Working principle of nginx and configuration of nginx
1. Working principle of nginx
Nginx modules are directly compiled into nginx, so they belong to static compilation.
After starting nginx, the module of nginx is loaded automatically. Unlike Apache, first compile the module into a so file, and then specify whether to load it in the configuration file.
When parsing the configuration file, each module of nginx may process a request, but the same processing request can only be completed by one module.
Process architecture of nginx:
When nginx is started, a Master process will be started. This process does not process any client requests. It is mainly used to generate worker threads. A worker thread is used to process n requests.
The following figure shows a routine HTTP request and response process of nginx module
The following figure shows the basic WEB service request steps
-
Establish connection: receive or reject connection request: the process of three handshakes
-
Receiving request: the process of receiving a request for a resource in the client request message
-
Processing requests
-
Access resources:
-
Build response message:
-
Send response message
-
Log
2. Module and working principle of nginx
Nginx consists of kernel and modules. Among them, the design of the kernel is very small and concise, and the work completed is also very simple. Only by looking up the configuration file, the client request is mapped to a location block (location is an instruction in nginx configuration for URL matching), and each instruction configured in this location will start different modules to complete the corresponding work.
The module of nginx is divided into core module, basic module and third-party module
- HTTP module, EVENT module and MAIL module are core modules
- HTTP Access module, HTTP FastCGI module, HTTP Proxy module and HTTP Rewrite module are basic modules
- HTTP Upstream module, Request Hash module, Notice module and HTTP Access Key module belong to third-party modules
Modules developed by users according to their own needs belong to third-party modules. It is with the support of so many modules that the function of nginx will be so powerful
nginx modules are divided into three types in terms of function:
- Handlers. This kind of module directly processes the request, outputs the content and modifies the header information. Generally, there can only be one handler module
- Filters. This kind of module is mainly used to modify the output of other processor modules, and finally output by nginx
- Proxies (agent module). It is the HTTP Upstream module of nginx. These modules mainly interact with some back-end services, such as fastcgi, to realize the functions of service proxy and load balancing
nginx module is divided into: core module, event module, standard Http module, optional Http module, mail module, third-party module and patch
- Nginx basic modules: the so-called basic modules refer to the default function modules of nginx. The instructions provided by them allow you to use variables that define the basic functions of nginx. They cannot be disabled during compilation, including:
- Core module: basic functions and instructions, such as process management and security. Most of the common core module instructions are placed at the top of the configuration file
- Event module: the ability to configure network usage in Nginx. Most of the common events module instructions are placed at the top of the configuration file
- Configuration module: provides an inclusion mechanism
For specific instructions, please refer to nginx Official documents
3. Installation of nginx
Create user
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
Install dependent packages
[root@localhost ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ [root@localhost ~]# yum -y groups mark install 'Development Tools'
Create log storage directory
[root@nginx ~]# mkdir -p /var/log/nginx [root@nginx ~]# chown -R nginx.nginx /var/log/nginx [root@nginx ~]#
Download nginx
[root@nginx ~]# cd /usr/src [root@nginx src]# wget http://nginx.org/download/nginx-1.20.1.tar.gz --2021-10-25 03:47:20-- http://nginx.org/download/nginx-1.20.1.tar.gz Resolving host nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2021-10-25 03:47:26 (196 KB/s) - Saved“ nginx-1.20.1.tar.gz" [1061461/1061461]) [root@nginx src]# [root@nginx src]# ls debug zabbix-5.4.4 kernels zabbix-5.4.4.tar.gz nginx-1.20.1.tar.gz [root@nginx src]#
Compile and install
[root@nginx src]# tar xf nginx-1.20.1.tar.gz [root@nginx src]# cd nginx-1.20.1 [root@nginx nginx-1.20.1]# ./configure \ > --prefix=/usr/local/nginx \ > --user=nginx \ > --group=nginx \ > --with-debug \ > --with-http_ssl_module \ > --with-http_realip_module \ > --with-http_image_filter_module \ > --with-http_gunzip_module \ > --with-http_gzip_static_module \ > --with-http_stub_status_module \ > --http-log-path=/var/log/nginx/access.log \ > --error-log-path=/var/log/nginx/error.log [root@nginx nginx-1.20.1]# make && make install
