Detailed description of nginx from compilation and installation to configuration file description in Chinese

This article introduces Nginx from compilation and installation to configuration file description in detail. Each step is given in detail and can be used as a guide for installing Nginx.

Okay, let’s get straight to the point.

1. Install nginx

1.1 Choose a stable version of Nginx

We compile and install nginx to customize our own modules, the machine is CentOS 6.2 x86_64. First install the missing dependencies:

# yum -y install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel

If these packages are not available on yum, you can download the source code to compile and install them. Just pay attention to the default installation directory during compilation to ensure that these dynamic library files (ldconfig) can be found when installing nginx below.

Download the stable version of nginx-1.6.3.tar.gz from https://www.jb51.net/softs/35633.html and unzip it in /usr/local/src.

For subsequent preparation, we download two more plug-in modules:

nginx_upstream_check_module-0.3.0.tar.gz —— Check the status of the backend server

nginx-goodies-nginx-sticky-module-ng-bd312d586752.tar.gz—— Backend load balancing to solve session sticky problem

It is recommended to rename the directory to nginx-sticky-module-ng-1.2.5 after decompressing it in /usr/local/src. To use it in conjunction with the upstream_check module, additional patches are required. Please refer to the practical configuration of nginx load balancing.

Please pay attention to the compatibility between the plug-in and nginx versions. Generally, the newer the plug-in, the better. There is no need to chase new nginx. Stability comes first.

nginx-1.4.7, nginx-sticky-module-1.1, nginx_upstream_check_module-0.2.0, this combination is also fine.

The sticky-1.1 and nginx-1.6 versions failed to keep up with the compilation due to updates. (You can use Tengine directly, which includes these modules by default)

[root@cachets nginx-1.6.3]# pwd
/usr/local/src/nginx-1.6.3
[root@cachets nginx-1.6.3]# ./configure --prefix=/usr/local/nginx-1.6 --with-pcre \
> --with-http_stub_status_module --with-http_ssl_module \
> --with-http_gzip_static_module --with-http_realip_module \
> --add-module=../nginx_upstream_check_module-0.3.0

[root@cachets nginx-1.6.3]# make && make install

1.2 Description of common Nginx compilation options

Most of the commonly used modules of nginx are installed by default when compiling ./configure --help and those starting with --without.

--prefix=PATH: Specify the installation directory of nginx. Default /usr/local/nginx
--conf-path=PATH : Set the path to the nginx.conf configuration file. nginx allows to start with different configuration files, by using the -c option on the command line. The default is prefix/conf/nginx.conf
--user=name: Set the user of the nginx worker process. After the installation is complete, you can change the user directive in the nginx.conf configuration file at any time. The default username is nobody. --group=name is similar
--with-pcre: Set the source code path of the PCRE library. If it has been installed via yum, use --with-pcre to automatically find the library file. When using --with-pcre=PATH, you need to download the source code of the pcre library (version 4.4 - 8.30) from the PCRE website and unpack it. The rest will be done by Nginx's ./configure and make. Perl regular expressions are used in the location directive and the ngx_http_rewrite_module module.
--with-zlib=PATH : Specify the directory where the zlib (versions 1.1.3 - 1.2.5) source code should be extracted. zlib is required when the network transmission compression module ngx_http_gzip_module is enabled by default.
--with-http_ssl_module: Use the https protocol module. By default, this module is not built. The premise is that openssl and openssl-devel have been installed
--with-http_stub_status_module: Used to monitor the current status of Nginx
--with-http_realip_module: This module allows us to change the client IP address value in the client request header (such as X-Real-IP or X-Forwarded-For), which enables the backend server to record the original client's IP address
--add-module=PATH : Add third-party external modules, such as nginx-sticky-module-ng or cache module. Every time a new module is added, it needs to be recompiled (Tengine can add a new module without recompilation)
Here is another compilation solution:

./configure \
> --prefix=/usr \
> --sbin-path=/usr/sbin/nginx \
> --conf-path=/etc/nginx/nginx.conf \
> --error-log-path=/var/log/nginx/error.log \
> --http-log-path=/var/log/nginx/access.log \
> --pid-path=/var/run/nginx/nginx.pid \
> --lock-path=/var/lock/nginx.lock \  
> --user=nginx \
> --group=nginx \
> --with-http_ssl_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --http-client-body-temp-path=/var/tmp/nginx/client/ \
> --http-proxy-temp-path=/var/tmp/nginx/proxy/ \
> --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
> --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
> --with-pcre=../pcre-7.8
> --with-zlib=../zlib-1.2.3

