Nginx large cluster deployment steps and Tuning

Preparing the Environment

two front end of the scheduling server nginx:
nginx1: 192.168.0.1
nginx2: 192.168.0.2
nginx backend server page 8:
web1: 192.168.0.10
web2: 192.168.0.11
Web3: 192.168.0.12
WEB4: 192.168.0.13
WEB5: 192.168.0.14
Web 6: 192.168.0.15
web7: 192.168.0.16
web8: 192.168.0.17
keepaliveip a
keepalive: 192.168.0.3

ansible ready

Faster build using ansible
1. First, the host installation ansible
yum the install ansible -Y
2. configure the hosts address
vim / etc / ansible / hosts

[nginx]
nginx[1:2]
[web]
web[1:8]
[web-php]
web[1:4]
[web-nginx]
web[5:8]

NOTE: ssh port are all 22, or need another port configuration information
Address Configuration hosts ansible machine
vim / etc / hosts

192.168.0.1 nginx1
192.168.0.2 nginx2
192.168.0.10 web1
192.168.0.11 web2
192.168.0.12 web3
192.168.0.13 web4
192.168.0.14 web5
192.168.0.15 web6
192.168.0.16 web7
192.168.0.17 web8

Configuring public and private keys
ssh-keygen -t rsa -b 4096
where the private key is id_rsa
id_rsa.pub this is the public key

Copy the public key to the client and create permissions for the authorized_keys 600
and modify the / etc / ssh / sshd_config

RSAAuthentication yes
PubkeyAuthentication yes

PasswordAuthentication no

Configuring ansible first time you log yes do not enter
vim ansible.cfg

host_key_checking = False  

5. Test environment preparation ansible
ansible web -m ping
all green returns a through, single fault single check.

The machine configuration repository yum, and rpm package produced nginx (basic operations, do not write here)

Repo will be configured to pass all the hosts file and install nginx

ansible all -m copy -a 'src=**.repo dest=/etc/yum.repo.d/'

6. edited nginx.conf transferred to the proxy server

ansible nginx -m copy -a '/usr/local/nginx/conf/'

Configuration is as follows

http {
.. ..
#使用upstream定义后端服务器集群，集群名称任意(如webserver)
#使用server定义集群中的具体服务器和端口
upstream webserver {
#通过ip_hash设置调度规则为：相同客户端访问相同服务器
#ip_hash;
#server 192.168.0.10:weight=1 max_fails=1 fail_timeout=30;
                server 192.168.0.10:80;
                server 192.168.0.11:80;
                server 192.168.0.12:80;
                server 192.168.0.13:80;
                server 192.168.0.14:80;
                server 192.168.0.15:80;
                server 192.168.0.16:80;
                server 192.168.0.17:80;
                
#weight设置服务器权重值，默认值为1
#max_fails设置最大失败次数
#fail_timeout设置失败超时时间，单位为秒
#down标记服务器已关机，不参与集群调度
        }
.. ..
server {
        listen        80;
        server_name  localhost;
            location / {
#通过proxy_pass将用户的请求转发给webserver集群
            proxy_pass http://webserver;
        }
}

6. Restart nginx

/usr/local/nginx/sbin/nginx -s reload

7. Use curl to access test

8. The back-end web server configuration
back-end server need to install nginx, four front mounting php
front four packages need to be installed:
nginx, php, FPM-php, php-MySQL
the need to install four nginx

The first four file servers to be configured nginx.conf

location / {
            root   html;
            index  index.php  index.html   index.htm;
#设置默认首页为index.php，当用户在浏览器地址栏中只写域名或IP，不说访问什么页面时，服务器会把默认首页index.php返回给用户
        }
 location  ~  \.php$  {
            root           html;
            fastcgi_pass   127.0.0.1:9000;    #将请求转发给本机9000端口，PHP解释器
            fastcgi_index  index.php;
            #fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi.conf;
        }

