Nginx web page optimization (2)

Change Number of Nginx Running Processes

• In high concurrency scenarios, more Nginx processes need to be started to ensure fast response to handle user requests and avoid blocking
• You can use the ps aux command to see the number of Nginx running processes

• Change the configuration method for the number of processes

  • Modify profile, modify process configuration parameters

• Modify worker_ processes parameter of configuration file

  • Number of CPU s or cores generally set
  • Set to twice the number of CPU s or cores in high concurrency
• Number of running processes - when responding to access requests, Nginx will not temporarily start new processes to provide services, reducing system overhead and improving service speed

• Use ps aux to see how the number of running processes changes

• By default, multiple processes of Nginx may run on one CPU, and different processes can be assigned to different CPUs to make full use of hardware multicore multiCPUs
• On a 4-core physical server, you can configure the following to assign processes
  • Worker_ cpu_affinity 0001 0010 0100 1000

Configuration Instance

[root@localhost conf]# ps aux | grep nginx //View number of processes
root       5278  0.0  0.0  20548   612 ?        Ss   15:17   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      5279  0.0  0.0  23076  1396 ?        S    15:17   0:00 nginx: worker process
root       5295  0.0  0.0 112728   972 pts/0    S+   15:18   0:00 grep --color=auto nginx
[root@localhost ~]# Cd/proc/ //Enter device directory
[root@localhost proc]# cat cpuinfo //view cpu Information
processor   : 0 
vendor_id   : GenuineIntel
cpu family  : 6
...//Omit some content... //First cpu Information
clflush size    : 64
cache_alignment : 64
address sizes   : 43 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
...//Omit some content...
clflush size    : 64                 //Second cpu Information
cache_alignment : 64
address sizes   : 43 bits physical, 48 bits virtual
power management:
[root@localhost proc]# Vim/usr/local/nginx/conf/nginx.conf//Enter to edit nginx configuration file
#user  nobody;
worker_processes  2;             //Increase the number of cpUs
worker_cpu_affinity 01 10;       //Set equal allocation of access requests

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}
...//Omit some content...
:wq
[root@localhost proc]# systemctl restart nginx.service //restart service
[root@localhost proc]# ps aux | grep nginx //View number of processes
root       1813  0.0  0.0  20548   616 ?        Ss   15:32   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      1814  0.0  0.0  23076  1400 ?        S    15:32   0:00 nginx: worker process
nginx      1815  0.0  0.0  23076  1400 ?        S    15:32   0:00 nginx: worker process
//Increase the number of processes
root       1823  0.0  0.0 112728   972 pts/0    S+   15:32   0:00 grep --color=auto nginx

Configure Nginx for Web Page Compression

• Nginx's ngx_http_gzip_module compression module provides the ability to compress file contents
• Allow the Nginx server to compress the output before sending it to the client to save bandwidth and improve the user's access experience. Installed by default
• Compression performance can be optimized by adding appropriate compression function parameters to the configuration file

Explanation of compression function parameters

• gzip on: turn on gzip compressed output
• gzip_min_length 1k: Sets the minimum number of bytes of pages that are allowed to compress
• gzip_buffers 4 16k: Indicates that four units of 16K memory are requested for the compression result stream cache. The default value is to request the same size of memory as the original data to store the gzip compression result
• zip_http_version 1.0: Used to set the recognition HTTP protocol version, default is 1.1. Most browsers currently support gzip decompression, but it is the slowest to process and consumes server CPU resources
• gzip_comp_level 2: Used to specify gzip compression ratio, 1 has the smallest compression ratio and the fastest processing speed; 9 has the largest compression ratio and the fastest transmission speed, but the slowest processing speed. Use the default
• gzip_types text/plain: Compression type, which enables compression on which web documents
• Gzip_vary: Option lets the front-end cache server cache gzip-compressed pages

Add the above compression parameters to the main profile httpd configuration section

