Nginx 企業級優化

一.配置Nginx隱藏版本號javascript

[root@localhost ~]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: nginx/1.16.1    //Nginx版本號
Date: Fri, 13 Sep 2019 02:20:55  GMT
Content-Type: text/html; charset=utf-8
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 01:54:04 GMT
Connection: keep-alive
ETag: "5d7af6bc-264"
Accept-Ranges: bytesphp

隱藏方法css

1.修改源碼包(安裝以前)html

[root@localhost ~]# tar xf nginx-1.16.1.tar.gz -C /usr/src/前端

[root@localhost ~]# useradd -M -s /sbin/nologin nginxjava

[root@localhost ~]# vim /usr/src/nginx-1.16.1/src/core/nginx.hlinux

13  #define NGINX_VERSION "8.15.45"
14  #define NGINX_VER "chenyu/" NGINX_VERSION  這兩個位置改爲你想要的名字和版本號nginx

[root@localhost ~]# yum -y install pcre-devel zlib-devel openssl-devel gcc gcc-c++ makec++

[root@localhost ~]# cd /usr/src/nginx-1.16.1/apache

[root@localhost nginx-1.16.1]./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module && make && make install

[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/

[root@localhost nginx-1.16.1]# nginx

[root@localhost nginx-1.16.1]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: chenyu/8.15.45   //修改爲功
Date: Fri, 13 Sep 2019 02:32:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 02:30:34 GMT
Connection: keep-alive
ETag: "5d7aff4a-264"
Accept-Ranges: bytes

2.修改配置文件(安裝完成後)

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

在http{ }中添加 sever_tokens off;  
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx
[root@localhost ~]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: nginx  //安裝完成後的修改沒法修改版本號
Date: Fri, 13 Sep 2019 02:35:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 02:30:34 GMT
Connection: keep-alive
ETag: "5d7aff4a-264"
Accept-Ranges: bytes

二. 修改Nginx用戶與組

1.編譯安裝時指定

[root@localhost ~]# useradd -M -s /sbin/nologin nginx

[root@localhost nginx-1.16.1]./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module && make && make install

2.修改配置文件

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

2 user nginx nginx;

[root@localhost ~]# ps aux |grep nginx
root 4715 0.0 0.1 46100 1952 ? Ss 10:32 0:00 nginx: master process nginx
nginx 4803 0.0 0.2 48624 2340 ? S 10:35 0:00 nginx: worker process
root 4975 0.0 0.0 112724 996 pts/0 R+ 10:54 0:00 grep --color=auto nginx

三.配置Nginx網頁緩存時間

當Nginx將網頁數據返回給客戶端後,能夠設置緩存時間,以方便在往後進行相同內容的請求時直接返回

可修改配置文件,在http段,或server段,或者location段加入對特定內容的過時參數

以圖片爲例

[root@localhost html]# ln -s /usr/local/nginx/conf/nginx.conf /etc/nginx.conf  主配置文件太長,因此我建立了條鏈接

[root@localhost html]# vim /etc/nginx.conf

  location ~ \.(jpg|jpeg|gif)$ {
  expires 1d;
  }

[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx

[root@localhost html]# vim /usr/local/nginx/html/index.html   //在/body> 前加下面的句子引用圖片

  <img src="linux.jpg"/>

 

 

 設置成功,緩存時間爲1天

四. 實現Nginx的日誌切割

[root@localhost ~]# vim fenge.sh

#!/bin/bash

data=$(date -d "-1 day" "+%Y%m%d")                //前一天的時間
logs_path="/usr/local/nginx/logs"                 //日誌存放位置
pid_path="/usr/local/nginx/logs/nginx.pid"              //pid文件
[ -d $logs_path/bak ] || mkdir -p $logs_path/bak          //判斷是否存在備份目錄
if [ -f $pid_path ];then                      //判斷
mv $logs_path/access.log $logs_path/bak/access.log-$data     //將日誌文件打包放在bak中之前一天的時間爲名
kill -USR1 $(cat $pid_path)                //生成新的日誌
find $logs_path -mtime +30 | xargs rm -f          //刪除30天前的命令
else
echo "Error,Nginx is not working!" | tee -a /var/log/messages    //若是未運行或失敗則輸出並加入到系統日誌中

fi

[root@localhost ~]# tail -f /usr/local/nginx/logs/access.log
192.168.200.111 - - [13/Sep/2019:10:32:11 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.200.111 - - [13/Sep/2019:10:35:53 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"     //以前測試產生的日誌

[root@localhost ~]# bash fenge.sh
[root@localhost ~]# cat /usr/local/nginx/logs/access.log    //運行腳本後日志爲空
[root@localhost ~]# cd /usr/local/nginx/logs/
[root@localhost logs]# ls                                                   
access.log bak error.log nginx.pid                                      //生成了備份目錄
[root@localhost logs]# cd bak        
[root@localhost bak]# ls
access.log-20190912                                                          //生成了備份文件
[root@localhost bak]# cat access.log-20190912
192.168.200.111 - - [13/Sep/2019:10:32:11 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.200.111 - - [13/Sep/2019:10:35:53 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"//備份日誌爲以前產生的日誌

