Detailed explanation of nginx configuration file interpretation

The nginx configuration file is mainly divided into four parts:

main{#(global settings)
http{#Server upstream{} #(Load balancing server settings: mainly used for load balancing and setting up a series of backend servers)
server{ #(Host settings: mainly used to specify the host and port)
location{}# (settings for URL matching feature locations)
}
}
}

server inherits main, location inherits server, and upstream neither inherits other settings nor will be inherited.

1. Main global configuration

Some parameters of nginx that are not related to specific business functions (such as HTTP service or email service proxy) during runtime, such as the number of working processes, running identity, etc.

user www www;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
error_log /var/logs/nginx_error.log crit;
pid /usr/local/webserver/nginx/nginx.pid;
worker_rlimit_nofile 65535;

user www www; : specifies the user to start the nginx process

worker_processes 4; : Specifies how many processes to start to handle requests. Generally, it is set to the number of CPU cores. If SSL and gzip are enabled, it should be set to the same as or even twice the number of logical CPUs to reduce I/O operations. Run grep ^processor /proc/cpuinfo | wc -l to check the number of CPU cores.

worker_cpu_affinity 0001 0010 0100 1000; : In high concurrency situations, by setting the CPU to bind to a specific process, the performance loss caused by the on-site reconstruction of registers caused by multi-core CPU switching can be reduced. Such as worker_cpu_affinity 0001 0010 0100 1000; (quad core).

error_log /var/logs/nginx_error.log crit; : error_log is a main module directive used to define the global error log file. The log output levels include debug, info, notice, warn, error, and crit. The debug level has the most detailed log output, while the crit level has the least log output.

pid /usr/local/webserver/nginx/nginx.pid; : specifies the location of the process pid file. worker_rlimit_nofile 65535; : Used to specify the maximum number of file descriptors that an nginx process can open, which is 65535 here. You need to use the command "ulimit -n 65535" to set it.

2. Events module

events{
 use epoll;
 worker_connections 65536;
}

• use epoll; use is an event module instruction used to specify the working mode of Nginx. The working modes supported by Nginx include select, poll, kqueue, epoll, rtsig and /dev/poll. Among them, select and poll are standard working modes, kqueue and epoll are efficient working modes. The difference is that epoll is used on the Linux platform, while kqueue is used in the BSD system. For Linux systems, the epoll working mode is the first choice. Select is used only when the operating system does not support these efficient models.
• worker_connections 65536; The maximum number of connections that each worker process can concurrently process (initiate) (including all connections with the client or backend proxy server). As a reverse proxy server, nginx uses the formula for calculating最大連接數= worker_processes * worker_connections/4 , so the maximum number of client connections here is 65536. This can be increased to 8192, depending on the situation, but it cannot exceed the worker_rlimit_nofile setting below. When nginx is used as an http server, the calculation formula is divided by 2. The maximum number of connections of a process is limited by the maximum number of open files of the Linux system process. The setting of worker_connections takes effect only after the operating system command ulimit -n 65536 is executed.

3. HTTP Server

http{
 include mime.types;
 default_type application/octet-stream;
 #charset gb2312;
 }

• include is a main module directive that implements the settings of files included in the configuration file, which can reduce the complexity of the main configuration file. Similar to the include method in Apache.
• default_type belongs to the HTTP core module directive. Here, the default type is set to binary stream, which is used when the file type is undefined. For example, when the PHP environment is not configured, Nginx will not parse it. At this time, a download window will appear when accessing the PHP file with a browser.
• charset gb2312; specifies the client encoding format. .