Create a php test page:
vim /usr/local/nginx/html/test1.php

<?php
$i="This is a test Page";
echo $i;
?>

Tuning configuration:

nginx.conf file

http {
client_header_buffer_size    1k;        //默认请求包头信息的缓存    
large_client_header_buffers  4 4k;        //大请求包头部信息的缓存个数与容量
gzip on;                            //开启压缩
gzip_min_length 1000;                //小文件不压缩
gzip_comp_level 4;                //压缩比率
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
                                    //对特定文件压缩，类型参考mime.types
 open_file_cache          max=2000  inactive=20s;
 open_file_cache_valid    60s;
 open_file_cache_min_uses 5;
 open_file_cache_errors   off;
//设置服务器最大缓存2000个文件句柄，关闭20秒内无请求的文件句柄
//文件句柄的有效时间是60秒，60秒后过期
//只有访问次数超过5次会被缓存
.. ..
}

worker_processes  2;                  ##与CPU核心数量一致
events {
worker_connections 65535;        ##每个worker最大并发连接数
use epoll;
}

server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires        30d;            //定义客户端缓存时间为30天
}
error_page   404  /40x.html;    //自定义错误页面

Optimize the kernel:
ulimit -a // view all property values
ulimit -Hn 100000 // set a hard limit (temporary rule)
ulimit -Sn 100000 // Set the limit (temporary rule)
vim /etc/security/limits.conf
... ...

•           soft    nofile            100000
  

•           hard    nofile            100000
  

Tuning configuration must restart nginx

Cutting logs

1. Manually execute
mv access.log access2.log
the kill -USR1 $ (CAT /usr/local/nginx/logs/nginx.pid)
Note: /usr/local/nginx/logs/nginx.pid file is stored in nginx process PID number.

or

AutoComplete
vim /usr/local/nginx/logbak.sh

#!/bin/bash
date=`date +%Y%m%d`
logpath=/usr/local/nginx/logs
mv $logpath/access.log $logpath/access-$date.log
mv $logpath/error.log $logpath/error-$date.log
kill -USR1 $(cat $logpath/nginx.pid)

crontab -e
03 03 * * 5 /usr/local/nginx/logbak.sh

Additional

View server status:
you need to add modules -with-http_stub_status_module compile the installation
to modify the configuration file defines the status page
vim /usr/local/nginx/conf/nginx.conf

… …
location /status {
                stub_status on;
                 #allow IP地址;
                 #deny IP地址;
        }
… …

Restart nginx
curl HTTP: // ip / Status can see the access to the information
details are as follows:
the Active Connections: number of connections currently active.
Accepts: has accepted the total number of connections clients.
Handled: the total number of connections has been handling clients.
(Consistent with generally accepts, unless the server limits the number of connections).
Requests: number of requests sent by the client.
Reading: The current server is reading the number of head of client requests.
Writing: The current server is written in response to the amount of information.
Waiting: The current number of customers waiting for the server-side response.

Address Rewriting

vim /usr/local/nginx/conf/nginx.conf

server {
        listen       80;
        server_name  localhost;
#rewrite /a.html  /b.html;            
#访问a.html重定向到b.html
或
#rewrite /a.html  /b.html  redirect;            
#访问a.html重定向到b.html（跳转地址栏）
或者
#访问192.168.0.5的请求重定向至www.ccc.cn
#rewrite ^/ http://www.ccc.cn/;
或
#rewrite ^/(.*)$ http://www.dd.cn/$1;
#修改配置文件(访问192.168.0.5/下面子页面，重定向至www.dd.cn/下相同的页面)
location / {
    root   html;
index  index.html index.htm;
}
#这里，~符号代表正则匹配，*符号代表不区分大小写
if ($http_user_agent ~* firefox) {            //识别客户端firefox浏览器
rewrite ^(.*)$ /firefox/$1;
#实现curl和火狐访问相同链接返回的页面不同
}

Address Rewriting format [summary]
rewrite the old address of the new address [Options];
Last no longer read other rewrite
BREAK no longer read other statements, the end of the request
redirect temporary redirect
permament permanent redirects