4.nginx configuration
Configure environment variables
[root@nginx ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@nginx ~]# . /etc/profile.d/nginx.sh
[root@nginx ~]#
//Service control mode, using nginx command
-t //Check configuration file syntax
-v //Output the version of nginx
-c //Specifies the path to the configuration file
-s //Send the service control signal. The optional values are {stop | quit | reopen}
start nginx
[root@nginx ~]# nginx [root@nginx ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* [root@nginx ~]#
The content of nginx.conf is divided into the following paragraphs:
Main configuration section: global configuration section. The main configuration section may contain event configuration section
Event {}: define the working characteristics of the event model
http {}: defines the configuration related to the http protocol
5. Configuration parameters for optimizing performance
worker_processes n; start n worker processes. In order to avoid context switching, n here is usually set to the total number of cpu cores - 1 or equal to the total number of cores
[root@nginx ~]# cd /usr/local/nginx/conf/ [root@nginx conf]# cp nginx.conf /opt/ [root@nginx conf]# cp mime.types /opt/ [root@nginx conf]# head /opt/nginx.conf #user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; [root@nginx conf]# [root@nginx conf]# head /usr/local/nginx/conf/nginx.conf #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; [root@nginx conf]#
[root@nginx ~]# ps -ef |grep nginx root 215466 1 0 07:29 ? 00:00:00 nginx: master process nginx -c /opt/nginx.conf nginx 215467 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215468 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215469 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215470 215466 0 07:29 ? 00:00:00 nginx: worker process root 215983 188055 0 07:29 pts/0 00:00:00 grep --color=auto nginx [root@nginx ~]# [root@nginx ~]# nginx -s stop [root@nginx ~]# nginx [root@nginx ~]# ps -ef | grep nginx root 217963 1 0 07:30 ? 00:00:00 nginx: master process nginx nginx 217964 217963 0 07:30 ? 00:00:00 nginx: worker process root 218156 188055 0 07:30 pts/0 00:00:00 grep --color=auto nginx [root@nginx ~]#
#####6. Does it work in master/worker mode
In almost all product environments, Nginx works in the way that "one master process manages multiple worker processes".
Like the daemon configuration, the master_process configuration is also provided to facilitate tracking and debugging of Nginx. If the master_process mode is turned off with off, the worker sub process will not be fork out to process the request, but the master process itself will process the request.
[root@nginx ~]# nginx -s stop [root@nginx ~]# nginx [root@nginx ~]# head /opt/nginx.conf #user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; [root@nginx ~]# ps -ef | grep nginx root 223600 1 0 07:33 ? 00:00:00 nginx: master process nginx nginx 223601 223600 0 07:33 ? 00:00:00 nginx: worker process root 224154 188055 0 07:34 pts/0 00:00:00 grep --color=auto nginx [root@nginx ~]# [root@nginx ~]# nginx -s stop;nginx -c /opt/nginx.conf [root@nginx ~]# head /opt/nginx.conf #user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; [root@nginx ~]# ps -ef |grep nginx root 215466 1 0 07:29 ? 00:00:00 nginx: master process nginx -c /opt/nginx.conf nginx 215467 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215468 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215469 215466 0 07:29 ? 00:00:00 nginx: worker process nginx 215470 215466 0 07:29 ? 00:00:00 nginx: worker process root 215983 188055 0 07:29 pts/0 00:00:00 grep --color=auto nginx [root@nginx ~]#
7. Setting of error log
The error log is the best tool for locating Nginx problems. We can properly set the path and level of the error log according to our own needs.
/The path/file parameter can be a specific file. For example, by default, it is the logs/error.log file. It is better to put it in a location with enough disk space; / path/file can also be / dev/null, so that no logs will be output, which is the only way to close the error log; / path/file can also be stderr, so that the logs will be output to the standard error file .
Level is the output level of the log. The values range from debug, info, notice, warn, error, crit, alert, and emerg, increasing from left to right. When set to a level, logs greater than or equal to this level will be output to the / path/file file, and logs less than this level will not be output. For example, when set to error level, error, crit, alert, and E MERG level logs will be output.
If the set log level is debug, all logs will be output, so the amount of data will be large. You need to ensure that there is enough disk space on the disk where / path/file is located in advance.
Note that if the log level is set to debug, the – with debug configuration item must be added during configure.
