利用Nginx替代apache實現高性能的Web環境
利用Nginx替代apache實現高性能的Web環境
Nginx介紹:
Nginx發音為,是由俄羅斯人Igor Sysoev建立的項目,基於BSD許可。
據說他當初是F5的成員之一,英文主頁:http://nginx.net。俄羅斯的一些大網站已經使用它超過兩年多了, 一直表現不凡,相信想了解nginx的朋友都讀過阿葉大哥的利用nginx實現負載均衡的文章相關鏈接見(六)。
測試環境:紅動中國(redocn)提供運營伺服器環境.
關於紅動服務環境:
紅動中國在早期利用apache環境,再加上一些優化的工作,一直是相對很穩定,但是最近由於網站發展,訪問量越來越大,在線人數一多經常出現,負載過高,性能急劇下降,經過雙木站長的同意,考慮是否能利用nginx來代替apache,經過長時間的觀察目前nginx工作很穩定,系統也不會再說現高負載的狀況,佔用內存也很低,訪問速率從用戶體驗來看明顯有提升.
關於紅動中國:
紅動中國(redocn)論壇經過近1年的快速發展,目前日均頁面訪問量超過100萬,位居全球設計論壇(中文)第1位,是國內最具影響力的設計論壇之一。目前論壇擁有近20萬會員,包括眾多設計界領軍人物在內的行業中堅力量、相關藝術院校師生以及部分設計愛好者等。
遷移目標:實現網站論壇靜態化,防盜鏈,下載併發數和速率限制,實現原站apache所具有的所有功能,將原apache環境下的站點全部遷移到Nginx
一.PHP(Fastcgi)編譯安裝
# cat in.sh
./configure \
• --prefix=/usr/local/php-fcgi \
• --enable-fastcgi \
• --enable-discard-path \
• --enable-force-cgi-redirect \
• --with-config-file-path=/usr/local/php-fcgi/etc \
• --enable-zend-multibyte \
• --with-mysql=/usr/local/mysql \
• --with-libxml-dir=/usr/local/libxml2 \
• --with-gd=/usr/local/gd2 \
• --with-jpeg-dir \
• --with-png-dir \
• --with-bz2 \
• --with-freetype-dir \
• --with-iconv-dir \
• --with-zlib-dir \
• --with-openssl=/usr/local/openssl \
• --with-mcrypt=/usr/local/libmcrypt \
• --enable-sysvsem \
• --enable-inline-optimization \
• --enable-soap \
• --enable-gd-native-ttf \
• --enable-ftp \
• --enable-mbstring \
• --enable-exif \
• --disable-debug \
• --disable-ipv6
•
•make
•make install
•cp php.ini-dist /usr/local/php-fcgi/etc/php.ini
複製代碼注:關於如何安裝gd庫,mysql的編譯安裝,本文將不介紹,本文重點在於介紹nginx的安裝與配置,如想了解其它相關的問題可以到
LinuxPk去找相關的貼子(http://bbs.linuxpk.com)
二.Nginx編譯安裝
1.創建nginx運行用戶和虛擬主機目錄
groupadd www -g 48
•useradd -u 48 -g www www
•mkdir -p /data/www/wwwroot
•chown -R www:www /data/www/wwwroot
複製代碼2.安裝lighttpd中附帶的spawn-fcgi,用來啟動php-cgi
先編譯安裝lighttpd產生spawn-fcgi二進位文件.
cd /usr/local/src/lighttpd-1.4.18
•cp src/spawn-fcgi /usr/local/php-fcgi/bin/
複製代碼啟動php-cgi進程,監聽127.0.0.1的8085埠,進程數為250(如果伺服器內存小於3GB,可以只開啟25個進程),用戶為www:
/usr/local/php-fcgi/bin/spawn-fcgi -a 127.0.0.1 -p 8085 -C 250 -u www -f /usr/local/php-fcgi/bin/php-cgi
3.nginx的安裝與配置
安裝Nginx所需的pcre庫:
http://ftp.dk.debian.org/exim/pcre/pcre-7.3.tar.gz
tar zxvf pcre-7.2.tar.gz
• cd pcre-7.2/
• ./configure
• make && make install
• cd ../
•
• http://sysoev.ru/nginx/nginx-0.5.32.tar.gz
• tar zxvf nginx-0.5.32.tar.gz
• cd nginx-0.5.32
•./configure --user=www --group=www --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-
•
•openssl=/usr/local/openssl
•make && make install
•
複製代碼此模塊非核心模塊,需要在編譯的時候手動添加編譯參數 --with-http_stub_status_module
配置nginx
三.Nginx主配置文件及PHP支持.
