nginx的配置
目录
正常运行必备的配置参数
user USERNAME [GROUPNAME]; //指定运行worker进程的用户和组 ,指定以哪个组和哪个用户的身份去运行,组可写可不写
pid /path/to/pid_file; //指定nginx守护进程的pid文件
worker_rlimit_nofile number; //设置所有worker进程最大可以打开的文件数,默认为1024
worker_rlimit_core size; //指明所有worker进程所能够使用的总体的最大核心文件大小,保持默认即可
user USERNAME [GROUPNAME]
因为这个地方注释了,所以依然是nginx用户去执行
[root@localhost conf]# head -2 nginx.conf
#user nobody;
[root@localhost conf]# ps -ef | grep nginx
root 2960 1 0 22:49 ? 00:00:00 nginx: master process nginx
nginx 2961 2960 0 22:49 ? 00:00:00 nginx: worker process
root 51333 2063 0 23:08 pts/0 00:00:00 grep --color=auto nginx
最好改为nginx
[root@localhost conf]# head -2 nginx.conf
user nginx nginx;
pid /path/to/pid_file; //指定nginx守护进程的pid文件
nginx的守护进程的文件存放的位置
守护进程的pid文件存放在安装目录下的logs下的
nginx.pid //默认存放的位置
[root@localhost conf]# vim nginx.conf
[root@localhost conf]# pwd
/usr/local/nginx/conf
9 #pid logs/nginx.pid; //虽然注释了但依然有效,当你使用这个某个文件时最好将注释取消,告诉系统文件位置
[root@localhost logs]# pwd
/usr/local/nginx/logs
[root@localhost logs]# ls
error.log nginx.pid
worker_rlimit_nofile number; //设置所有worker进程最大可以打开的文件数,默认为1024
就是worker进程最多能打开1024个文件数,最好将值调整至65535最大的值。这个值是因为端口号最多只有65535
这个在nginx的配置文件默认没有,这需要我们自己手动添加
[root@localhost conf]# head -4 nginx.conf
user nginx nginx;
worker_processes 3;
worker_rlimit_nofile 65535;
检查nginx语法看是否有问题
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]# systemctl restart nginx.service //重启服务
因为我们刚才是设置的是nginx的访问数量,但是系统默认还是1024,需要将系统的1024也改为65535,猜可以生效,因为系统是包含nginx这个服务的
没修改之前的
[root@localhost security]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 23060
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
所以我们此时需要设置系统的支持的访问数量
[root@localhost security]# pwd
/etc/security
[root@localhost security]# tail -3 limits.conf //在文件的最后一行添加下面两行内容
# End of file
* soft nofile 65535
* hard nofile 65535
此时在使用ulimit -a命令去查看
[root@localhost ~]# systemctl restart nginx.service
[root@localhost ~]# ulimit -a | grep -w 65535
open files (-n) 65535
worker_rlimit_core size; //指明所有worker进程所能够使用的总体的最大核心文件大小,保持默认即可这个东西很少使用
优化性能的配置参数
这个是用来优化nginx的worker运行的效率
worker_processes n; //启动n个worker进程,这里的n为了避免上下文切换,通常设置为cpu总核心数-1或等于总核心数
worker_cpu_affinity cpumask ...; //将进程绑定到某cpu中,避免频繁刷新缓存
//cpumask:使用8位二进制表示cpu核心,如:
0000 0001 //第一颗cpu核心
0000 0010 //第二颗cpu核心
0000 0100 //第三颗cpu核心
0000 1000 //第四颗cpu核心
0001 0000 //第五颗cpu核心
0010 0000 //第六颗cpu核心
0100 0000 //第七颗cpu核心
1000 0000 //第八颗cpu核心
timer_resolution interval; //计时器解析度。降低此值,可减少gettimeofday()系统调用的次数
worker_priority number; //指明worker进程的nice值
worker_processes n; //启动n个worker进程,这里的n为了避免上下文切换,通常设置为cpu总核心数-1或等于总核心数
什么是上下文切换?
