Article Directory
1. Optimization of nginx
1.1 Hidden version number
You can use the Fiddler tool to capture the data packets and check the Nginx version,
or you can use the command curl -I http://192.168.81.129 in CentOS to display the header information of the response message.
curl -I http://192.168.81.129
方法一:修改配置文件方式
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens off; #添加,关闭版本号
......
}
systemctl restart nginx
curl -I http://192.168.81.129
---------------------------------------------------------------------------------------
方法二:修改源码文件,重新编译安装
vim /opt/nginx-1.12.0/src/core/nginx.h
#define NGINX_VERSION "1.1.1" #修改版本号
#define NGINX_VER "IIS" NGINX_VERSION #修改服务器类型
cd /opt/nginx-1.12.0/
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
make && make install
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens on;
......
}
systemctl restart nginx
curl -I http://192.168.81.129
method one:
1.2 Modify users and groups
vim /usr/local/nginx/conf/nginx.conf
user nginx nginx; #取消注释,修改用户为 nginx ,组为 nginx
systemctl restart nginx
ps aux | grep nginx
主进程由root创建,子进程由nginx创建
1.3 Cache time
After Nginx returns the web page data to the client, you can set the cache time to facilitate the direct return when the same content is requested in the future, avoiding repeated requests and speeding up the access speed. Generally, it is set for static web pages, and no cache is set for dynamic web pages
. time
vim /usr/local/nginx/conf/nginx.conf
http {
......
server {
......
location / {
root html;
index index.html index.htm;
}
location ~ \.(gif|jpg|jepg|png|bmp|ico)$ { #加入新的 location,以图片作为缓存对象
root html;
expires 1d; #指定缓存时间,1天
}
......
}
}
http://www.kgc.com/wangsicong.jpg
systemctl restart nginx
In the Linux system, open the Firefox browser, right-click to view elements,
select Network—> select HTML, WS, and others
to access http://192.168.81.129/tu.png, double-click the 200 response message to view the response header contains Cahce-Control :max-age=86400 means the cache time is 86400 seconds. That is, it is cached for one day, and the browser accesses this page within one day, all using the data in the cache, without re-sending requests to the Nginx server, reducing the bandwidth used by the server.
1.4 Log cutting
vim /opt/fenge.sh
#!/bin/bash
# Filename: fenge.sh
day=$(date -d "-1 day" "+%Y%m%d") #显示前一天的时间
logs_path="/var/log/nginx"
pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path #创建日志文件目录
mv /usr/local/nginx/logs/access.log ${logs_path}/kgc.com-access.log-$day #移动并重命名日志文件
kill -USR1 $(cat $pid_path) #重建新日志文件
find $logs_path -mtime +30 -exec rm -rf {} \; #删除30天之前的日志文件
#find $logs_path -mtime +30 | xargs rm -rf
chmod +x /opt/fenge.sh
/opt/fenge.sh
ls /var/log/nginx
ls /usr/local/nginx/logs/access.log
crontab -e
0 1 * * * /opt/fenge.sh
1.5 Connection timeout
HTTP has a KeepAlive mode, which tells the web server to keep the TCP connection open after processing a request. If other requests are received from the same client, the server will use this unclosed connection without establishing another connection.
KeepAlives are kept on for a period of time, during which time they take up resources. Excessive use will affect performance.
vim /usr/local/nginx/conf/nginx.conf
http {
......
keepalive_timeout 65 65;
client_header_timeout 80;
client_body_timeout 80;
......
}
systemctl restart nginx
1.6 Change the number of processes
In high-concurrency scenarios, more Nginx processes need to be started to ensure fast response to process user requests and avoid blocking
cat /proc/cpuinfo | grep -c "physical id" #查看cpu核数
ps aux | grep nginx #查看nginx主进程中包含几个子进程
vim /usr/local/nginx/conf/nginx.conf
worker_processes 2; #修改为核数相同或者2倍
worker_cpu_affinity 01 10; #设置每个进程由不同cpu处理,进程数配为4时0001 0010 0100 1000
#将每个worker子进程与特定CPU物理核心绑定,提升cpu利用率,进而提升性能。避免同一个worker子进程在不同的CPU核心上切换或者多个进程跑在一个CPU上,缓存失效,降低性能。
systemctl restart nginx
1.7 Configure web page compression
The ngx_http_gzip_module compression module of Nginx provides the function of compressing file content.
It allows the Nginx server to compress the output content before sending it to the client to save website bandwidth and improve the user's access experience. It has been installed by default and can be added
to the configuration file. Corresponding compression function Parameters to optimize compression performance
vim /usr/local/nginx/conf/nginx.conf
http {
......
gzip on; #取消注释,开启gzip压缩功能
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 64k; #压缩缓冲区,大小为4个64k缓冲区
gzip_http_version 1.1; #压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_comp_level 6; #压缩比率
gzip_vary on; #支持前端缓存服务器存储压缩页面
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json; #压缩类型,表示哪些网页文档启用压缩功能
......
}
2. Configure anti-leech
systemctl restart firewalld
vim /usr/local/nginx/conf/nginx.conf
http {
......
server {
......
location ~ \.(jpg|gif|swf)$ {
valid_referers none blocked *.kgc.com kgc.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.kgc.com/error.png;
#return 403;
}
}
......
}
}
网页准备:
Web源主机(192.168.81.129)配置:
cd /usr/local/nginx/html
将game.jpg、error.png文件传到/usr/local/nginx/html目录下
vim index.html
......
<img src="game.jpg"/>
</body>
</html>
echo "192.168.81.129 www.kgc.com" >> /etc/hosts
echo "192.168.81.129 www.benet.com" >> /etc/hosts
盗链网站主机(192.168.80.12):
cd /usr/local/nginx/html
vim index.html
......
<img src="http://www.kgc.com/game.jpg"/>
</body>
</html>
echo "192.168.81.129 www.kgc.com" >> /etc/hosts
echo "192.168.81.130 www.benet.com" >> /etc/hosts
在盗图网站主机上进行浏览器验证
http://www.benet.com