1.3 Nginx startup and shutdown

## Check if the configuration file is correct# /usr/local/nginx-1.6/sbin/nginx -t 
# ./sbin/nginx -V # You can see the compilation options## Start, shut down# ./sbin/nginx # Default configuration file conf/nginx.conf, -c specifies# ./sbin/nginx -s stop
or pkill nginx

## Restart will not change the configuration file specified at startup# ./sbin/nginx -s reload
or kill -HUP `cat /usr/local/nginx-1.6/logs/nginx.pid`

Of course, you can also manage nginx as a system service, download nginx to /etc/init.d/, modify the path inside and grant executable permissions.

# service nginx {start|stop|status|restart|reload|configtest}

1.4 Nginx yum installation

Installing the rpm package with yum is much simpler than compiling and installing it. Many modules will be installed by default, but the disadvantage is that if you want to install third-party modules in the future, there is no way.

# vi /etc/yum.repo.d/nginx.repo 
[nginx] 
name=nginx-repo 
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ 
gpgcheck=0 
enabled=1

The rest can be done with yum install nginx, or you can use yum install nginx-1.6.3 to install a specific version (provided that you see the corresponding version in packages, the default is the latest stable version).

2. nginx.conf configuration file

The Nginx configuration file is mainly divided into four parts:

main (global settings)

server (host settings)

Upstream (upstream server settings, mainly reverse proxy and load balancing related configuration)

location (settings after a URL matches a specific location)

Each section contains several instructions.

The instructions set in the main part will affect the settings of all other parts;

The instructions in the server part are mainly used to specify the virtual host domain name, IP and port;

The upstream directive is used to set up a series of backend servers, set up reverse proxy and load balancing of backend servers;

The location part is used to match the location of the web page (for example, the root directory "/", "/images", etc.).

The relationship between them is: server inherits main, location inherits server;

Upstream neither inherits directives nor is inherited by them. It has its own special instructions that do not need to be applied elsewhere.

Currently nginx supports several directive contexts:

2.1 Nginx General Configuration

The following nginx.conf simply implements an example of nginx as a reverse proxy server at the front end, processing static files such as js and png, and forwarding dynamic requests such as jsp to other servers tomcat:

user www www;
worker_processes 2;

error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

pid logs/nginx.pid;


events {
  use epoll;
  worker_connections 2048;
}


http {
  include mime.types;
  default_type application/octet-stream;

  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log logs/access.log main;

  sendfile on;
  # tcp_nopush on;

  keepalive_timeout 65;

 # Set the gzip compression function to gzip on;
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 6;
  gzip_types text/html text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
  gzip_vary on;
 
 # http_proxy set client_max_body_size 10m;
  client_body_buffer_size 128k;
  proxy_connect_timeout 75;
  proxy_send_timeout 75;
  proxy_read_timeout 75;
  proxy_buffer_size 4k;
  proxy_buffers 4 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;
  proxy_temp_path /usr/local/nginx/proxy_temp 1 2;

 # Set the load balancing backend server list upstream backend { 
       #ip_hash; 
       server 192.168.10.100:8080 max_fails=2 fail_timeout=30s ; 
       server 192.168.10.101:8080 max_fails=2 fail_timeout=30s ; 
  }

 # Very important virtual host configuration server {
    listen 80;
    server_name itoatest.example.com;
    root /apps/oaapp;

    charset utf-8;
    access_log logs/host.access.log main;

    #For all / do load balancing + reverse proxy location / {
      root /apps/oaapp;
      index index.jsp index.html index.htm;

      proxy_pass http://backend; 
      proxy_redirect off;
      # The backend Web server can obtain the user's real IP through X-Forwarded-For
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
      
    }

    #Static files, nginx handles it by itself, and does not request tomcat from backend
    location ~* /download/ { 
      root /apps/oa/fs; 
      
    }
    location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$  
    {  
      root /apps/oaapp;  
      expires 7d; 
    }
    location /nginx_status {
      stub_status on;
      access_log off;
      allow 192.168.10.0/24;
      deny all;
    }

    location ~ ^/(WEB-INF)/ {  
      deny all;  
    }
    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
      root html;
    }
  }

 ## Other virtual hosts, server directive starts}

2.2 Description of common Nginx commands

2.2.1 Nginx main global configuration

Some parameters of nginx that are not related to specific business functions (such as HTTP service or email service proxy) during runtime, such as the number of working processes, running identity, etc.