1.nginx.conf 主配置文件的配置
#cd /usr/local/nginx/conf/
#cp nginx.conf nginx.conf.cao
#cat /dev/null > nginx.conf
#vi nginx.conf //主配置文件
user www www;
•
•worker_processes 10;
•
•#error_log logs/error.log;
•#error_log logs/error.log notice;
•#error_log logs/error.log info;
•
•pid /var/run/nginx.pid;
•
•#Specifies the value for maximum file descriptors that can be opened by this process.
•worker_rlimit_nofile 51200;
•
•events
•{
• use epoll;
•
• #maxclient = worker_processes * worker_connections / cpu_number
• worker_connections 51200;
•}
•
•http
•{
• include conf/mime.types;
• default_type application/octet-stream;
•
• log_format main '$remote_addr - $remote_user [$time_local] $request '
• '"$status" $body_bytes_sent "$http_referer" '
• '"$http_user_agent" "$http_x_forwarded_for"';
•
• #access_log /data/www/logs/access.log main;
• #sendfile on;
• tcp_nopush on;
• tcp_nodelay off;
•
• keepalive_timeout 60;
•
• client_header_timeout 3m;
• client_body_timeout 3m;
• send_timeout 3m;
• connection_pool_size 256;
• client_header_buffer_size 1k;
• large_client_header_buffers 4 2k;
• request_pool_size 4k;
• output_buffers 4 32k;
• postpone_output 1460;
• client_max_body_size 10m;
• client_body_buffer_size 256k;
• client_body_temp_path /dev/shm/client_body_temp;
• proxy_temp_path /usr/local/nginx/proxy_temp;
• fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
•
• #gzip
• gzip on;
• gzip_http_version 1.0;
• gzip_comp_level 2;
• gzip_proxied any;
• gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
• gzip_min_length 1100;
• gzip_buffers 4 8k;
•
• # The following includes are specified for virtual hosts //以下是載入虛擬主機配置.
• #www.redocn.com
• include conf/vhosts/www_redocn_com.conf;
• #bbs.redocn.com
• include conf/vhosts/bbs_redocn_com.conf;
• #blog.redocn.com
• include conf/vhosts/blog_redocn_com.conf;
• #down.redocn.com
• include conf/vhosts/down_redocn_com.conf;
•}
複製代碼2.配置支持Fastcgi模式的PHP
# cat enable_php5.conf
fastcgi_pass 127.0.0.1:8085;
•fastcgi_index index.php;
•
•fastcgi_param GATEWAY_INTERFACE CGI/1.1;
•fastcgi_param SERVER_SOFTWARE nginx;
•#new ac upload
•#fastcgi_pass_request_body off;
•#client_body_in_file_only clean;
•#fastcgi_param REQUEST_BODY_FILE $request_body_file;
•#
•
•fastcgi_param QUERY_STRING $query_string;
•fastcgi_param REQUEST_METHOD $request_method;
•fastcgi_param CONTENT_TYPE $content_type;
•fastcgi_param CONTENT_LENGTH $content_length;
•
•fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
•fastcgi_param SCRIPT_NAME $fastcgi_script_name;
•fastcgi_param REQUEST_URI $request_uri;
•fastcgi_param DOCUMENT_URI $document_uri;
•fastcgi_param DOCUMENT_ROOT $document_root;
•fastcgi_param SERVER_PROTOCOL $server_protocol;
•
•fastcgi_param REMOTE_ADDR $remote_addr;
•fastcgi_param REMOTE_PORT $remote_port;
•fastcgi_param SERVER_ADDR $server_addr;
•fastcgi_param SERVER_PORT $server_port;
•fastcgi_param SERVER_NAME $server_name;
•
•# PHP only, required if PHP was built with --enable-force-cgi-redirect
•fastcgi_param REDIRECT_STATUS 200;
複製代碼四,多虛擬主機應用配置案例.
#mkdir /usr/local/nginx/conf/vhosts //建立虛擬主機配置存放目錄.