3.1 HTTP parameters: client header cache

server_names_hash_bucket_size 128;
client_header_buffer_size 32k; 
large_client_header_buffers 4 128k; 
client_max_body_size 10m; 
client_body_buffer_size 128k; 
sendfile on ; 
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65 : 
client_body_timeout 60s;
send_timeout 60s;

• server_names_hash_bucket_size 128;: The server names hash table size.
• client_header_buffer_size 32k;: used to specify the header buffer size from the client request header. For most requests, a 1KB cache is sufficient. If you customize the message headers or have larger cookies, you can increase the cache size.
• large_client_header_buffers 4 128k;: Used to specify the maximum number and size of the cache for larger message headers in client requests. 4 is the number and 128k is the size. The maximum cache is 4 128KB.
• client_max_body_size 8m; : The maximum number of bytes of a single file requested by the client.
• client_max_body_size 10m; : The maximum number of bytes of a single file allowed to be requested by the client. If you upload large files, please set a limit.
• client_body_buffer_size 128k;: The maximum number of bytes that the buffer proxy buffers for client requests.
• sendfile on ; : Enable efficient file transfer mode. The sendfile directive specifies whether nginx calls the sendfile function to output files, reducing context switching from user space to kernel space. For common applications, set it to on. If it is used for disk IO heavy load applications such as downloading, it can be set to off to balance the disk and network I/O processing speeds and reduce the system load. Turn on tcp_nopush on; and tcp_nodelay on; to prevent network congestion.
• keepalive_timeout 65 : : The long connection timeout, in seconds. This parameter is very sensitive and involves the type of browser, the timeout settings of the backend server, and the settings of the operating system. It can be written in another article. When a long connection requests a large number of small files, it can reduce the overhead of reestablishing the connection. However, if a large file is uploaded, it will fail if it is not uploaded within 65 seconds. If the setup time is too long and there are many users, maintaining the connection for a long time will take up a lot of resources.
• client_body_timeout 60s; : Used to set the client request body reading timeout, the default is 60s. If the client has not sent any data within this time, nginx will return a Request time out (408) error.
• send_timeout : : Used to specify the timeout for responding to the client. This timeout is limited to the time between two connection activities. If there is no activity from the client after this time, Nginx will close the connection.

3.2 HTTP parameters and FastCGI parameters

FastCGI related parameters are designed to improve website performance: reduce resource usage and increase access speed. The following parameters can be understood literally.

fastcgi_connect_timeout 300; 
fastcgi_send_timeout 300; 
fastcgi_read_timeout 300; 
fastcgi_buffer_size 64k; 
fastcgi_buffers 4 64k; 
fastcgi_busy_buffers_size 128k; 
fastcgi_temp_file_write_size 128k; 
fastcgi_cache TEST; 
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m; 
fastcgi_cache_valid 200 302 1h; 
fastcgi_cache_valid 301 1d; 
fastcgi_cache_valid any 1m;

• fastcgi_connect_timeout 300; Specifies the timeout for connecting to the backend FastCGI.
• fastcgi_send_timeout 300; specifies the timeout for sending a request to FastCGI. This value is the timeout for sending a request to FastCGI after two handshakes have been completed.
• fastcgi_read_timeout 300; specifies the timeout for receiving FastCGI responses. This value is the timeout for receiving FastCGI responses after completing two handshakes.
• fastcgi_buffer_size 64k; used to specify how large a buffer is needed to read the first part of the FastCGI response. This value indicates that a 64KB buffer will be used to read the first part of the response (response header). It can be set to the buffer size specified by the fastcgi_buffers option.
• fastcgi_buffers 4 64k; specifies how many and how large the local buffer is needed to buffer FastCGI's response requests. If the page size generated by a PHP script is 256KB, four 64KB buffers will be allocated for caching; if the page size is larger than 256KB, the part larger than 256KB will be cached in the path specified by fastcgi_temp, but this is not a good method because the data processing speed in memory is faster than that on the hard disk. Generally, this value should be the median size of the pages generated by the PHP scripts on the site. If the page size generated by most of the scripts on the site is 256KB, then this value can be set to "16 16k", "4 64k", etc.
• . fastcgi_busy_buffers_size 128k; the default value is twice fastcgi_buffers.
• fastcgi_temp_file_write_size 128k; indicates how large the data block is when writing cache files. The default value is twice fastcgi_buffers.
• fastcgi_cache TEST; means turning on the FastCGI cache and assigning it a name. Enabling cache is very useful, it can effectively reduce the CPU load and prevent 502 errors from occurring. However, turning on caching can also cause many problems, depending on the specific situation.
• fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m; , keyword area storage time, and inactive deletion time.
• fastcgi_cache_valid 200 302 1h; used to specify the cache time of the response code. The values ​​in the example mean that 200 and 302 responses are cached for one hour, 301 responses are cached for one day, and other responses are cached for one minute.

