- 快召唤伙伴们来围观吧
- 微博 QQ QQ空间 贴吧
- 文档嵌入链接
- 复制
- 微信扫一扫分享
- 已成功复制到剪贴板
Nginx基础和最佳实践
展开查看详情
1 .NGINX: Basics and Best Practices
2 .Who are we? Faisal Memon Anthony Leverington Product Marketing Manager, NGINX Country Manager, ANZ, NGINX Formerly: Formerly: • Sr. Technical Marketing Engineer, Riverbed • Account Manager, AWS • Technical Marketing Engineer, Cisco • Cloud Sales Specialist, Optus • Software Engineer, Cisco • Technical Pre-Sales, VMWare
3 .Agenda • Introducing NGINX • Installing NGINX and NGINX Plus • Key files, commands, and directories • Basic configurations • Advanced configurations • Logging and monitoring • Summary
4 .“I wanted people to use it, so I made it open source.” - Igor Sysoev, NGINX creator and founder
5 .336 million Total sites running on NGINX Source: Netcraft June 2018 Web Server Survey
6 . 64% Busiest 10,000 run on NGINX Source: w3techs, June 2018
7 .Our Customers
8 .What is NGINX? Web Server Serve content from disk HTTP traffic Internet Load Balancer Reverse Proxy Caching, SSL termination… FastCGI, uWSGI, gRPC… NGINX Open Source NGINX Plus - Basic load balancer - Rate limiting + Advanced load balancer + JWT Authentication - Content Cache - Basic authentication + Health checks + OpenID Connect SSO - Web Server - 7 metrics + Session persistence + NGINX Plus API - Reverse Proxy + Least time alg + Dynamic modules - SSL termination + Cache purging + 90+ metrics + High Availability
9 .About NGINX, Inc. • Founded in 2011, NGINX Plus first released in • Offices in SF, London, Cork, Singapore, 2013 Sydney, and Moscow • Series C funding of $43 million from Goldman • 1,500+ commercial customers Sachs and NEA • 200+ employees
10 .Agenda • Introducing NGINX • Installing NGINX and NGINX Plus • Key files, commands, and directories • Basic configurations • Advanced configurations • Logging and monitoring • Summary
11 .NGINX Installation Options • Official NGINX repo - Mainline (recommended) -- Actively developed; new minor releases made every 4-6 weeks with new features and enhancements. - Stable -- Updated only when critical issues or security vulnerabilities need to be fixed. • OS vendor and other 3rd party repos - Not as frequently updated; Debian Stretch has NGINX 1.10.3 - Typically built off NGINX Stable branch
12 .NGINX Installation: Debian/Ubuntu Create /etc/apt/sources.list.d/nginx.list with the following contents: deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx • OS – ubuntu or debian depending on your distro • CODENAME: - jessie or stretch for debian - trusty, xenial, artful, or bionic for ubuntu $ wget http://nginx.org/keys/nginx_signing.key $ apt-key add nginx_signing.key $ apt-get update $ apt-get install –y nginx $ /etc/init.d/nginx start
13 .NGINX Installation: CentOS/Red Hat Create /etc/yum.repos.d/nginx.repo with the following contents: [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 • OS -- rhel or centos depending on your distro • OSRELEASE -- 6 or 7 for 6.x or 7.x versions, respectively $ yum –y install nginx $ systemctl enable nginx $ systemctl start nginx $ firewall-cmd --permanent --zone=public --add-port=80/tcp $ firewall-cmd --reload
14 .NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop down list • Instructions similar to OSS installation • Mostly just using a different repo and installing client certificate
15 .Verifying Installation $ nginx -v nginx version: nginx/1.15.0 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
16 .Verifying Installation
17 .NGINX Installation Misc • For more installation details: http://nginx.org/en/linux_packages.html - List of all supported distros and CPUs - Suse Linux installation instructions • For NGINX Plus, see: https://cs.nginx.com/repo_setup - List of all supported distros and CPUs, including FreeBSD
18 .Agenda • Introducing NGINX • Installing NGINX and NGINX Plus • Key files, commands, and directories • Basic configurations • Advanced configurations • Logging and monitoring • Summary
19 .Key NGINX Files and Directories /etc/nginx/ /etc/nginx/conf.d/ nginx.conf virtualserver1.conf -------------------------- Global settings server { -------------------------- server listen{ <parameters>; Listen for (tunings, logs, etc) server { <parameters>; listen requests listen <parameters>; http { location <url> { ---------------------- HTTP block location <url> { Rules to handle ---------------- location <url> { include conf.d/*.conf; ---------------- each request } ---------------- } } } } } } upstream { upstream { ------------------- Optional: proxy upstream { ------------------- to upstreams } ------------------- } /var/log/nginx/ } error.log Important operational messages access.log Record of each request (configurable)
20 .Key NGINX Commands • nginx –h Display NGINX help menu • nginx –t Check if NGINX configuration is ok • nginx –s reload Check config is ok and gracefully reload NGINX processes • nginx –V Similar to –v, but with more detailed information • nginx –T Dump full NGINX configuration
21 .Agenda • Introducing NGINX • Installing NGINX and NGINX Plus • Key files, commands, and directories • Basic configurations • Advanced configurations • Logging and monitoring • Summary
22 .Simple Virtual Server server { • server defines the context for a listen 80 default_server; virtual server server_name www.example.com; • listen specifies IP/port NGINX return 200; should listen on. No IP means bind } to all IPs on system • server_name specifies hostname of virtual server • return tells NGINX to respond directly to the request.