1.www.redocn.com //首站配置
#vi www_redocn_com.conf
server
• {
• listen 80;
• server_name www.redocn.com;
• index index.html index.htm index.php;
• root /data/www/wwwroot;
• error_page 404 http://bbs.redocn.com;
• rewrite ^/bbs/(.*) http://bbs.redocn.com/$1;
• location ~ .*\.php?$
• {
• include conf/enable_php5.conf;
• }
• }
複製代碼注: 關於rewite需求,紅動中國希望當用戶訪問http://www.redocn.com/bbs的時候自動轉至http://bbs.redocn.com
在原apache中利用redirect實現
Redirect /bbs http://bbs.redocn.com
本文中在nginx下利用rewrite實現:
rewrite ^/bbs/(.*) http://bbs.redocn.com/$1;
2. vi bbs_redocn_com.conf
server
• {
• listen 80;
• server_name bbs.redocn.com yan.redocn.com majia.redocn.com wt.redocn.com;
• index index.html index.htm index.php;
• root /home/www/htdocs/bbs;
• access_log /var/log/nginx/access_bbs.redocn.com.log combined;
• location / {
• #bbs rewrite
• rewrite ^/archiver/((fid|tid)-[\w\-]+\.html)$ /archiver/index.php?$1 last;
• rewrite ^/forum-(+)-(+)\.html$ /forumdisplay.php?fid=$1&page=$2 last;
• rewrite ^/thread-(+)-(+)-(+)\.html$ /viewthread.php?tid=$1&extra=page\%3D$3&page=$2 last;
• rewrite ^/space-(username|uid)-(.+)\.html$ /space.php?$1=$2 last;
• rewrite ^/tag-(.+)\.html$ /tag.php?name=$1 last;
• break;
• #error
• error_page 404 /index.php;
• #redirect server error pages to the static page /50x.html
• error_page 500 502 503 504 /50x.html;
• location = /50x.html {
• root html;
• }
• }
• #Preventing hot linking of images and other file types
• location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
• valid_referers none blocked server_names
• *.redocn.com redocn.com *.taobao.com taobao.com
• bbs.blueidea.com bbs.asiaci.com bbs.arting365.com forum.chinavisual.com softbbs.pconline.com.cn
• bbs.chinaddu.com bbs.photops.com *.baidu.com *.google.com *.google.cn *.soso.com *.yahoo.com.cn
• *.yahoo.cn;
• if ($invalid_referer) {
• rewrite ^/ http://www.redocn.com/images/redocn.gif;
• #return 403;
• }
• }
•
• #support php
• location ~ .*\.php?$
• {
• include conf/enable_php5.conf;
• }
•
• }
複製代碼注:
1.紅動中國採用高性能的Discuz!論壇,原apache的rewrite規則幾乎不要做什麼修改即可全部移植到nginx下.
靜態化配置見面上面的:#bbs rewrite部分.
2.一般論壇都希望實現防盜鏈功能,在apache很輕鬆實現?在nginx下是否容易實現呢?答案是肯定的.
#Preventing hot linking of images and other file types
• valid_referers none blocked server_names *.redocn.com redocn.com ...你允許連接的網址;
• if ($invalid_referer) {
• rewrite ^/ http://www.redocn.com/images/redocn.gif; //讓別人盜鏈時顯示你指定的圖片.