3.3. HTTP parameters gzip module settings

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/html text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;

• gzip on; turn on gzip compression output gzip_min_length 1k; minimum compressed file size, the number of page bytes is obtained from the Content-Length header. The default value is 0, which means that all pages are compressed regardless of their size. It is recommended to set it to a byte size greater than 1K. If it is less than 1K, the page size may increase as it is compressed.
• gzip_buffers 4 16k; compression buffer, indicating that four 16K memory is applied as compression result stream cache. By default, the memory space with the same size as the original data is applied to store the gzip compression result
• . gzip_http_version 1.1; used to set and identify the HTTP protocol version. The default is 1.1, which is currently recognized by all mainstream browsers. (Default is 1.1, if the front-end is squid2.5, please use 1.0)
• gzip_comp_level 6; compression level, 1 has the smallest compression ratio and the fastest processing speed, 9 has the largest compression ratio and fast transmission speed, but consumes CPU resources.
• gzip_types text/plain application/x-javascript text/css application/xml; Compression type, by default, already includes text/html, so there is no need to write it below. There will be no problem if you write it, but there will be a warning.
• gzip_vary on; is related to the http header. It will add Vary: Accept-Encoding to the response header, which allows the front-end cache server to cache gzip-compressed pages. For example, use Squid to cache data compressed by Nginx.
• gzip_proxied any; This is enabled when Nginx is used as a reverse proxy. It determines whether to enable or disable compression of the results returned by the backend server. The prerequisite for matching is that the backend server must return a header containing "Via".
• limit_zone crawler $binary_remote_addr 10m; needed to be used when limiting the number of IP connections

4. nginx configures virtual host

4.1 Virtual host configuration process

• Copy a complete server tag segment to the end. Note: It should be placed before the closing curly brace of http, that is, the http tag should be placed in the server tag segment.
• Change server_name and the root directory of the corresponding web page.
• Check the syntax of the configuration file and restart the service smoothly.
• Create the root directory of the web page corresponding to server_name and create a test file. If there is no index homepage, a 403 error will occur.
• Perform host resolution or DNS configuration on the client server_name host. And check (ping).
• Access it through a browser, or perform host resolution on a Linux client and use wget or curl to access it.

Several virtual hosts are supported on the http service. Each virtual host has a corresponding server configuration item, which contains the configuration related to the virtual host. When providing mail service proxy, you can also establish several servers. Each server is distinguished by the listening address or port.

server{
  listen 80 default;
  server_name _;
  index index.html index.htm index.php;
  root /data/htdocs/www;
  #server_name_in_redirect off;
  
  location ~ .*\.(php|php5)?${
   #fastcgi_pass unix:/tmp/php-cgi.sock;
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_index index.php;
   include fcgi.conf;
  }
  
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${
   expires 30d;
  }
  
  location ~ .*\.(js|css)?${
   expires 1h;
  }
 }

• listen 80; listen port, the default is 80, if it is less than 1024, it must be started as root. It can be in the form of listen *:80, listen 127.0.0.1:80, etc.
• server_name blog.biglittleant.cn; server name, such as localhost, www.example.com, can be matched through regular expressions.
• root /var/www/html defines the default website root directory location of the server. If the locationURL matches a subdirectory or file, root has no effect and is usually placed in the server directive or under /.
• index index.jsp index.html index.htm defines the default access file name under the path, which is usually placed after the root.

