利用Nginx替代apache实现高性能的Web环境

toppoo 2008-11-13

展开全文

利用Nginx替代apache实现高性能的Web环境更新时间:2007-11-27 作者:NetSeek 欢迎转载，转载请注明出处: http://bbs. 原文链接:http://bbs./thread-11845-1-1.html Nginx介绍: Nginx发音为[engine x]，是由俄罗斯人Igor Sysoev建立的项目,基于BSD许可。据说他当初是F5的成员之一，英文主页：http://。俄罗斯的一些大网站已经使用它超过两年多了，一直表现不凡,相信想了解nginx的朋友都读过阿叶大哥的利用nginx实现负载均衡的文章相关链接见(六)。测试环境:红动中国(redocn)提供运营服务器环境. 关于红动服务环境: 红动中国在早期利用apache环境，再加上一些优化的工作，一直是相对很稳定，但是最近由于网站发展，访问量越来越大，在线人数一多经常出现，负载过高，性能急剧下降，经过双木站长的同意，考虑是否能利用nginx来代替apache，经过长时间的观察目前nginx工作很稳定，系统也不会再说现高负载的状况，占用内存也很低,访问速率从用户体验来看明显有提升. 关于红动中国: 红动中国（redocn)论坛经过近1年的快速发展，目前日均页面访问量超过100万，位居全球设计论坛(中文)第1位，是国内最具影响力的设计论坛之一。目前论坛拥有近20万会员，包括众多设计界领军人物在内的行业中坚力量、相关艺术院校师生以及部分设计爱好者等。迁移目标:实现网站论坛静态化，防盗链，下载并发数和速率限制,实现原站apache所具有的所有功能,将原apache环境下的站点全部迁移到Nginx 一.PHP(Fastcgi)编译安装 [root@att php-5.2.4]# cat in.sh 复制内容到剪贴板代码: ./configure --prefix=/usr/local/php-fcgi --enable-fastcgi --enable-discard-path --enable-force-cgi-redirect --with-config-file-path=/usr/local/php-fcgi/etc --enable-zend-multibyte --with-mysql=/usr/local/mysql --with-libxml-dir=/usr/local/libxml2 --with-gd=/usr/local/gd2 --with-jpeg-dir --with-png-dir --with-bz2 --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-openssl=/usr/local/openssl --with-mcrypt=/usr/local/libmcrypt --enable-sysvsem --enable-inline-optimization --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-debug --disable-ipv6 make make install cp php.ini-dist /usr/local/php-fcgi/etc/php.ini 注:关于如何安装gd库，mysql的编译安装，本文将不介绍，本文重点在于介绍nginx的安装与配置，如想了解其它相关的问题可以到 LinuxPk去找相关的贴子(http://bbs.) 二.Nginx编译安装 1.创建nginx运行用户和虚拟主机目录复制内容到剪贴板代码: groupadd www -g 48 useradd -u 48 -g www www mkdir -p /data/www/wwwroot chown -R www:www /data/www/wwwroot 2.安装lighttpd中附带的spawn-fcgi，用来启动php-cgi 先编译安装lighttpd产生spawn-fcgi二进制文件. 复制内容到剪贴板代码: cd /usr/local/src/lighttpd-1.4.18 cp src/spawn-fcgi /usr/local/php-fcgi/bin/ 启动php-cgi进程，监听127.0.0.1的8085端口，进程数为250（如果服务器内存小于3GB，可以只开启25个进程），用户为www： /usr/local/php-fcgi/bin/spawn-fcgi -a 127.0.0.1 -p 8085 -C 250 -u www -f /usr/local/php-fcgi/bin/php-cgi 3.nginx的安装与配置安装Nginx所需的pcre库： http://ftp.dk./exim/pcre/pcre-7.3.tar.gz 复制内容到剪贴板代码: tar zxvf pcre-7.2.tar.gz cd pcre-7.2/ ./configure make && make install cd ../ http:///nginx/nginx-0.5.32.tar.gz tar zxvf nginx-0.5.32.tar.gz cd nginx-0.5.32 ./configure --user=www --group=www --prefix=/usr/local/nginx/ --with-http_stub_status_module --with- openssl=/usr/local/openssl make && make install 此模块非核心模块，需要在编译的时候手动添加编译参数 --with-http_stub_status_module 配置nginx 三.Nginx主配置文件及PHP支持. 1.nginx.conf 主配置文件的配置 #cd /usr/local/nginx/conf/ #cp nginx.conf nginx.conf.cao #cat /dev/null > nginx.conf #vi nginx.conf //主配置文件复制内容到剪贴板代码: user www www; worker_processes 10; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; pid /var/run/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; events { use epoll; #maxclient = worker_processes * worker_connections / cpu_number worker_connections 51200; } http { include conf/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log /data/www/logs/access.log main; #sendfile on; tcp_nopush on; tcp_nodelay off; keepalive_timeout 60; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; client_max_body_size 10m; client_body_buffer_size 256k; client_body_temp_path /dev/shm/client_body_temp; proxy_temp_path /usr/local/nginx/proxy_temp; fastcgi_temp_path /usr/local/nginx/fastcgi_temp; #gzip gzip on; gzip_http_version 1.0; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_min_length 1100; gzip_buffers 4 8k; # The following includes are specified for virtual hosts //以下是加载虚拟主机配置. #[url]www.redocn.com[/url] include conf/vhosts/www_redocn_com.conf; #bbs.redocn.com include conf/vhosts/bbs_redocn_com.conf; #blog.redocn.com include conf/vhosts/blog_redocn_com.conf; #down.redocn.com include conf/vhosts/down_redocn_com.conf; } 2.配置支持Fastcgi模式的PHP [root@redocn conf]# cat enable_php5.conf 复制内容到剪贴板代码: fastcgi_pass 127.0.0.1:8085; fastcgi_index index.php; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; #new ac upload #fastcgi_pass_request_body off; #client_body_in_file_only clean; #fastcgi_param REQUEST_BODY_FILE $request_body_file; # fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; 四，多虚拟主机应用配置案例. #mkdir /usr/local/nginx/conf/vhosts //建立虚拟主机配置存放目录. 1.www.redocn.com //首站配置 [root@redocn vhosts]#vi www_redocn_com.conf 复制内容到剪贴板代码: server { listen 80; server_name www.redocn.com; index index.html index.htm index.php; root /data/www/wwwroot; error_page 404 http://bbs.redocn.com; rewrite ^/bbs/(.*) http://bbs.redocn.com/$1; location ~ .*\.php?$ { include conf/enable_php5.conf; } } 注: 关于rewite需求,红动中国希望当用户访问http://www.redocn.com/bbs的时候自动转至http://bbs.redocn.com 在原apache中利用redirect实现 Redirect /bbs http://bbs.redocn.com 本文中在nginx下利用rewrite实现: rewrite ^/bbs/(.*) http://bbs.redocn.com/$1; 2.[root@redocn vhosts] vi bbs_redocn_com.conf 复制内容到剪贴板代码: server { listen 80; server_name bbs.redocn.com yan.redocn.com majia.redocn.com wt.redocn.com; index index.html index.htm index.php; root /home/www/htdocs/bbs; access_log /var/log/nginx/access_bbs.redocn.com.log combined; location / { #bbs rewrite rewrite ^/archiver/((fid|tid)-[\w\-]+\.html)$ /archiver/index.php?$1 last; rewrite ^/forum-([0-9]+)-([0-9]+)\.html$ /forumdisplay.php?fid=$1&page=$2 last; rewrite ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /viewthread.php?tid=$1&extra=page\%3D$3&page=$2 last; rewrite ^/space-(username|uid)-(.+)\.html$ /space.php?$1=$2 last; rewrite ^/tag-(.+)\.html$ /tag.php?name=$1 last; break; #error error_page 404 /index.php; #redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } #Preventing hot linking of images and other file types location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ { valid_referers none blocked server_names *.redocn.com redocn.com *.taobao.com taobao.com bbs.blueidea.com bbs.asiaci.com bbs.arting365.com forum.chinavisual.com softbbs.pconline.com.cn bbs.chinaddu.com bbs.photops.com *.baidu.com *.google.com *.google.cn *.soso.com *.yahoo.com.cn *.yahoo.cn; if ($invalid_referer) { rewrite ^/ http://www.redocn.com/images/redocn.gif; #return 403; } } #support php location ~ .*\.php?$ { include conf/enable_php5.conf; } } 注: 1.红动中国采用高性能的Discuz!论坛，原apache的rewrite规则几乎不要做什么修改即可全部移植到nginx下. 静态化配置见面上面的:#bbs rewrite部分. 2.一般论坛都希望实现防盗链功能，在apache很轻松实现？在nginx下是否容易实现呢？答案是肯定的. 复制内容到剪贴板代码: #Preventing hot linking of images and other file types valid_referers none blocked server_names *.redocn.com redocn.com ...