目錄
1、server_names_hash_bucket_size
21、gzip_http_version (1.0|1.1)
28、proxy_connect_timeout (default 60s)
29、proxy_read_timeout (default 60s)
30、proxy_send_timeout (default 60s)
EXAMPLE 基於上述 我配置的簡單的nginx.conf 優化之後的 web代理配置:
worker_processes
工作進程數,操作系統啓動多少個工作進程運行Nginx。注意是工作進程,不是有多少個nginx工程。在Nginx運行的時候,會啓動兩種進程,一種是主進程master process;一種是工作進程worker process。worker process。主進程負責監控端口,協調工作進程的工作狀態,分配工作任務,工作進程負責進行任務處理。一般這個參數要和操作系統的CPU內核數成倍,(當值爲 auto 時,nginx會自己決定工作進程數量)
下面是nginx官網原話:
Syntax: worker_processes number | auto;
Default: worker_processes 1;
Context: main Defines the number of worker processes. The optimal value depends on many factors including (but not limited to) the number of CPU cores, the number of hard disk drives that store data, and load pattern. When one is in doubt, setting it to the number of available CPU cores would be a good start (the value “auto” will try to autodetect it). The auto parameter is supported starting from versions 1.3.8 and 1.2.5.
網上尋找的一些經驗總結:
- 一般設置爲1就足夠了,可以把連接數設置的很大,比如65535。
- 如果有SSL,gzip等比較消耗CPU資源的工作,而且CPU是多核的話,可以把值設置爲和CPU核數一樣。
- 如果有很多靜態文件而且它們的總大小超過內存大小,那麼可以增加工作進程來充分利用I/O帶寬。
- 如果要開多個工作進程,最好是CPU核數的1~2倍。正常情況下,不要太多,因爲工作進程太多會影響nginx主進程調度。
- worker_processes最多開啓8個,8個以上性能提升不會再提升了,而且穩定性變得更低,所以8個進程夠用了。
work_cpu_affinity
Nginx默認沒有開啓利用多核CPU,我們可以通過增加worker_cpu_affinity配置參數來充分利用多核CPU。CPU是任務處理,計算最關鍵的資源,CPU核越多,性能就越好(worker_processes配合使用,當值爲 auto 時,nginx會自己決定CPU核數使用)。
幾個簡單的配置用例:
worker_processes 2;
worker_cpu_affinity 01 10;
01表示啓用第一個CPU內核,10表示啓用第二個CPU內核。
worker_cpu_affinity 01 10;表示開啓兩個進程,第一個進程對應着第一個CPU內核,第二個進程對應着第二個CPU內核。
worker_processes 4;
worker_cpu_affinity 01 10 01 10;
開啓了四個進程,它們分別對應着開啓2個CPU內核。
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
0001表示啓用第一個CPU內核,0010表示啓用第二個CPU內核,依此類推。
worker_processes最多開啓8個,8個以上性能提升不會再提升了,而且穩定性變得更低,所以8個進程夠用了。
worker_rlimit_nofile
nginx官網原文:
Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without restarting the main process.
爲nginx工作進程改變打開最多文件描述符數目的限制。用來在不重啓主進程的情況下增加限制。
如果沒設置的話,這個值爲操作系統的限制。設置後你的操作系統和Nginx可以處理比“ulimit -a”更多的文件。
events模塊
nginx官網原文:
Provides the configuration file context in which the directives that affect connection processing are specified.
events塊:配置影響nginx服務器或與用戶的網絡連接。有每個進程的最大連接數,選取哪種事件驅動模型處理連接請求,是否允許同時接受多個網路連接,開啓多個網絡連接序列化等。
1、use method;
method;Specifies the connection processing method to use. There is normally no need to specify it explicitly, because nginx will by default use the most efficient method.
eg: use epoll;
使用epoll的I/O 模型(值得注意的是如果你不知道Nginx該使用哪種輪詢方法的話,它會選擇一個最適合你操作系統的)。
如果你使用Linux 2.6+,你應該使用epoll。如果你使用*BSD,你應該使用kqueue。
補充說明:
與apache相類,nginx針對不同的操作系統,有不同的事件模型
A)標準事件模型
Select、poll屬於標準事件模型,如果當前系統不存在更有效的方法,nginx會選擇select或poll
B)高效事件模型
Kqueue:使用於FreeBSD 4.1+, OpenBSD 2.9+, NetBSD 2.0 和 MacOS X.使用雙處理器的MacOS X系統使用kqueue可能會造成內核崩潰。
Epoll:使用於Linux內核2.6版本及以後的系統。
/dev/poll:使用於Solaris 7 11/99+, HP/UX 11.22+ (eventport), IRIX 6.5.15+ 和 Tru64 UNIX 5.1A+。
Eventport:使用於Solaris 10. 爲了防止出現內核崩潰的問題, 有必要安裝安全補丁
查看linux版本號可以使用 cat /proc/version命令
2、worker_connections
原文:
Sets the maximum number of simultaneous connections that can be opened by a worker process.