• #return 403;
• }
複製代碼3.blog.redocn.com
#vi blog_redocn_com.conf
server
• {
• listen 80;
• server_name blog.redocn.com;
• index index.html index.htm index.php;
• root /data/www/wwwroot/blog;
• error_page 404 http://bbs.redocn.com;
• #supsite rewrite
• rewrite ^(+)/spacelist(.*)$ index.php?$1/action_spacelist$2;
• rewrite ^(+)/viewspace_(.+)$ index.php?$1/action_viewspace_itemid_$2;
• rewrite ^(+)/viewbbs_(.+)$ index.php?$1/action_viewbbs_tid_$2;
• rewrite ^(+)/(.*)$ index.php?$1/$2;
• rewrite ^(+)$ index.php?$1;
• rewrite ^action_(.+)$ index.php?action_$1;
• rewrite ^category_(.+)$ index.php?action_category_catid_$1;
• rewrite ^itemlist_(.+)$ index.php?action_itemlist_catid_$1;
• rewrite ^viewnews_(.+)$ index.php?action_viewnews_itemid_$1;
• rewrite ^viewthread_(.+)$ index.php?action_viewthread_tid_$1;
• rewrite ^index([\.a-zA-Z0-9]*)$ index.php;
• rewrite ^html/(+)/viewnews_itemid_(+)\.html$ index.php?action_viewnews_itemid_$2;
•
•
• rewrite ^/(+)/spacelist(.+)$ /index.php?uid/$1/action/spacelist/type$2;
• rewrite ^/(+)/viewspace(.+)$ /index.php?uid/$1/action/viewspace/itemid$2;
• rewrite ^/(+)/viewbbs(.+)$ /index.php?uid/$1/action/viewbbs/tid$2;
• rewrite ^/(+)/(.*)$ /index.php?uid/$1/$2;
• rewrite ^/(+)$ /index.php?uid/$1;
•
• rewrite ^/action(.+)$ /index.php?action$1;
• rewrite ^/category(.+)$ /index.php?action/category/catid$1;
• rewrite ^/viewnews(.+)$ /index.php?action/viewnews/itemid$1;
• rewrite ^/viewthread(.+)$ /index.php?action/viewthread/tid$1;
• rewrite ^/mygroup(.+)$ /index.php?action/mygroup/gid$1;
•
• location ~ .*\.php?$
• {
• include conf/enable_php5.conf;
• }
• }
複製代碼注:blog採用功能強大的Supesite作為Blog站點: http://www.supesite.com/
1.Blog如何在Nginx里實現靜態化,具體設置見,上面的#supesite rewrite
4.down.redocn.com
# vi down_redocn_com.conf
limit_zone one $binary_remote_addr 10m;
•server
• {
• listen 80;
• server_name down.redocn.com;
• index index.html index.htm index.php;
• root /data/www/wwwroot/down;
• error_page 404 /index.php;
• # redirect server error pages to the static page /50x.html
• error_page 500 502 503 504 /50x.html;
• location = /50x.html {
• root html;
• }
• #Zone limit
• location / {
• limit_conn one 1;
• limit_rate 20k;
• }
•
•
• # serve static files
• location ~ ^/(images|javascript|js|css|flash|media|static)/ {
• root /data/www/wwwroot/down;
• expires 30d;
• }
• }
複製代碼注:
由於現在的BT下載軟體越來越多了,我們如何限制下載的併發數和速率呢?apache需要三方模塊,nginx就不用了
在nginx利用兩個指令即可實現:limit_zone(limit_conn) 來限制併發數,limit_rate來限制下載的速率,請看上面的配置實例.
5.啟動nginx服務
/usr/local/php-fcgi/bin/spawn-fcgi -a 127.0.0.1 -p 8085 -C 250 -u www -f/usr/local/php-fcgi/bin/php-cgi
•/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
複製代碼你可以把上面兩條命令製做成系統啟動服務腳本,相關的腳本在網上也很多,本文就不再貼出來了,給出一個實例鏈接:
http://topfunky.net/svn/shovel/nginx/init.d/nginx
五.問題及經驗總結:
1.安裝Discuz論壇后,無法上傳大於M以上的附件?
在主配置文件里加入:client_max_body_size 10m; 詳細指令說明請參見(六)提供的Wiki鏈接.
2.Discuz附件無法下載附件?
最近遇到一個奇怪的問題在nginx下discuz論壇無法下載附件,後來打開error_log才知道,仍后一看/usr/local分區滿了,
清了一大堆無用文件后,馬上就正常了.
以上是本人遷移和測試過程中遇到的兩個小問題,在此附上說明,只是希望配置nginx的朋友不要犯我一樣的問題.
歡迎聯繫NetSeek(狂熱linux愛好者^_^ msn:cnseek@msn.com QQ:67888954 Gtalk:cnseek@gmail.com).
六.相關鏈接:
1.Discuz!.net高性能的PHP論壇程序 http://www.discuz.net Supesite: http://www.supesite.com/
2.Nginx參考文檔:http://wiki.codemongers.com/
3.利用Nginx實現負載均衡(阿葉大哥的文章):http://www.imysql.com/comment/reply/210
4.linuxPk:http://bbs.linuxpk.com
5.紅動中國 http://bbs.redocn.com
《解決方案》
經驗分享,頂