[root@localhost bak]# cd
[root@localhost ~]# chmod +x fenge.sh 給腳本加執行權限放在天天0點執行
[root@localhost ~]# crontab -e

0 0 * * * /root/fenge.sh

五.配置Nginx實現連接超時

[root@localhost html]# vim /etc/nginx.conf

在server前添加

  keepalive_timeout 65;                //鏈接保持超時時間,根據網站狀況設置,可在http段,server段或者location段設置
  client_header_timeout 60;          //請求頭
  client_body_timeout 60;     //請求主體

[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx

六.更改Nginx運行進程數

在高併發場景,須要啓動更多的nginx進程以保證快速影響。

修改配置文件的worker_processes參數,通常設置CPU的個數或者核數的2倍

[root@localhost ~]# cat /proc/cpuinfo | grep -c "physical"

2

[root@localhost ~]# vim /etc/nginx.conf

worker_processes 2;

默認Nginx的多進程可能更多的跑在一顆cpu上,能夠分配不一樣的進程給不一樣的cpu處理。一臺4核的cpu能夠進行下面的配置,將進程進行分配

worker_cpu_affinity 0001 0010 0100 1000

七.配置Nginx實現網頁壓縮功能

Nginx的nex_http_gzip_module壓縮模塊提供了對文件內容壓縮的功能,容許nginx服務器將輸出內容發送給客戶端以前進行壓縮。

[root@localhost ~]# vim /etc/nginx.conf 

  gzip on;        //開啓gzip壓縮輸出
  gzip_min_length 1k;    //用於設置容許壓縮的頁面最小字節數
  gzip_buffers 4 16k;     //表示申請4個單位爲16k的內存做爲壓縮結果流緩存
  gzip_http_version 1.1;   //設置識別http協議版本,默認是1.1
  gzip_comp_level 2;     //gzip壓縮比,1-9等級
  gzip_types text/plain text/javascript application/x-javascrip text/css text/xml application/xml application/xml+rss;  //壓縮類型,就是對哪類網頁文檔啓用壓縮功能
  #gzip_vary on;       //選項可讓前端的緩存服務器通過gzip壓縮的頁面

[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

八.配置Nginx實現防盜鏈功能

 111中引用圖片,114中盜用圖片連接

[root@localhost nginx]# vim html/index.html 

..........

<img src="http://192.168.200.111/linux.jpg"/>

..........

 

114中的圖片地址爲111的圖片地址,盜鏈成功

在111中設置防盜鏈

[root@localhost ~]# vim /etc/nginx.conf

  location ~* \.(jpg|jpeg)$ {                                                   
  valid_referers none blocked *.amber.com amber.com;  //valid_referers 設置信任網站,通常爲公司內部的ip。none瀏覽器中referer爲空的狀況,就直接在瀏覽器中訪問圖片。 block referer不爲空的狀況,可是值被代理或者防火牆刪除了,這些值不以http://或https://開頭
  if ($invalid_referer) {                               
  rewrite ^/ http://192.168.200.111/daolian.txt;     //若是鏈接的來源不是*.amber.com amber.com的域,則強制跳轉到http://192.168.200.111/daolian.txt
    }
  }

[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx

 

圖片加載錯誤,防盜鏈成功

九.對FPM模塊進行參數優化

Nginx的PHP解析功能實現若是是交由FPM處理的,爲了提升PHP的處理速度,可對FPM模塊進行參數跳轉。

FPM:優化參數

pm                                            //使用哪一種方式啓動fpm進程,能夠說static和dynamic,前者將產生固定數量的fpm進程,後者將以動態的方式產生fpm進程

pm.max_children                     //static方式開啓的fpm進程數  

pm.start_servers                     //動態方式下初始的fpm進程數

pm.min_spare_servers           //動態方式下最小的fpm空閒進程數

pm.max_spare_servers          //動態方式下最大的fpm空閒進程數

注:以上調整要根據服務器的內存與服務器負載進行調整

示例:服務器爲雲服務器,運行了我的論壇,內存爲1.5G,fpm進程數爲20,內存消耗近1G,處理比較慢

#vim/usr/local/php5/etc/php-fpm.conf

pm = dynamic

pm.start_servers = 5

pm.min_spare_servers = 2

pm.max_spare_servers = 8

十.Nginx爲目錄添加訪問控制

[root@localhost ~]# yum -y install httpd-tools       //使用apache的htpasswd建立密碼,安裝http-tools

[root@localhost ~]# htpasswd -c /usr/local/nginx/user tom       //使用htpasswd首次建立密碼時,須要加-c,爲了是建立儲存用戶和密碼的文件夾。
New password:
Re-type new password:
Adding password for user tom