It should be kept in mind that this number includes all connections (e.g. connections with proxied servers, among others), not only connections with clients. Another consideration is that the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files, which can be changed by worker_rlimit_nofile.
設置工作進程的最大連接數量
按反向代理模式下最大連接數的理論計算公式:
最大連接數 = worker_processes * worker_connections/4
3、multi_accept
原文:
If multi_accept is disabled, a worker process will accept one new connection at a time. Otherwise, a worker process will accept all new connections at a time.
The directive is ignored if kqueue connection processing method is used, because it reports the number of new connections waiting to be accepted.
如果multi_accept被禁止了,nginx一個工作進程只能同時接受一個新的連接。否則,一個工作進程可以同時接受所有的新連接。
如果nginx使用kqueue連接方法,那麼這條指令會被忽略,因爲這個方法會報告在等待被接受的新連接的數量。
http模塊
1、server_names_hash_bucket_size
Sets the bucket size for the server names hash tables. The default value depends on the size of the processor’s cache line. The details of setting up hash tables are provided in a separate document.
服務器名字的hash表大小,默認(32|64|128)
2、client_header_buffer_size
Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough. However, if a request includes long cookies, or comes from a WAP client, it may not fit into 1K. If a request line or a request header field does not fit into this buffer then larger buffers, configured by the large_client_header_buffers directive, are allocated.
用於指定來自客戶端請求頭headerbuffer大小,對於大多數請求,1KB(默認)的緩衝區大小已經足夠,如果自定義了消息頭或有更大的cookie,可以增加緩衝區大小。這裏設置爲32KB
3、large_client_header_buffers
Sets the maximum number and size of buffers used for reading large client request header. A request line cannot exceed the size of one buffer, or the 414 (Request-URI Too Large) error is returned to the client. A request header field cannot exceed the size of one buffer as well, or the 400 (Bad Request) error is returned to the client. Buffers are allocated only on demand. By default, the buffer size is equal to 8K bytes. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are released.
用來指定客戶端請求中較大的消息頭的緩存最大數量和大小,
eg: large_client_header_buffers 4 128k; “4”爲個數,“128”爲大小,最大緩存爲4個128KB
4、client_max_body_size
Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size.
設置客戶端請求的最大文件字節數
5、client_header_timeout
Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the request is terminated with the 408 (Request Time-out) error.
(默認60s)用於設置客戶端請求讀取header超時時間,如果超過這個時間,客戶端沒有發送任何數據,nginx將返回“request time out (408)”錯誤。
6、client_body_timeout
Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the request is terminated with the 408 (Request Time-out) error.
用於設置客戶端請求主體讀取超時時間,默認值爲60s,如果超過這個時間,客戶端還沒有發送任何數據,nginx將返回“Request time out(408)。
7、send_timeout
Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.
服務器響應超時設置。默認60s。
8、sendfile
Enables or disables the use of sendfile().
Starting from nginx 0.8.12 and FreeBSD 5.2.1, aio can be used to pre-load data for sendfile():
location /video/ { sendfile on; tcp_nopush on; aio on; }
In this configuration, sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the read_ahead directive.
Before version 1.7.11, pre-loading could be enabled with aio sendfile;.
開啓高效文件傳輸模式,將tcp_nopush和tcp_nodely兩個指令設置爲on,用於防止網絡阻塞。
sendfile可以讓Nginx在傳輸文件時直接在磁盤和tcp socket之間傳輸數據。如果這個參數不開啓,會先在用戶空間(Nginx進程空間)申請一個buffer,用read函數把數據從磁盤讀到cache,再從cache讀取到用戶空間的buffer,再用write函數把數據從用戶空間的buffer寫入到內核的buffer,最後到tcp socket。開啓這個參數後可以讓數據不用經過用戶buffer。
9、tcp_nopush
Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. The options are enabled only when sendfile is used. Enabling the option allows
- sending the response header and the beginning of a file in one packet, on Linux and FreeBSD 4.*;
- sending a file in full packets.
防止網絡阻塞,允許把httpresponse header和文件的開始放在一個文件裏發佈,作用是減少網絡報文段的數量。
10、tcp_nodelay
Enables or disables the use of the TCP_NODELAY option. The option is enabled when a connection is transitioned into the keep-alive state. Additionally, it is enabled on SSL connections, for unbuffered proxying, and for WebSocket proxying.
內核會等待將更多的字節組成一個數據包,從而提高I/O性能。
11、keepalive_timeout
The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ.