上下文切换就是从当前执行任务切换到另一个任务执行的过程。但是,为了确保下次能从正确的位置继续执行,在切换之前,会保存上一个任务的状态。下一次会接着上一个任务运行退出的地方接着运行。
为了避免上下文切换若你是8核的cpu给7核到nginx进程使用,剩余的给其他系统服务使用。
worker_cpu_affinity cpumask …; //将进程绑定到某cpu中,避免频繁刷新缓存
将进程绑定到某个cpu核心中
[root@localhost conf]# head -5 nginx.conf
user nginx nginx;
worker_processes 1;
worker_cpu_affinity 0001 0010
然后使用top命令,再点击L键,输入nginx就可以找到nginx的进程
top - 23:07:22 up 18 min, 2 users, load average: 0.45, 0.33, 0.27
Tasks: 219 total, 1 running, 218 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.1 us, 15.2 sy, 0.0 ni, 75.8 id, 0.0 wa, 0.0 hi, 3.0 si, 0.0 st
MiB Mem : 1789.5 total, 631.3 free, 623.3 used, 534.9 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 999.9 avail Mem
Locate string
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2100 root 20 0 76464 4464 4052 S 6.2 0.2 0:02.79 dbus-daemon
1 root 20 0 185680 11288 8308 S 0.0 0.6 0:02.38 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-kblockd
再按f键就会跳到这个页面,按上下左右的下键将光标移至P那一行,点击空格键选中,按q退出就可以看到,nginx进程使用的cpu了,并绑定成功,也不会进行上下文切换了
* PR = Priority PPID = Parent Pr nTH = Number of SUPGIDS = Supp Grou nsUTS = UTS names
* PID = Process I UID = Effective * P = Last Used SUPGRPS = Supp Grou
* USER = Effective RUID = Real User TIME = CPU Time TGID = Thread Gr
* NI = Nice Valu RUSER = Real User SWAP = Swapped S ENVIRON = Environme
* %CPU = CPU Usage SUID = Saved Use CODE = Code Size vMj = Major Fa
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND P
1604 root 20 0 116032 2656 1780 S 0.0 0.0 0:00.05 bash 2
1653 root 20 0 115932 2392 1644 S 0.0 0.0 0:00.01 bash 1
1771 root 20 0 162796 3068 1592 S 0.0 0.1 0:01.49 top 0
5173 root 20 0 77364 1356 240 S 0.0 0.0 0:00.00 nginx 2
5174 nginx 20 0 77740 2168 636 S 0.0 0.0 0:00.00 nginx 0
worker_priority number; //指明worker进程的nice值
优先级分为两种一个实时优先级,一个相对优先级
能控制的优先级有40个数,-20到19 对应100-139
nice是数字越低优先级越高。
[root@localhost conf]# head -5 nginx.conf
user nginx nginx;
worker_processes 1;
worker_cpu_affinity 0001 0010;
worker_priority -20;
[root@localhost conf]# systemctl restart nginx.service
使用top命令
11243 nginx 0 -20 77740 2188 640 S 0.0 0.0 0:00.00 nginx
[root@localhost opt]# ps -elf | grep nginx
1 S root 11242 1 0 80 0 - 19341 sigsus 20:05 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
5 S nginx 11243 11242 0 60 -20 - 19435 ep_pol 20:05 ? 00:00:00 nginx: worker process
0 S root 16510 2288 0 80 0 - 28206 pipe_w 20:08 pts/2 00:00:00 grep --c
事件相关的配置:event{}段中的配置参数
这些东西保持默认即可
accept_mutex {off|on}; //master调度用户请求至各worker进程时使用的负载均衡锁;on表示能让多个worker轮流地、序列化地去响应新请求
lock_file file; //accept_mutex用到的互斥锁锁文件路径
use [epoll | rtsig | select | poll]; //指明使用的事件模型,建议让nginx自行选择
worker_connections #; //每个进程能够接受的最大连接数
accept_mutex //是互斥锁
worker_connection //最好我们自行设置
worker_connections #; //每个进程能够接受的最大连接数
这是作为压测的工具
[root@localhost conf]# vim nginx.conf
14 events {
15 worker_connections 20480;
[root@localhost conf]# systemctl restart nginx.service
若没有ab命令就请安装httpd-tools包组
[root@localhost conf]# yum -y install httpd-tools
-c 用于指定的并发数;-n 用于指定压力测试总共的执行次数
[root@localhost conf]# ab -c 100 -n 5000 http://192.168.170.135/index1.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.170.135 (be patient)
Completed 500 requests
Completed 1000 requests
Completed 1500 requests
Completed 2000 requests
Completed 2500 requests
Completed 3000 requests
Completed 3500 requests
Completed 4000 requests
Completed 4500 requests
Completed 5000 requests
Finished 5000 requests
Server Software: nginx/1.20.1
Server Hostname: 192.168.170.135
Server Port: 80
Document Path: /index1.html
Document Length: 153 bytes
Concurrency Level: 100
Time taken for tests: 0.390 seconds
Complete requests: 5000
Failed requests: 0