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

  location /admin {
  stub_status on;
  access_log off;        //前兩行是ngxinx的管理模塊
  auth_basic "Nginx status";    //basic是一種基本認證方式,雙引號的名字能夠自定義
  auth_basic_user_file /usr/local/nginx/user;     //指定登陸的用戶和密碼的保存位置

  #allow 192.168.200.114;      //容許114登陸

  #deny 192.168.200.0/24;     //不容許200網段的登陸
  }

[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx

登陸模塊管理界面須要登錄

 

 登錄成功顯示內容 

十一.自定義錯誤頁面

[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf

error_page 401 403 404 408 /40x.html;    //當返回401 403 404 408錯誤時,去尋找40x.tml
location = /40x.html {                                 //location匹配,當找40x.html時,去html裏找
root html;
}

[root@localhost html]# cat 40x.html
<h1>這是我自定義的錯誤頁面</h1>     //建立40x.html 自定義錯誤頁面

[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx

 

 測試時,在域名後隨意輸入內容,會返回錯誤頁面,測試成功。

十二.自動索引

 

[root@localhost html]# mkdir download
[root@localhost html]# cd download/
[root@localhost download]# mkdir {3..7}.{1..9}
[root@localhost download]# ls
3.1 3.3 3.5 3.7 3.9 4.2 4.4 4.6 4.8 5.1 5.3 5.5 5.7 5.9 6.2 6.4 6.6 6.8 7.1 7.3 7.5 7.7 7.9
3.2 3.4 3.6 3.8 4.1 4.3 4.5 4.7 4.9 5.2 5.4 5.6 5.8 6.1 6.3 6.5 6.7 6.9 7.2 7.4 7.6 7.8
[root@localhost download]# cd 7.9
[root@localhost 7.9]# touch Centos7.9.26
[root@localhost 7.9]# ls
Centos7.9.26

[root@localhost 7.9]# vim /usr/local/nginx/conf/nginx.conf

  location /download {     //訪問download開啓下載
  autoindex on;
  }

[root@localhost 7.9]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost 7.9]# killall -HUP nginx

 

 

 

 點擊能夠下載

 

十三. 經過UA實現手機端和電腦端的分離(有些問題,先別看了)

location / {
root /usr/local/nginx/html;
if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT\-)|(SonyEricsson)|(NEC\-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi\-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG\-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC\-)|(SED\-)|(EMOL\-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" )
{
root /usr/local/nginx/html/mobile;
}

index index.html index.htm;
}

十四.Nginx平滑升級版本

[root@localhost ~]# nginx -V
nginx version: nginx/1.15.9
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx

[root@localhost ~]# tar xf nginx-1.16.1.tar.gz -C /usr/src/

[root@localhost ~]# cd /usr/src/nginx-1.16.1/
[root@localhost nginx-1.16.1]# ./configure --prefix=usr/local/nginx --user=nginx --group=nginx && make   //不要make install

[root@localhost nginx-1.16.1]# cd /usr/local/nginx/sbin/
[root@localhost sbin]# ls
nginx
[root@localhost sbin]# mv nginx nginx.old
[root@localhost sbin]# cd /usr/src/nginx-1.16.1/
[root@localhost nginx-1.16.1]# cp objs/nginx /usr/local/nginx/sbin/

[root@localhost nginx-1.16.1]# ls /usr/local/nginx/sbin/
nginx nginx.old

[root@localhost ~]# ps aux | grep nginx
root 8694 0.0 0.1 20552 608 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginx                    //老版本的進程
nginx 8695 0.0 0.2 23088 1380 ? S 10:05 0:00 nginx: worker process
root 11295 0.0 0.2 112724 996 pts/0 R+ 10:09 0:00 grep --color=auto nginx

[root@localhost ~]# kill -USR2 8694[root@localhost ~]# ps aux | grep nginxroot 8694 0.0 0.1 20552 796 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginxnginx 8695 0.0 0.2 23088 1380 ? S 10:05 0:00 nginx: worker processroot 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginx                //出現兩組nginxnginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11308 0.0 0.2 112724 996 pts/0 R+ 10:09 0:00 grep --color=auto nginx[root@localhost ~]# kill -WINCH 8694[root@localhost ~]# ps aux | grep nginxroot 8694 0.0 0.1 20552 796 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginx/                     //工做進程關閉root 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginxnginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11328 0.0 0.2 112724 996 pts/0 R+ 10:10 0:00 grep --color=auto nginx[root@localhost ~]# kill -QUIT 8694[root@localhost ~]# ps aux | grep nginxroot 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginx                 //只剩下新版本的進程nginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11336 0.0 0.2 112724 996 pts/0 R+ 10:11 0:00 grep --color=auto nginx[root@localhost ~]# nginx -vnginx version: nginx/1.16.1                   //升級完成

相關文章
相關標籤/搜索