23 .Basic Web Server Configuration server { • root specifies directory where files are stored listen 80 default_server; server_name www.example.com; • alias specifies a replacement for the specified location location /i/ { root /usr/share/nginx/html; • index defines files that will be used as an index # alias /usr/share/nginx/html; index index.html index.htm; } } • index: www.example.com -> /usr/share/nginx/html/index.html • root: www.example.com/i/file.txt -> /usr/share/nginx/html/i/file.txt • alias: www.example.com/i/file.txt -> /usr/share/nginx/html/file.txt
24 .Basic Load Balancing Configuration upstream my_upstream { • upstream defines the load balancing pool server server1.example.com; server server2.example.com; • Default load balancing algorithm is round robin. least_time; Others available: } • least_conn selects server with least server { amount of active connections location / { • least_time factors in connection count proxy_set_header Host $host; and server response time. Available in NGINX Plus only. proxy_pass http://my_upstream; } • proxy_pass links virtual server to upstream } • By default NGINX rewrites Host header to name and port of proxied server. proxy_set_header overrides and passes through original client Host header.
25 .Basic Reverse Proxy Configuration server { • Requires PHP FPM: location ~ ^(.+\.php)(.*)$ { apt-get install –y php7.0-fpm fastcgi_split_path_info ^(.+\.php)(.*)$; • Can also use PHP 5 # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; • Similar directives available for uWSGI and SCGI. fastcgi_index index.php; • Additional PHP FPM configuration may include fastcgi_params; be required } }
26 .Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 • proxy_cache_path defines the keys_zone=my_cache:10m max_size=10g parameters of the cache. inactive=60m use_temp_path=off; • keys_zone defines the size of server { memory to store cache keys in. A location / { 1 MB zone can store data for proxy_cache my_cache; about 8,000 keys. proxy_set_header Host $host; proxy_pass http://my_upstream; • max_size sets upper limit of } cache size. Optional. } • inactive defines how long an object can stay in cache without being accessed. Default is 10 m. • proxy_cache enables caching for the context it is in
27 .Basic SSL Configuration server { • Force all traffic to SSL is good for listen 80 default_server; security and SEO server_name www.example.com; return 301 https://$server_name$request_uri; • Use Let’s Encrypt to get free SSL } certificates, see: server { nginx.com/blog/using-free- listen 443 ssl default_server; ssltls-certificates-from- server_name www.example.com; lets-encrypt-with-nginx ssl_certificate cert.crt; ssl_certificate_key cert.key; location / { root /usr/share/nginx/html; index index.html index.htm; } }
28 .Basic HTTP/2 Configuration server { • HTTP/2 improves performance with little listen 443 ssl http2 default_server; to no backend changes server_name www.example.com; • Add http2 parameter to listen ssl_certificate cert.crt; directive of existing SSL-enabled virtual ssl_certificate_key cert.key; server. HTTP/2 is only supported with } SSL in all browsers. • NGINX only does HTTP/2 client side, server side is still HTTP/1.1. gRPC is a special case. • Note: HTTP/2 requires OpenSSL 1.0.2 or later to work properly
29 .Multiplexing Multiple Sites on One IP server { • NGINX can multiplex a single listen 80 default_server; server_name www.example.com; IP/port using the Host: header. # ... } • default_server defines the server { virtual server to use if Host header listen 80; server_name www.example2.com; is empty. It is best practice to have # ... a default_server. } server { listen 80; server_name www.example3.com; # ... }