woker_processes 2

In the top-level main section of the configuration file, the number of worker processes of the worker role is specified. The master process receives and distributes requests to the workers for processing. This value can be simply set to the number of CPU cores grep ^processor /proc/cpuinfo | wc -l , which is also an auto value. If SSL and gzip are enabled, it should be set to the same as or even twice the number of logical CPUs to reduce I/O operations. If the nginx server has other services, you can consider reducing them appropriately.

worker_cpu_affinity

It is also written in the main part. In high-concurrency situations, CPU stickiness can be set to reduce performance loss caused by on-site reconstruction of registers caused by switching between multiple CPU cores. Such as worker_cpu_affinity 0001 0010 0100 1000; (quad core).

worker_connections 2048

Written in the events section. The maximum number of connections that each worker process can handle (initiate) concurrently (including all connections with clients or backend proxied servers). As a reverse proxy server, nginx uses the formula for calculating the maximum number of connections = worker_processes * worker_connections/4, so the maximum number of client connections here is 1024. This can be increased to 8192, depending on the situation, but it cannot exceed the worker_rlimit_nofile setting below. When nginx is used as an http server, the calculation formula is divided by 2.

worker_rlimit_nofile 10240


Written in the main part. The default is not set, which can be limited to the maximum limit of 65535 of the operating system.

use epoll

Written in the events section. Under the Linux operating system, nginx uses the epoll event model by default. Thanks to this, nginx is quite efficient under the Linux operating system. At the same time, Nginx uses kqueue, an efficient event model similar to epoll, on OpenBSD or FreeBSD operating systems. Select is used only when the operating system does not support these efficient models.

2.2.2 Nginx http server

Some configuration parameters related to providing http services. For example: whether to use keepalive, whether to use gzip compression, etc.

sendfile on

Enable efficient file transfer mode. The sendfile directive specifies whether nginx calls the sendfile function to output files, reducing context switching from user space to kernel space. For common applications, set it to on. If it is used for disk IO heavy load applications such as downloading, it can be set to off to balance the disk and network I/O processing speeds and reduce the system load.

keepalive_timeout 65

The long connection timeout is in seconds. This parameter is very sensitive and involves the type of browser, the timeout setting of the backend server, and the setting of the operating system. It can be discussed in another article. When a long connection requests a large number of small files, it can reduce the overhead of reestablishing the connection. However, if a large file is uploaded, it will fail if it is not uploaded within 65 seconds. If the setup time is too long and there are many users, maintaining the connection for a long time will take up a lot of resources.

send_timeout

Used to specify the timeout for responding to the client. This timeout is limited to the time between two connection activities. If there is no activity from the client after this time, Nginx will close the connection.

client_max_body_size 10m

The maximum number of bytes of a single file allowed to be requested by the client. If you upload large files, please set a limit

client_body_buffer_size 128k

The maximum number of bytes that the buffer proxy buffers for client requests

Module http_proxy


This module implements the function of nginx as a reverse proxy server, including caching function (see also article)

proxy_connect_timeout 60

Nginx connection timeout with backend server (proxy connection timeout)

proxy_read_timeout 60

After the connection is successful, the timeout between two successful response operations with the backend server (proxy receive timeout)

proxy_buffer_size 4k

Set the size of the buffer that the proxy server (nginx) uses to read and save user header information from the backend realserver. By default, it is the same as the size of proxy_buffers. In fact, you can set this directive value to a smaller value.

proxy_buffers 4 32k

proxy_buffers buffer, nginx caches the response from the backend realserver for a single connection. If the average web page size is less than 32k, set it like this

proxy_busy_buffers_size 64k

Buffer size under high load (proxy_buffers*2)

proxy_max_temp_file_size

When proxy_buffers cannot hold the response content from the backend server, part of it will be saved to a temporary file on the hard disk. This value is used to set the maximum temporary file size, which is 1024M by default. It has nothing to do with proxy_cache. If it is larger than this value, it will be sent back from the upstream server. Set to 0 to disable.

proxy_temp_file_write_size 64k

When caching proxied server responses into temporary files, this option limits the size of each write to the temporary file. proxy_temp_path (can be used at compile time) specifies the directory to write to.

