🚀

14

, Nginx .

Merion Academy


    Nginx

- .

, - Ngnix . , . , .

-, , . Ngnix Unix . , , .


Nginx

, - Debian, Ubuntu.

  • Ubuntu Debian
  • wget
  • Vim ( )

, sudo.


Nginx

:
  • Nginx
  • , HTTP Mail
  • Nginx

Nginx, .

Nginx , event section, http section, mail section ..

/etc/ngnix/ngnix.conf, - /etc/nginx.

, . user nginx, worker_processes 1, error_log /var/log/nginx/error.log warn, pid /var/run/nginx.pid .

event, werker_processes.

()

Nginx . , http section ngx_http_core module, even section ngx_event module, mail ngx_mail module.

.

Nginx . , worker_processes , auto :

worker_processes  auto;

;

, Nginx . Nginx:

  • ,
  • ;
  • {}
  • Nginx.
  • , #, .

Nginx

Nginx , . :

  • Workers
  • /

, , nginx :

cd nginx && ls

conf. nginx.conf. Nginx.

, conf nginx.conf vim, :

cd conf
sudo vim nginx.conf

nginx.conf

nginx.conf

Workers

- Nginx . , . .

vim, i nginx.conf. events:

events {
    worker_processes    auto;
    worker_connections  1024;
    worker_rlimit_nofile 20960;
    multi_accept        on;
    mutex_accept        on;
    mutex_accept_delay  500ms;
    use                 epoll;
    epoll_events        512;
}
  • worker_processes: Nginx. auto, Nginx , , . , lscpu .
  • worker_connections: , . - 512, 1024, .
  • worker_rlimit_nofile: - worker_connections. .
  • multi_accept: . , .
  • mutex_accept: . Nginx, , , .
  • mutex_accept_delay: . accept_mutex mutex , accept_mutex_delay. .
  • use: . epoll, Ubuntu. epoll Linux.
  • epoll_events: , Nginx .

/

- Nginx .

- . sendfile() .

http section, location section server section.

location section server section http section, .

location section, http section:

location /pdf/  {
   sendfile on;
   aio      on;
  }

location /audio/ {
    directio    4m
    directio_alignment 512
}
  • Sendfile: , on. Sendfile , . .
  • Directio: , . Directio - . , .
  • Aio: . - , .
  • directio_alignment: . directio.

, tcp_nodelay tcp_nopush, .

, "", . . Nagle .

HTTP:

http {

  tcp_nopush  on;
  tcp_nodelay on;

  }
  • tcp_nodelay: , , . .
  • tcp_nopush: tcp_nodelay , . , ,
  • tcp_nopush, .

, Nginx . - , .

server.

server {

   client_body_buffer_size 8k;
   client_max_body_size 2m;
   client_body_in_single_buffer on;
   client_body_temp_pathtemp_files 1 2;
   client_header_buffer_size  1m;
   large_client_header_buffers 4 8k;

 }

,

  • client_body_buffer_size: . - 64- , 16k. - 32- , 8k.
  • client_max_body_size: , 2m . 1m.
  • client_body_in_file_only: , client_body_buffer_size, client_body_in_file_only , Nginx . .
  • client_body_in_single_buffer: . . , .
  • client_header_buffer_size: . 1m.
  • large_client_header_buffers: . 4 8k.

- , , . , gzip, gzip_comp_level, gzip_min_length, .

http, :

http {

  gzip on;
  gzip_comp_level  2;
  gzip_min_length  1000;
  gzip_types  text/xml text/css;
  gzip_http_version 1.1;
  gzip_vary  on;
  gzip_disable "MSIE [4-6] \.";

}
  • gzip: , on. .
  • gzip_comp_level: . , . 1 9 2 3.
  • gzip_min_length: , gzip. content-length . 20 .
  • gzip_types: gzip MIME-. , text/html . , , text/css,
  • gzip_http_version: HTTP- , . 1.1.
  • gzip_vary: Vary: Accept Encoding, gzip .
  • gzip_disable: , Internet Explorer 6, gzip. User-Agent gzip .

, . Nginx open_file_cache.

server, location http:

http {

open_file_cache max=1,000 inactive=30s;
open_file_cache_valid 30s;
open_file_cache_min_uses 4;
open_file_cache_errors on;

 }
  • open_file_cache: . , Nginx. , , , ,
  • open_file_cache_valid: , open_file_cache.
  • open_file_cache_min_uses: , inactive open_file_cache, , .
  • open_file_cache_errors: , Nginx , , . , , , , Nginx

, , keepalive_timeout keepalive_requests, .

HTTP :

http {

 keepalive_timeout  30s;
 keepalive_requests 30;
 send_timeout      30s;

}
  • keepalive_timeout: 30 . - 75 .
  • keepalive_requests: . 20 30.
  • keepalive_disable: keepalive , .
  • send_timeout: .

Nginx

Nginx, -. -, SQL . :
  • DDoS

.

HTTP

, , . , , .

apt-get install -y apache-utils

htpasswd. htpasswd apache2-utils.

sudo  htpasswd  -c  /etc/apache2/ .htpasswd mike

:

cat  etc/apache2/ .htpasswd

location:

location /admin {

 basic_auth "Admin Area";
 auth_basic_user_file /etc/apache2/ .htpasswd;

}
Allow

basic_auth allow .

location:

location /admin {
 allow 192.168.34.12;
 allow 192.168.12.34;
}

error access , . ..

  • error_log: , syslog stderr. , .
  • access_log: access.log

http :

http {

  access_log  logs/access.log   combined;
  error_log   logs/warn.log     warn;

}

DDoS

DDoS . - .

limit_req_zone limit_req. location, server

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;

server {
 location /admin.html {
   limit_req zone=one;
       }

}

limit_conn limit_conn_zone . , .

location server

server {

    location /products/ {
        limit_conn addr 10;

    }
}

client_body_timeout . , . , 408 (Request Time-out). client_header_timeout . , 408 (Request Time-out).

server.

server {
    client_body_timeout 5s;
    client_header_timeout 5s;
}

auto_index. location, off.

location / {
 auto_index  off;
}

, , - Nginx . , , . Nginx - , .


>