4.2 Writing the location module under the server module

For more information about how to write location matching rules, refer to the series on nginx – using nginx for load balancing

proxy_pass http://backend

The request is redirected to the server list defined by the backend, that is, the reverse proxy, corresponding to the upstream load balancer. You can also proxy_pass http://ip:port。

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

5. Other nginx parameters

5.1 Access control allow/deny

The access control module of Nginx is installed by default, and it is very simple to write. You can have multiple allow and deny rules to allow or deny access to a certain IP or IP segment. If any rule is met, the matching will stop. like:

location /nginx-status {
 stub_status on;
 access_log off;
# auth_basic "NginxStatus";
# auth_basic_user_file /usr/local/nginx-1.6/htpasswd;
 allow 192.168.10.100;
 allow 172.29.73.0/24;
 deny all;
}

We also often use the httpd-devel tool htpasswd to set the login password for the access path:

# htpasswd -c htpasswd admin
New password:
Re-type new password:
Adding password for user admin
# htpasswd htpasswd admin //Modify admin password # htpasswd htpasswd sean //Add another authentication user

This generates a password file that is encrypted using CRYPT by default. Open the two lines of comments in nginx-status above and restart nginx to take effect.

5.2 List directory autoindex

By default, Nginx does not allow listing of entire directories. To use this feature, open the nginx.conf file and add the following parameters in the location, server or http section:

location /images {
 root /var/www/nginx-default/images;
 autoindex on;
 autoindex_exact_size off;
 autoindex_localtime on;
 }

• autoindex on; runs to list directory contents. It is best to add the other two parameters as well.
• autoindex_exact_size off; The default is on, showing the exact size of the file in bytes. After changing to off, the approximate size of the file is displayed in kB, MB or GB.
• autoindex_localtime on; the default is off, and the displayed file time is GMT time. After changing to on, the displayed file time is the server time of the file.

VI. Appendix: General Configuration File

user www www;
worker_processes 2;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
  use epoll;
  worker_connections 2048;
}
http {
  include mime.types;
  default_type application/octet-stream;
  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';
  #access_log logs/access.log main;
  sendfile on;
  # tcp_nopush on;
  keepalive_timeout 65;
 # Set the gzip compression function to gzip on;
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 6;
  gzip_types text/html text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
  gzip_vary on;
 
 # http_proxy set client_max_body_size 10m;
  client_body_buffer_size 128k;
  proxy_connect_timeout 75;
  proxy_send_timeout 75;
  proxy_read_timeout 75;
  proxy_buffer_size 4k;
  proxy_buffers 4 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;
  proxy_temp_path /usr/local/nginx/proxy_temp 1 2;
 # Set the load balancing backend server list upstream backend { 
       #ip_hash; 
       server 192.168.10.100:8080 max_fails=2 fail_timeout=30s ; 
       server 192.168.10.101:8080 max_fails=2 fail_timeout=30s ; 
  }
 # Very important virtual host configuration, multiple virtual machines can copy and modify this part server {
    listen 80;
    server_name test.example.com;
    root /apps/oaapp;
    charset utf-8;
    access_log logs/host.access.log main;
    #For all / do load balancing + reverse proxy location / {
      root /apps/oaapp;
      index index.php index.html index.htm;
      proxy_pass http://backend; 
      proxy_redirect off;
      # The backend Web server can obtain the user's real IP through X-Forwarded-For
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    }
    
    #Static files, nginx processes them by itself, without going to the backend to request backend services location ~* /download/ { 
      root /data/app/nginx/downloads; 
    }
    
    location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ {  
      root /data/app/nginx/images;  
      expires 7d; 
    }
    
    location /nginx_status {
      stub_status on;
      access_log off;
      allow 192.168.10.0/24;
      deny all;
    }
    
    location ~ ^/(WEB-INF)/ {  
      deny all;  
    }
    
    #error_page 404 /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    
    location = /50x.html {
      root html;
    }
  }
}

VI. Appendix: How to check whether gzip compression is enabled

If response header contains Content-Encoding:gzip , it means gzip compression is enabled.

Connection:keep-alive
Content-Encoding:gzip
Content-Type:text/html
Date:Wed, 29 Mar 2017 10:55:54 GMT
ETag:W/"58db92af-331a6"
Last-Modified:Wed, 29 Mar 2017 10:55:43 GMT
Server:nginx/1.10.3
Transfer-Encoding: chunked
Vary:Accept-Encoding

Reference Documentation

Full Example Configuration
Example blog on optimizing FastCGI parameters in Nginx Nginx configuration performance

This is the end of this article about the detailed interpretation of the nginx configuration file. For more relevant nginx configuration file content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!