Nginx优化

安装：
yum install -y gcc gcc-c++
./configure --prefix=/usr/local/nginx --with-pcre=/usr/local/src/pcre-8.38 --with-http_stub_status_module --with-http_gzip_static_module --add-module=/usr/local/src/ngx_cache_purge-2.3
make
make install

http://nginx.org/en/docs/

1.并发优化
worker_processes 4; #cpu，如果nginx单独在一台机器上
worker_processes auto;
events {
    worker_connections 4096;#每一个进程打开的最大连接数，超出了log中会有记录
    multi_accept on; #可以一次建立多个连接
    use epoll;
}
worker_rlimit_nofile 10240;每个进程打开的最大的文件数，受限于操作系统：
vi /etc/security/limits.conf
* hard nofile 102400
* soft nofile 102400
* soft core unlimited
* soft stack 10240

2.操作系统优化
配置文件/etc/sysctl.conf
sysctl -w net.ipv4.tcp_syncookies=1#防止一个套接字在有过多试图连接到达时引起过载
sysctl-w net.core.somaxconn=1024#默认128，连接队列
sysctl-w net.ipv4.tcp_fin_timeout=10 # timewait的超时时间
sysctl -w net.ipv4.tcp_tw_reuse=1 #os直接使用timewait的连接
sysctl -w net.ipv4.tcp_tw_recycle = 0 #回收禁用

3.Keepalive长连接
Nginx与upstream server：
upstream server_pool{
        server localhost:8080 weight=1 max_fails=2 fail_timeout=30s;
        keepalive 300;  #300个长连接
}
同时要在location中设置：
location /  {
            proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
客户端与nginx（默认是打开的）：
keepalive_timeout  60s; #长连接的超时时间
keepalive_requests 100; #100个请求之后就关闭连接，可以调大
keepalive_disable msie6; #ie6禁用


4.启用压缩
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_proxied any;
gzip_types text/html text/plain application/x-javascript application/javascript text/css application/xml
gzip_vary on; #Vary: Accept-Encoding
gzip_static on; #如果有压缩好的 直接使用



5.状态监控 （nginx_status:并发统计）
location = /nginx_status {
    stub_status on;
    access_log off;
    allow <YOURIPADDRESS>;
    deny all;
}
输出结果：
Active connections: 1 
server accepts handled requests
 17122 17122 34873 
Reading: 0 Writing: 1 Waiting: 0 
Active connections：当前实时的并发连接数
accepts：收到的总连接数，
handled：处理的总连接数
requests：处理的总请求数
Reading：当前有都少个读，读取客户端的请求
Writing：当前有多少个写，向客户端输出
Waiting：当前有多少个长连接（reading + writing）
reading – nginx reads request header
writing – nginx reads request body, processes request, or writes response to a client
waiting – keep-alive connections, actually it is active - (reading + writing)

6.实时请求信息统计ngxtop （Ngxtop:请求统计）
https://github.com/lebinh/ngxtop
(1)安装python-pip
yum install epel-release
yum install python-pip
(2)安装ngxtop
pip install ngxtop
(3)使用
指定配置文件：           ngxtop -c ./conf/nginx.conf
查询状态是200：        ngxtop -c ./conf/nginx.conf  --filter 'status == 200'
查询那个ip访问最多： ngxtop -c ./conf/nginx.conf  --group-by remote_addr

nginx.conf 配置文件

user  www;
worker_processes  4;#取决于cpu

error_log  logs/error.log;

pid        logs/nginx.pid;

worker_rlimit_nofile 10240; #每个进程打开的最大的文件数，受限于操作系统/etc/security/limits.conf

events {
    worker_connections 10240;#每一个进程打开的最大连接数，超出了log中会有记录
    multi_accept on; #可以一次建立多个连接
    use epoll;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off; #隐藏版本号
    client_max_body_size 10m; #文件上传需要调大

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    #默认写日志：打开文件写入关闭，max:缓存的文件描述符数量，inactive缓存时间，valid：检查时间间隔，min_uses：在inactive时间段内使用了多少次加入缓存
    open_log_file_cache max=200 inactive=20s valid=1m min_uses=2;

    sendfile       on;
    tcp_nopush     on;
    #与浏览器的长连接
    keepalive_timeout  65;#长连接超时时间
    keepalive_requests 500;#500个请求以后，关闭长连接
    keepalive_disable msie6;#ie6禁用
    # 启用压缩
    gzip on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_proxied any;
    gzip_types text/plain application/x-javascript application/javascript text/css application/xml;
    gzip_vary on; #Vary: Accept-Encoding
    gzip_static on; #如果有压缩好的 直接使用
    #超时时间
    proxy_connect_timeout 5; #连接proxy超时
    proxy_send_timeout 5; # proxy连接nginx超时
    proxy_read_timeout 60;# proxy响应超时
     # 开启缓存,2级目录
    proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=20g;
    proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
    proxy_hide_header Cache-Control;
    proxy_hide_header Pragma;
    
    #反向代理服务器集群
    upstream server_pool{
        server localhost:8080 weight=1 max_fails=2 fail_timeout=30s;
        server localhost:8081 weight=1 max_fails=2 fail_timeout=30s; 
        keepalive 200; # 最大的空闲的长连接数 
    }

    server {
        listen       80;
        server_name  localhost 192.168.220.133;
        
        location / {
            #长连接
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            #Tomcat获取真实用户ip
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_pass http://server_pool;
        }
        # 状态监控
        location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            allow 192.168.220.133; #允许访问的ip地址
            deny all;
        }
        #用于清除缓存
        location ~ /purge(/.*)
        {
            allow 127.0.0.1;
            allow 192.168.220.133;
            deny all;
            proxy_cache_purge cache_one $host$1$is_args$args;
        }
        # 静态文件加缓存
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css|html|htm)?$
        {
            expires 1d;
            proxy_cache cache_one;
            proxy_cache_valid 200 304 1d;
            proxy_cache_valid any 1m;
            proxy_cache_key $host$uri$is_args$args;
            proxy_pass http://server_pool;
        }
    }
}