[root@nginx logs]# head /opt/nginx.conf #user nobody; worker_processes 4; error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; [root@nginx logs]# cat /usr/local/nginx/logs/error.log nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] still could not bind() [root@nginx logs]#
[root@nginx ~]# vim /opt/nginx.conf [root@nginx ~]# nginx -s stop;nginx -c /opt/nginx.conf [root@nginx ~]# head /opt/nginx.conf #user nobody; worker_processes 4; #daemon off; master_process on; #error_log logs/error.log; #error_log logs/error.log notice; error_log logs/error.log info; [root@nginx ~]# cat /usr/local/nginx/logs/error.log 2021/10/25 07:43:05 [notice] 240568#0: using the "epoll" event method 2021/10/25 07:43:05 [notice] 240568#0: nginx/1.20.1 2021/10/25 07:43:05 [notice] 240568#0: built by gcc 8.5.0 20210514 (Red Hat 8.5.0-3) (GCC) 2021/10/25 07:43:05 [notice] 240568#0: OS: Linux 4.18.0-257.el8.x86_64 2021/10/25 07:43:05 [notice] 240568#0: getrlimit(RLIMIT_NOFILE): 1024:262144 2021/10/25 07:43:05 [notice] 240569#0: start worker processes 2021/10/25 07:43:05 [notice] 240569#0: start worker process 240570 2021/10/25 07:43:05 [notice] 240569#0: start worker process 240571 2021/10/25 07:43:05 [notice] 240569#0: start worker process 240572 2021/10/25 07:43:05 [notice] 240569#0: start worker process 240573 2021/10/25 07:43:07 [info] 240570#0: *1 client closed connection while waiting for request, client: 192.168.100.146, server: 0.0.0.0:80 2021/10/25 07:43:13 [info] 240570#0: *2 client closed connection while waiting for request, client: 192.168.100.146, server: 0.0.0.0:80 [root@nginx ~]#
[root@nginx ~]# vim /opt/nginx.conf [root@nginx ~]# head /opt/nginx.conf #user nobody; worker_processes 4; #daemon off; master_process on; #error_log logs/error.log; error_log logs/error.log debug; #error_log logs/error.log notice; #error_log logs/error.log info; [root@nginx ~]# [root@nginx ~]# nginx -s stop;nginx -c /opt/nginx.conf [root@nginx ~]# cat /usr/local/nginx/logs/error.log 2021/10/25 07:43:05 [notice] 240568#0: using the "epoll" event method 2021/10/25 07:43:05 [notice] 240568#0: nginx/1.20.1 2021/10/25 07:43:05 [notice] 240568#0: built by gcc 8.5.0 20210514 (Red Hat 8.5.0-3) (GCC) 2021/10/25 07:43:05 [notice] 240568#0: OS: Linux 4.18.0-257.el8.x86_64 2021/10/25 07:43:05 [notice] 240568#0: getrlimit(RLIMIT_NOFILE): 1024:262144 Slightly...... 2021/10/25 07:44:31 [debug] 243044#0: timer delta: 0 2021/10/25 07:44:31 [debug] 243044#0: worker cycle 2021/10/25 07:44:31 [debug] 243044#0: epoll timer: -1 [root@nginx ~]#
8. Detailed explanation of nginx configuration file
[root@localhost ~]# vim /usr/local/nginx/conf
# Global block
user www-data; ##user
worker_processes 2; ## The default is 1. It is generally recommended to set the number of CPU cores to 1-2 times
error_log logs/error.log; ## Error log path
pid logs/nginx.pid; ## Process id
# Events block
events {
# Use epoll's I/O model to handle polling events.
# It can not be set. nginx will select the appropriate model according to the operating system
use epoll;
# The maximum number of connections for the worker process. 1024 by default
worker_connections 2048;
# Keep alive timeout at http level
keepalive_timeout 60;
# Buffer size of the client request header
client_header_buffer_size 2k;
}
# http block
http {
include mime.types; # Import file extension and file type mapping table
default_type application/octet-stream; # Default file type
# Log format and access log path
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
# sendfile mode is allowed to transfer files. The default value is off.
sendfile on;
tcp_nopush on; # Only when sendfile is on.
# http server block
# Simple reverse proxy
server {
listen 80;
server_name domain2.com www.domain2.com;
access_log logs/domain2.access.log main;
# Forward dynamic request to web application server
location / {
proxy_pass http://127.0.0.1:8000;
deny 192.24.40.8; # Rejected ip
allow 192.24.40.6; # Allowed ip
}
# Error page
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# load balancing
upstream backend_server {
server 192.168.0.1:8000 weight=5; # The higher the weight, the greater the weight
server 192.168.0.2:8000 weight=1;
server 192.168.0.3:8000;
server 192.168.0.4:8001 backup; # Hot standby
}
server {
listen 80;
server_name big.server.com;
access_log logs/big.server.access.log main;
charset utf-8;
client_max_body_size 10M; # Limit the file size uploaded by the user. The default is 1M
location / {
# Using proxy_pass forwards the request to a set of application servers defined through upstream
proxy_pass http://backend_server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
}
}
}