你允许连接的网址; if ($invalid_referer) { rewrite ^/ http://www.redocn.com/images/redocn.gif; //让别人盗链时显示你指定的图片. #return 403; } 3.blog.redocn.com [root@redocn vhosts]#vi blog_redocn_com.conf 复制内容到剪贴板代码: server { listen 80; server_name blog.redocn.com; index index.html index.htm index.php; root /data/www/wwwroot/blog; error_page 404 http://bbs.redocn.com; #supsite rewrite rewrite ^([0-9]+)/spacelist(.*)$ index.php?$1/action_spacelist$2; rewrite ^([0-9]+)/viewspace_(.+)$ index.php?$1/action_viewspace_itemid_$2; rewrite ^([0-9]+)/viewbbs_(.+)$ index.php?$1/action_viewbbs_tid_$2; rewrite ^([0-9]+)/(.*)$ index.php?$1/$2; rewrite ^([0-9]+)$ index.php?$1; rewrite ^action_(.+)$ index.php?action_$1; rewrite ^category_(.+)$ index.php?action_category_catid_$1; rewrite ^itemlist_(.+)$ index.php?action_itemlist_catid_$1; rewrite ^viewnews_(.+)$ index.php?action_viewnews_itemid_$1; rewrite ^viewthread_(.+)$ index.php?action_viewthread_tid_$1; rewrite ^index([\.a-zA-Z0-9]*)$ index.php; rewrite ^html/([0-9]+)/viewnews_itemid_([0-9]+)\.html$ index.php?action_viewnews_itemid_$2; rewrite ^/([0-9]+)/spacelist(.+)$ /index.php?uid/$1/action/spacelist/type$2; rewrite ^/([0-9]+)/viewspace(.+)$ /index.php?uid/$1/action/viewspace/itemid$2; rewrite ^/([0-9]+)/viewbbs(.+)$ /index.php?uid/$1/action/viewbbs/tid$2; rewrite ^/([0-9]+)/(.*)$ /index.php?uid/$1/$2; rewrite ^/([0-9]+)$ /index.php?uid/$1; rewrite ^/action(.+)$ /index.php?action$1; rewrite ^/category(.+)$ /index.php?action/category/catid$1; rewrite ^/viewnews(.+)$ /index.php?action/viewnews/itemid$1; rewrite ^/viewthread(.+)$ /index.php?action/viewthread/tid$1; rewrite ^/mygroup(.+)$ /index.php?action/mygroup/gid$1; location ~ .*\.php?$ { include conf/enable_php5.conf; } } 注:blog采用功能强大的Supesite作为Blog站点: http://www./ 1.Blog如何在Nginx里实现静态化，具体设置见，上面的#supesite rewrite 4.down.redocn.com [root@redocn vhosts]# vi down_redocn_com.conf 复制内容到剪贴板代码: limit_zone one $binary_remote_addr 10m; server { listen 80; server_name down.redocn.com; index index.html index.htm index.php; root /data/www/wwwroot/down; error_page 404 /index.php; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } #Zone limit location / { limit_conn one 1; limit_rate 20k; } # serve static files location ~ ^/(images|javascript|js|css|flash|media|static)/ { root /data/www/wwwroot/down; expires 30d; } } 注: 由于现在的BT下载软件越来越多了，我们如何限制下载的并发数和速率呢？apache需要三方模块，nginx就不用了在nginx利用两个指令即可实现:limit_zone(limit_conn) 来限制并发数,limit_rate来限制下载的速率,请看上面的配置实例. 5.启动nginx服务复制内容到剪贴板代码: /usr/local/php-fcgi/bin/spawn-fcgi -a 127.0.0.1 -p 8085 -C 250 -u www -f/usr/local/php-fcgi/bin/php-cgi /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf 你可以把上面两条命令制做成系统启动服务脚本，相关的脚本在网上也很多，本文就不再贴出来了,给出一个实例链接: http:///svn/shovel/nginx/init.d/nginx 五.问题及经验总结: 1.安装Discuz论坛后，无法上传大于M以上的附件？在主配置文件里加入:client_max_body_size 10m; 详细指令说明请参见(六)提供的Wiki链接. 2.Discuz附件无法下载附件? 最近遇到一个奇怪的问题在nginx下discuz论坛无法下载附件，后来打开error_log才知道，仍后一看/usr/local分区满了, 清了一大堆无用文件后，马上就正常了. 以上是本人迁移和测试过程中遇到的两个小问题，在此附上说明，只是希望配置nginx的朋友不要犯我一样的问题. 欢迎联系NetSeek(狂热linux爱好者^_^ msn:cnseek@msn.com QQ:67888954 Gtalk:cnseek@gmail.com). 六.相关链接: 1.Discuz!.net高性能的PHP论坛程序 http://www. Supesite: http://www./ 2.Nginx参考文档:http://wiki./ 3.利用Nginx实现负载均衡(阿叶大哥的文章):http://www./comment/reply/210 4.linuxPk[Linux宝库]:http://bbs. 5.红动中国 http://bbs.redocn.com