Write errors: 0
Non-2xx responses: 5000
Total transferred: 1515000 bytes
HTML transferred: 765000 bytes
Requests per second: 12825.64 [#/sec] (mean)
Time per request: 7.797 [ms] (mean)
Time per request: 0.078 [ms] (mean, across all concurrent requests)
Transfer rate: 3795.09 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 3 2.4 3 35
Processing: 1 5 5.3 3 49
Waiting: 0 4 4.9 3 47
Total: 3 8 6.0 6 52
Percentage of the requests served within a certain time (ms)
50% 6
66% 7
75% 8
80% 8
90% 11
95% 15
98% 20
99% 49
100% 52 (longest request)
网络连接相关的配置参数
keepalive_timeout number; //长连接的超时时长,默认为65s
keepalive_requests number; //在一个长连接上所能够允许请求的最大资源数
keepalive_disable [msie6|safari|none]; //为指定类型的UserAgent禁用长连接
tcp_nodelay on|off; //是否对长连接使用TCP_NODELAY选项,为了提升用户体验,通常设为on
client_header_timeout number; //读取http请求报文首部的超时时长
client_body_timeout number; //读取http请求报文body部分的超时时长
send_timeout number; //发送响应报文的超时时长
keepalive_timeout number //65s内没做任何操作就超时退出
keepalive_requests number //连接建立之后可以设置一个值,这个值就是要处理的请求,当请求全部处理完成之后才退出
keepalive_disable [msie6|safari|none] //disabl可以在http,server,location中配置,在什么地方配置就对哪个地方生效(也就是禁用某个浏览器的长连接),这里的msie6|safari是浏览器的类型,none就是空任何类型都可以访问
[root@localhost conf]# vim nginx.conf
34 keepalive_disable msie6;
tcp_nodelay on|off //设置使用长连接没有延迟,默认也是no
fastcgi的相关配置参数
LNMP:php要启用fpm模型
配置示例如下:
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000; //定义反向代理
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
常需要进行调整的参数
- worker_processes
- worker_connections
- worker_cpu_affinity
- worker_priority
nginx作为web服务器时使用的配置:http{}段的配置参数
http{…}:配置http相关,由ngx_http_core_module模块引入。nginx的HTTP配置主要包括四个区块,结构如下:
若想要配置HTTP可以到官网相关的模块进行参考
https://nginx.org/en/docs/http/ngx_http_core_module.html
http {//协议级别
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
gzip on;
upstream {//负载均衡配置
...
}
server {//服务器级别,每个server类似于httpd中的一个<VirtualHost> //这个就类似于一个网站
listen 80;
server_name localhost;
location / {//请求级别,类似于httpd中的<Location>,用于定义URL与本地文件系统的映射关系
root html;
index index.html index.htm;
}
}
}
部署一个http的页面
[root@localhost test]# cat index.html
test web
[root@localhost test]# pwd
/usr/local/nginx/html/test
[root@localhost conf]# vim nginx.conf
[root@localhost conf]# pwd
/usr/local/nginx/conf
36 #gzip on;
37
38 server {
39 listen 82;
40 server_name test.example.com;
41
42 location / {
43 root html/test;
44 index index.html;
45 }
46 }
检查nginx的语法
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: [warn] the number of "worker_processes" is not equal to the number of "worker_cpu_affinity" masks, using last mask for remaining worker processes
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
重启nginx服务
[root@localhost conf]# systemctl restart nginx.service
[root@localhost conf]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:82 *:*
LISTEN 0 128 *:22 *:*
http{}段配置指令:
server {}:定义一个虚拟主机,示例如下:
server {
listen 80;
server_name www.idfsoft.com;
root "/vhosts/web";
}
listen:指定监听的地址和端口
listen address[:port];
listen port;
server_name NAME […]; 后面可跟多个主机,名称可使用正则表达式或通配符
当有多个server时,匹配顺序如下:
- 先做精确匹配检查
- 左侧通配符匹配检查,如*.idfsoft.com
- 右侧通配符匹配检查,如mail.*
- 正则表达式匹配检查,如~ ^.*.idfsoft.com$
- default_server
root path;设置资源路径映射,用于指明请求的URL所对应的资源所在的文件系统上的起始路径
alias path;用于location配置段,定义路径别名
index file; 默认主页面
index index.php index.html;
为了安全可以通过root path;设置资源路径映射
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
alias /var/www/html/; //alias的特点是的必须跟上绝对路径
index index.html index.htm;
}
[root@localhost ~]# mkdir -p /var/www/html/ //将test目录放在此目录下
[root@localhost html]# mv /usr/local/nginx/html/test ./
[root@localhost html]# ls
test
[root@localhost ~]# systemctl restart nginx.service
浙公网安备 33010602011771号