The “Keep-Alive: timeout=time” header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.
keepalive_timeout 來指定 KeepAlive 的超時時間(timeout)。指定每個 TCP 連接最多可以保持多長時間。Nginx 的默認值是 75 秒,有些瀏覽器最多隻保持 60 秒,所以可以設定爲 60 秒。若將它設置爲 0,就禁止了 keepalive 連接。
12、server_tokens
Enables or disables emitting nginx version on error pages and in the “Server” response header field.
The build parameter (1.11.10) enables emitting a build name along with nginx version.
Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.
隱藏nginx相關版本信息。
13、limit_conn_zone
Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state includes the current number of connections. The key can contain text, variables, and their combination. Requests with an empty key value are not accounted.
Prior to version 1.7.6, a key could contain exactly one variable.
Usage example:
limit_conn_zone $binary_remote_addr zone=addr:10m;
Here, a client IP address serves as a key. Note that instead of $remote_addr, the $binary_remote_addr variable is used here. The $remote_addr variable’s size can vary from 7 to 15 bytes. The stored state occupies either 32 or 64 bytes of memory on 32-bit platforms and always 64 bytes on 64-bit platforms. The $binary_remote_addr variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. The stored state always occupies 32 or 64 bytes on 32-bit platforms and 64 bytes on 64-bit platforms. One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the error to all further requests.
這個模塊的目的主要是對連接進行限制,如果是這樣的話,那麼我們就需要對連接的狀態進行進行存儲。那麼是用什麼來進行存儲呢?存儲肯定是需要空間的。這個limit_conn_zone就是開闢了這樣的一個空間。這個空間裏,我們需要對那個作爲key要進行說明,比如說,以客戶端ip作爲Key。那麼這樣的話,就以http_addr這個變量作爲Key。如果要以別的內置變量作爲key來作爲key來進行配置的時候,那麼同樣,可以寫到key配置的這一項中。那麼後面的zone=name:size,就是限制的空間,name指的是空間的名字,size表示的是空間的大小。在真正實現限制的時候就會調用這個空間。在limit_conn zone number中就可以調用這個空間。在limit_conn zone number中,是要結合先定義好的zone 才能使用limit_conn.這個zone指的是我們需要調用的zone的name.number指的是併發的限制個數。
該指令描述會話狀態存儲區域。鍵的狀態中保存了當前連接數,鍵的值可以是特定變量的任何非空值(空值將不會被考慮)。$variable定義鍵,zone=name定義區域名稱,後面的limit_conn指令會用到的。size定義各個鍵共享內存空間大小。
註釋:客戶端的IP地址作爲鍵。注意,這裏使用的是$binary_remote_addr變量,而不是$remote_addr變量。
$remote_addr變量的長度爲7字節到15字節,而存儲狀態在32位平臺中佔用32字節或64字節,在64位平臺中佔用64字節。
$binary_remote_addr變量的長度是固定的4字節,存儲狀態在32位平臺中佔用32字節或64字節,在64位平臺中佔用64字節。
1M共享空間可以保存3.2萬個32位的狀態,1.6萬個64位的狀態。
如果共享內存空間被耗盡,服務器將會對後續所有的請求返回 503 (Service Temporarily Unavailable) 錯誤。
14、limit_conn
Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the error in reply to a request. For example, the directives
limit_conn_zone $binary_remote_addr zone=addr:10m; server { location /download/ { limit_conn addr 1; }
allow only one connection per an IP address at a time.
In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
There could be several limit_conn directives. For example, the following configuration will limit the number of connections to the server per a client IP and, at the same time, the total number of connections to the virtual server:
limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $server_name zone=perserver:10m; server { ... limit_conn perip 10; limit_conn perserver 100; }
These directives are inherited from the previous level if and only if there are no limit_conn directives on the current level.
指定每個給定鍵值的最大同時連接數,當超過這個數字時被返回503 (Service Temporarily Unavailable)錯誤。
15、limit_conn_log_level
Sets the desired logging level for cases when the server limits the number of connections.
當達到最大限制連接數後,記錄日誌的等級。
16、gzip
Enables or disables gzipping of responses.
開啓gzip壓縮服務。
17、gzip_min_length
設置最小的壓縮值,單位爲bytes。超過設置的min_length的值會進行壓縮,小於的不壓縮。
18、gzip_comp_level
壓縮等級設置(1~9),1是最小壓縮,速度也是最快的,9剛好相反,最大的壓縮,速度是最慢的,消耗的cpu資源也多。
19、gzip_buffers
Sets the number and size of buffers used to compress a response. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.
Until version 0.7.28, four 4K or 8K buffers were used by default.
