Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，并在一个BSD-like 协议下发行。其特点是占有内存少，并发能力强。

Nginx

基础环境

8核CPU
centos 6.x
nginx 1.6+

yum安装

<code>
yum -y install nginx
chkconfig nginx on
service nginx start
</code>

nginx角色定位**

在目前生产环境中，nginx目前有三种不同角色，所采用的配置也有所不同，根据不同角色需采用不同的配置文件

1. 前端反向代理（负责均衡机）
2. 后端php处理机

3. 后端图片处理机

   
   
   整体架构图

前端反向代理机配置（负责均衡机）：8核

作为应用请求入口，转发请求和负载均衡，对机器性能要求相对较低（但需稳定）：

1. 负载策略配置
2. 请求转发配置
3. 反向代理缓存
4. gzip配置

主配置：/etc/nginx/nginx.conf

<pre>
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
accept_mutex off;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;

#log config
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;

timeout config

keepalive_timeout 60;
client_header_timeout 60;
client_body_timeout 60;
reset_timedout_connection on;

client size config

client_max_body_size 16m;
client_header_buffer_size 2k;
large_client_header_buffers 4 8k;
client_body_buffer_size 8k;

gzip config

gzip on;
gzip_min_length 2k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 8;
gzip_proxied any;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_disable "MSIE [1-6].|Mozilla/4";
gzip_vary on;

#proxy cache config
proxy_temp_path /data/nginx_temp;
proxy_cache_path /data/nginx_cache levels=1:2 keys_zone=dayoo:200m inactive=10d max_size=4g;

#other config
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}</pre>

负载均衡配置：/etc/nginx/conf.d/upstreams.conf（假设有三台后端php机器）

<pre>
### bakend_101_102_103
upstream bakend_123 {
server 192.168.1.101 weight=1;
server 192.168.1.102 weight=1;
server 192.168.1.103 backup;
}
### end bakend_101_102_103
</pre>

虚拟主机配置（代理转发）：/etc/nginx/conf.d/hosts.conf

<pre>

xxx.example.com

server {
listen 80;
server_name xxx.dayoo.com;
access_log off;
error_log off;
location / {
proxy_pass http://bakend_123; #选择对应的负载均衡配置
proxy_read_timeout 60; #与后端处理机timeout时间一致
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_next_upstream error timeout http_502;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding 'gzip';
proxy_set_header Via '100'; #本机内网ip，标识用
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}  

}

end xxx. example.com

</pre>

带宽控制

针对特定目录（download）进行带宽限制，在达到 limit_rate_after 上限后，限速为 limit_rate
<pre>
location /downLoad/ {
limit_rate_after 500k;
limit_rate 50k;
}
</pre>

并发控制

limit_conn 限制并发次数，虽然简单粗暴，但不能做精细控制
<pre>
limit_conn_zone $server_name zone=servers:10m;
server {
...
location /downLoad/ {
limit_conn servers 100;
...
}
...
}
</pre>

后端php处理机配置：8核

实际处理web请求，一般来说每台后端机器性能&配置保持一致，机器性能最终决定整体负载，相对而言对机器性能要求较高，主要配置项：

1. url rewrite
2. 错误日志记录
3. php处理

主配置：/etc/nginx/nginx.conf

<pre>
user nginx;
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;

log config

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;

timeout config

keepalive_timeout 60;
client_header_timeout 60;
client_body_timeout 60;
reset_timedout_connection on;

client size config

client_max_body_size 16m;
client_header_buffer_size 2k;
large_client_header_buffers 4 8k;
client_body_buffer_size 8k;

other config

server_tokens off;

include /etc/nginx/conf.d/*.conf;
}
</pre>

fastcgi配置（php处理机）: 新建 /etc/nginx/fastcgi.conf

<pre>
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;
fastcgi_param SCRIPT_FILENAME $request_filename;
</pre>

虚拟主机配置（php处理机）：/etc/nginx/ conf.d/xxx.example.com.conf

<pre>
server {
listen 80;
server_name xxx. example.com;
root /data/www/xxx. example.com;
error_log /var/log/nginx/xxx. example.com.error.log warn;
index index.html index.htm index.php;
location / {
...
}
location ~ .php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
}
}
</pre>

后端图片处理机配置

[LNMP]缩略图网关：Nginx的http_image_filter_module应用

2014/08