Nginx pid file: --pid-path=/var/run/nginx/nginx.pid 
Nginx lock file: --lock-path=/var/lock/nginx.lock 
ssl module: --with-http_ssl_module 
status page module: --with-http_stub_status_module 
gzip module: --with-http_gzip_static_module 
flv module: --with-http_flv_module 
mp4 module: --with-http_mp4_module 
cache folder: --http-client-body-temp-path=/var/tmp/nginx/client 
proxy folder: --http-proxy-temp-path=/var/tmp/nginx/proxy 
fastcgi folder: --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi

manually create folders: 
mkdir -p /var/tmp/nginx/client 
mkdir -p /var/tmp/nginx/proxy 
mkdir -p /var/tmp/nginx/fastcgi

Change format of config file (add high light for key words):
attachment nginx.vim
2. Go to home directory: cd ~
3. Create folder mkdir -p .vim/syntax
4. Upload nginx.vim to ~/.vim/syntax
5. Create file ~/.vim/filetype.vim with following item
au BufRead,BufNewFile /etc/nginx/*,/usr/local/nginx/conf/* if &ft == '' | setfiletype nginx | endif 

Create user id and group
groupadd -r nginx
useradd -g nginx -r nginx

nginx command:
cd /usr/local/sbin
./nginx <parameters>
-t: check logic
-V: check version and installation configuration 
-v: check version
-c <filename>: set configuration file 
-g <directory>: set global directives out of configuration file
-s <signal>: send signal to master process: stop, quit, reopen, reload

Change system path for nginx command
cd /etc/profile.d/
vim nginx.sh with following context
export PATH=/usr/local/nginx/sbin:$PATH
. /etc/profile.d/nginx.sh

Nginx start: nginx 
Nginx stop: nginx -s stop

Nginx home folder: /usr/local/nginx/html/

Nginx make service: attachment ngnix
upload file to /etc/rc.d/init.d
chmod +x nginx
chkconfig --add nginx
chkconfig nginx on

nginx config file /etc/nginx/nginx.conf
configuration format: <command> <value1> [value2...]
1. main configuration
1). Basic parameters
A. define user: user nginx nginx;
B. define pid file: pid /var/run/nginx/nginx.pid;
C. define lock file: lock_file <file path>;
D. define the max number of worker process: worker_rlimit_nofile <number>;
Example: worker_rlimit_nofile 10000;
E. define the max singal number: worker_rlimit_sigpending <number>;
Example: worker_rlimit_sigpending 2000;

2) Optimize parameters
A. worker process number: worker_processes <number>; 
i. CPU load high: number of work should same as number of CPU
ii. I/O load high: number of work should 1.5 or 2 times of number of CPU
B. bind worker process to specific cpu in order to improve the cache performance: worker_cpu_affinity <cpumask>
Example: worker_cpu_affinity 0001 0010 0100 1000
C. worker process privilege: worker_priority <number>
Example: worker_priority -15

3) Event parameters ( write between events {} )
A. number of max parallel request: work_connections <number>;
B. multi worker processes work average:  accept_mutex [on|off]

4) Debug parameters
A. start frontend or backend: daemon [on|off]
frontend: daemon off
backend: daemon on (default)
B. start nginx as master-worker: master_process [on|off] 
C. error log setting: error_log <errorlog path> <info|notice|warning|error|debug>
Example: error_log /var/log/nginx debug (need to configure --with-debug )

2. http configuration ( write in http {} )
http structure:
http {
    upstream { 
        #reserver proxy configuration
    }
    
    server {
        #virtual host configuration
        listen IP:PORT;

        location /URL {
            #url location configuration
            root <directory>;
        }
    }   
}

Virtual Host Setting
A. server: define virtual host;
B. listen: define listen IP / PORT;
C. server_name: define hostname;
D. location: define url;
E. root: define directory;
F. error_page code: define error_page
Example error_page 404 /404.html
404: page not exist
403: no privilege
401: need authentication 


Example: virtual host listen port 
        server {
                listen 8080;
                server_name www.test1.com;
                location / {
                        root "/www/www.test1.com";
                        index index.html;
                }
        }

       server {
                listen 8081;
                server_name www.test2.com;
                location / {
                        root "/www/www.test2.com";
                        index index.html;
                }
        }


Example: virtual host listen IP 
        server {
                listen 12.11.0.102:80;
                server_name www.test3.com;
                location / {
                        root "/www/www.test3.com";
                        index index.html;
                }
        }


        server {
                listen 12.11.0.103:80;
                server_name www.test4.com;
                location / {
                        root "/www/www.test4.com";
                        index index.html;
                }
        }

Example: virtual host listen hostname
        server {
                listen 12.11.0.104:80;
                server_name www.test5.com;
                location / {
                        root "/www/www.test5.com";
                        index index.html;
                }
        }

        server {
                listen 12.11.0.104:80;
                server_name www.test6.com;
                location / {
                        root "/www/www.test6.com";
                        index index.html;
                }
        }