proxy_pass，proxy_redirect見location 部分。

Module http_gzip :

gzip on : Enable gzip compression output to reduce network transmission.
gzip_min_length 1k: Sets the minimum number of bytes allowed for compressed pages. The number of bytes for the page is obtained from the content-length header. The default value is 20. It is recommended to set the number of bytes to be greater than 1k. If it is less than 1k, the compression may increase.
gzip_buffers 4 16k: Set the system to obtain several units of cache for storing gzip compression result data stream. 4 16k means that the memory is requested in units of 16k. The memory is requested four times the size of the original data in units of 16k.
gzip_http_version 1.0: Used to identify the version of the http protocol. Early browsers do not support Gzip compression, and users will see garbled characters. Therefore, this option is added to support early versions. If you use Nginx as a reverse proxy and hope to enable Gzip compression, please set it to 1.0 because the terminal communication is http/1.0.
gzip_comp_level 6 : gzip compression ratio, 1 means the lowest compression ratio and fastest processing speed, 9 means the highest compression ratio but the slowest processing speed (faster transmission but more CPU consumption)
gzip_types: Match mime types for compression. Regardless of whether it is specified, the "text/html" type will always be compressed.
gzip_proxied any: Enabled when Nginx is used as a reverse proxy. It determines whether to enable or disable compression of the results returned by the backend server. The prerequisite for matching is that the backend server must return a header containing "Via".
gzip_vary on: It is related to the http header. It will add Vary: Accept-Encoding to the response header, so that the front-end cache server can cache gzip-compressed pages. For example, use Squid to cache data compressed by Nginx.

2.2.3 Nginx server virtual host

Several virtual hosts are supported on the http service. Each virtual host has a corresponding server configuration item, which contains the configuration related to the virtual host. When providing mail service proxy, you can also establish several servers. Each server is distinguished by the listening address or port.

listen

The default listening port is 80. If the port is less than 1024, it must be started as root. It can be in the form of listen *:80, listen 127.0.0.1:80, etc.

server_name

Server names, such as localhost and www.example.com, can be matched using regular expressions.

Module http_stream


This module uses a simple scheduling algorithm to achieve load balancing from client IP to backend servers. The upstream is followed by the name of the load balancer, and the backend realserver is organized in {} in the form of host:port options;. If there is only one backend being proxied, you can also write it directly in proxy_pass.

2.2.4 Nginx location

In the http service, a series of configuration items corresponding to certain specific URLs.

root /var/www/html

Defines the default website root location for the server. If the locationURL matches a subdirectory or file, root has no effect and is usually placed in the server directive or under /.

index index.jsp index.html index.htm

Defines the default access file name under the path, usually placed after root

proxy_pass http:/backend

The request is redirected to the server list defined by the backend, that is, the reverse proxy, corresponding to the upstream load balancer. You can also proxy_pass http://ip:port.

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Let’s just set these four points for now. If we delve deeper, each one involves very complex content, which will be explained in another article.

Regarding the writing of location matching rules, it can be said that it is particularly critical and basic. Please refer to the article nginx configuration location summary and rewrite rule writing;

2.3 Others

2.3.1 Access control allow/deny

The access control module of Nginx is installed by default, and it is very simple to write. You can have multiple allow and deny rules to allow or deny access to a certain IP or IP segment. If any rule is met, the matching will stop. like:

location /nginx-status {
 stub_status on;
 access_log off;
# auth_basic "NginxStatus";
# auth_basic_user_file /usr/local/nginx-1.6/htpasswd;

 allow 192.168.10.100;
 allow 172.29.73.0/24;
 deny all;
}

We also often use the httpd-devel tool htpasswd to set the login password for the access path:

# htpasswd -c htpasswd admin
New password:
Re-type new password:
Adding password for user admin

# htpasswd htpasswd admin //Modify admin password # htpasswd htpasswd sean //Add another authentication user

This generates a password file that is encrypted using CRYPT by default. Open the two lines of comments in nginx-status above and restart nginx to take effect.

2.3.2 Nginx lists directory autoindex

By default, Nginx does not allow listing of entire directories. To use this feature, open the nginx.conf file and add autoindex on; to the location, server or http section. It is also best to add the other two parameters:

autoindex_exact_size off;

The default is on, showing the exact size of the file in bytes. After changing to off, the approximate size of the file is displayed in kB, MB or GB

autoindex_localtime on;

The default is off, and the displayed file time is GMT time. After changing to on, the displayed file time is the server time of the file

location /images {
 root /var/www/nginx-default/images;
 autoindex on;
 autoindex_exact_size off;
 autoindex_localtime on;
 }

The above is the main content of the detailed introduction of nginx from compilation and installation to configuration file description in Chinese. I hope it will be helpful to everyone. There are more excellent articles about Nginx compilation, installation and configuration in the related articles below. You can continue reading