Configuration Instance

[root@localhost proc]# Cd/usr/local/nginx/conf/ //Enter profile directory
[root@localhost conf]# vim nginx.conf //Edit Profile
...//Omit some content...
    #keepalive_timeout  0;
    keepalive_timeout  65 180;
    client_header_timeout 80;
    client_body_timeout 80;

    gzip  on;                               //Turn on compression
    gzip_min_length 1k;                     //Edit Compression Entry
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javascript application/json;
    gzip_disable "MSIE [1-6]\.";
    gzip_vary on;

    server {
        listen       80;
        server_name  localhost;
...//Omit some content...
:wq
[root@localhost conf]# systemctl restart nginx.service //restart service

• Access web pages on the client and use the package grabbing tool to see if compression is turned on

Configure Nginx to implement anti-theft chain

• In the enterprise website service, - - generally configure anti-theft chain function to avoid illegal theft of website content, causing economic losses
• Nginx anti-theft chains are also very powerful.By default, anti-theft chains can be handled by simple configuration

Configuration Instance

[root@localhost ~]# Mount.cifs //192.168.100.10/lamp-c7/mnt//Mount the prepared anti-theft chain picture directory on Linux system
Password for root@//192.168.100.10/lamp-c7: 
root@localhost mnt]# Cd/mnt/ //Enter mount directory
[root@localhost mnt]# ls
apr-1.6.2.tar.gz       cronolog-1.6.2-14.el7.x86_64.rpm  httpd-2.4.29.tar.bz2  mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz  Discuz_X2.5_SC_UTF8.zip           LAMP-php5.6.txt       nginx-1.12.0.tar.gz
awstats-7.6.tar.gz     error.png                         miao.jpg              php-5.6.11.tar.bz2
[root@localhost mnt]# CP error.png/usr/local/nginx/html/ //Copy anti-theft chain picture to nginx site directory
[root@localhost mnt]# Cd/usr/local/nginx/html/ //Enter Site Directory
[root@localhost html]# ls //View
50x.html  error.png  index.html  miao.jpg      //Picture copied successfully
[root@localhost html]# Yum install bind-y //install DNS features
//Plugins loaded: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
...//Omit some content...
//Installed:
  bind.x86_64 32:9.11.4-9.P2.el7                                                                 
//Installed as a dependency:
  bind-export-libs.x86_64 32:9.11.4-9.P2.el7                                                     
//Upgraded as a dependency:
  bind-libs.x86_64 32:9.11.4-9.P2.el7                  bind-libs-lite.x86_64 32:9.11.4-9.P2.el7   
  bind-license.noarch 32:9.11.4-9.P2.el7               bind-utils.x86_64 32:9.11.4-9.P2.el7      
  dhclient.x86_64 12:4.2.5-77.el7.centos               dhcp-common.x86_64 12:4.2.5-77.el7.centos 
  dhcp-libs.x86_64 12:4.2.5-77.el7.centos             
//Complete!
[root@localhost html]# Vim/etc/named.conf //Edit DNS Master Profile
...//Omit some content...
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
...//Omit some content...
:wq
[root@localhost html]# Vim/etc/named.rfc1912.zones //Edit DNS Zone Profile
...//Omit some content...
zone "kgc.com" IN {
        type master;
        file "kgc.com.zone";
        allow-update { none; };
};
...//Omit some content...
:wq
[root@localhost named]# Cp-p named.localhost kgc.com.zone //Copy DNS zone data file and change file name
[root@localhost named]# vim kgc.com.zone //Edit DNS zone data profile
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.144.133            //Set Resolved Address
:wq
[root@localhost named]# systemctl start named //Start DNS Service

• Open a win10 client and a win 7 client, install web services in the win 7 client, build a stolen chain website, and test access to the website on the client

[root@localhost html]# CD. /conf/ //Enter nginx profile directory
[root@localhost conf]# vim nginx.conf //Edit Profile
...//Omit some content...
# redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location ~*\.(jpg|gif|swf)$ {         //Add anti-theft chain entry under server module
             valid_referers none blocked *.kgc.com kgc.com;
             if ( $invalid_referer ) {
                 rewrite ^/ http://www.kgc.com/error.png;
            }
        }
...//Omit some content...
:wq
[root@localhost conf]# systemctl restart nginx.service

• Test if anti-theft chain function is on in win 10 client