Network Connection Setting
G. keepalive_timeout time: 保持连接的超时时长,默认为75s;
H. keepalive_requests #; 在一次保持连接上允许承载最大资源请求数;
I. keepalive_disable [msie6|safari|none]: 为指定类型的浏览器禁用长连接;
J. client_header_timeout time: 读取http请求报文首部的超时时长;
K. client_body_timeout time: 读取http请求报文body部分的超时时长;
L. send_timeout time;发送响应报文的超时时长;

Client Restriction Setting
M. limit_except <METHOD> {...}: restrict the client action
Example: only all 172.16.0.0 subnet client do other operation except get
limit_except GET {
    allow 172.16.0.0/16;
    deny all;
}
N. client_body_max_size <SIZE>: restrict the size of the request body, check "content_length" to define the size
O. limit_rate <SPEED>: restrict client upload transfer speed. default 0, no limit
P. client_body_in_file_only [on|clean|off]: 
i. on: save the request body in disk
ii. clean: clean when the request finish
iii. off: not save the request body in disk

Media type setting
types {
    text/html .html;
    image/jpeg .jpeg;
}

Visit restrict base on IP
can write in server, http, location
allow, deny 172.16.0.0/16
Example
        server {
                listen 12.11.0.104:80;
                server_name www.test5.com;
                location / {
                        root "/www/www.test5.com";
                        index index.html;
                        allow 12.11.0.0/16;
                        deny 12.11.0.100/32
                }
        }
File system optimization setting
A. aio [on|off]: enable asynchronization or not
B. open_file_cache_errors [on|off]: save error message when open file in cache or not save
C. open_file_cache_min_uses <time>: how long to verify the cache item expired or not, default 60 seconds


Comments

Post a Comment

Popular posts from this blog

Nginx Proxy & Load Balance & LNMP

-
Nginx Proxy Service E-commerce website Server 1: provide image request response (  apache / nginx ) Server 2: provide dynamic request response ( php-fpm / apache-php ) Server 3: provide static request response ( apache / nginx ) Server 4: provide data request response ( mysql ) It need one additional nginx server 1. Install nginx 2. proxy to specific server Example location / {      proxy_pass http://192.168.199.187:80/; } location /bbs/ {      proxy_pass http://192.168.199.187:80/bbs/; } location ~* \.(jpg|png|gif)$  {      proxy_pass http://172.16.100.7; } Enhance the log information and specific the hostname location / {      proxy_pass  http://192.168.199.187:80/;      proxy_set_header <parameter name>  $host;  (client requst the hostname )      proxy_set_header <parameter name> $remote_addr; ...
Read more

Snort+barnyard2+Snorby CentOS 6.5_64 Installation

-
#download packages: daq-2.0.2.tar.gz ImageMagicK-6.8.9-8.tar.gz oinkmaster-2.0.tar.gz ruby-1.9.3-p547.tar.gz snort-2.9.6.2.tar.gz snortrules-snapshot-2962.tar.gz MySQL-server-5.5.40-1.rhel5.x86_64.rpm MySQL-client-5.6.21-1.rhel5.x86_64.rpm MySQL-devel-5.6.21-1.rhel5.x86_64.rpm MySQL-shared-5.6.21-1.rhel5.x86_64.rpm epel-release-6-8.noarch.rpm barnyard2-2.1.13.tar.gz #install yum package rpm -ivh epel-release-6-8.noarch.rpm yum install gcc-c++ patch readline readline-devel zlib zlib-devel flex git yum install libyaml-devel libffi-devel openssl-devel make  yum install bzip2 autoconf automake libtool bison iconv-devel libxml2-devel libxslt  yum install gcc g++ build-essential libssl-devel libreadline5-devel zlib1g-devel linux-headers-generic libsqlite3-devel libxslt-devel curl-devel sqlite-devel yum --enablerepo=epel install jasper jasper-libs jasper-devel #Mysql install yum remove mysql mysql-libs rpm -ivh MySQL-server-5.5.40-1.rh...
Read more

ORACLE Error

-
Image
oracle official error explanation  http://docs.oracle.com/cd/E11882_01/server.112/e17766/toc.htm 从服务器下载ALERT日志文件,传输方式需要选择"ASCII" ORA-01078: failure in processing system parameters 发生场景:新建数据库第一次启动时 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file ‘/home/oracle/oracle/product/10.2.0/db_1/dbs/initorcl.ora’ 原因:oracle_sid没有配置正确 解决方案: 1. 修改oracle用户.bash_profile文件中ORACLE_SID后的内容; 2. 重新已oracle用户登录; ORA-01157: cannot identify/lock data file string - see DBWR trace file  Cause: The background process was either unable to find one of the data files or failed to lock it because the file was already in use. The database will prohibit access to this file but other files will be unaffected. However the first instance to open the database will need to access all online data files. Accompanying error from the operating system describes why the file could not be identified. Action: Have operating system make file ...
Read more