設置系統獲取幾個單位的緩存用於存儲gzip的壓縮結果數據流,它可以避免nginx頻繁向系統申請壓縮空間。 例如 4 4k 代表以4k爲單位,按照原始數據大小以4k爲單位的4倍申請內存。 4 8k 代表以8k爲單位,按照原始數據大小以8k爲單位的4倍申請內存。 如果沒有設置,默認值是申請跟原始數據相同大小的內存空間去存儲gzip壓縮結果。
20、gzip_types
Enables gzipping of responses for the specified MIME types in addition to “text/html”. The special value “*” matches any MIME type (0.8.29). Responses with the “text/html” type are always compressed.
需要進行gzip壓縮的Content-Type的Header的類型。建議js、text、css、xml、json都要進行壓縮; #圖片就沒必要了,gif、jpge文件已經壓縮得很好了,就算再壓,效果也不好,而且還耗費cpu。 javascript有多種形式。其中的值可以在 mime.types 文件中找到。
21、gzip_http_version (1.0|1.1)
Sets the minimum HTTP version of a request required to compress a response.
# gzip壓縮基於的http協議版本,默認就是HTTP 1.1
22、gzip_proxied
# 默認值:off
# Nginx作爲反向代理的時候啓用,開啓或者關閉後端服務器返回的結果,匹配的前提是後端服務器必須要返回包含"Via"的 header頭。
# off - 關閉所有的代理結果數據的壓縮
# expired - 啓用壓縮,如果header頭中包含 "Expires" 頭信息
# no-cache - 啓用壓縮,如果header頭中包含 "Cache-Control:no-cache" 頭信息
# no-store - 啓用壓縮,如果header頭中包含 "Cache-Control:no-store" 頭信息
# private - 啓用壓縮,如果header頭中包含 "Cache-Control:private" 頭信息
# no_last_modified - 啓用壓縮,如果header頭中不包含 "Last-Modified" 頭信息
# no_etag - 啓用壓縮 ,如果header頭中不包含 "ETag" 頭信息
# auth - 啓用壓縮 , 如果header頭中包含 "Authorization" 頭信息
# any - 無條件啓用壓縮
23、gzip_vary
Enables or disables inserting the “Vary: Accept-Encoding” response header field if the directives gzip, gzip_static, or gunzip are active.
是否在http header中添加Vary: Accept-Encoding,建議開啓,和http頭有關係,加個vary頭,給代理服務器用的,有的瀏覽器支持壓縮,有的不支持,所以避免浪費不支持的也壓縮,所以根據客戶端的HTTP頭來判斷,是否需要壓縮。
24、gzip_disable
一般設置 這個 gzip_disable "MSIE [1-6]\.";
禁用IE6的gzip壓縮。
25、proxy_temp_path
Defines a directory for storing temporary files with data received from proxied servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory.
緩存臨時文件路徑,存儲承載從代理服務器接收到的數據的臨時文件定義目錄。指定目錄下支持3級子目錄結構。
26、proxy_cache_path
Sets the path and other parameters of a cache. Cache data are stored in files. The file name in a cache is a result of applying the MD5 function to the cache key. The levels parameter defines hierarchy levels of a cache: from 1 to 3, each level accepts values 1 or 2.
proxy_cache_path 緩存文件路徑
levels 設置緩存文件目錄層次;levels=1:2 表示兩級目錄
keys_zone 設置緩存名字和共享內存大小
inactive 在指定時間內沒人訪問則被刪除
max_size 最大緩存空間,如果緩存空間滿,默認覆蓋掉緩存時間最長的資源。
比如:proxy_cache_path /home/tengine/proxy_cache levels=1:2 keys_zone=cache_ones:500m inactive=1d max_size=30g
設置web緩存區名稱cache_ones,內存緩存空間大小爲500mb,1天沒有被訪問的內容自動清除,硬盤緩存空間大小爲30GB。
27、client_body_buffer_size
Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file. By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms.
請求主體的緩衝區大小。 如果主體超過緩衝區大小,則完整主體或其一部分將寫入臨時文件。 如果NGINX配置爲使用文件而不是內存緩衝區,則該指令會被忽略。 默認情況下,該指令爲32位系統設置一個8k緩衝區,爲64位系統設置一個16k緩衝區。
一般我們設置成 client_body_buffer_size 1024k;
28、proxy_connect_timeout (default 60s)
Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.
後端服務器連接的超時時間_發起握手等候響應超時時間。
29、proxy_read_timeout (default 60s)
Defines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.
連接成功後_等候後端服務器響應時間_其實已經進入後端的排隊之中等候處理(也可以說是後端服務器處理請求的時間)。
30、proxy_send_timeout (default 60s)
Sets a timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed.
後端服務器數據回傳時間_就是在規定時間之內後端服務器必須傳完所有的數據。
31、proxy_buffer_size
Sets the size of the buffer used for reading the first part of the response received from the proxied server. This part usually contains a small response header. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.
指定後端 response 的 buffer 的大小。它是來自後端 response 的一部分,它包含 Headers,從 response 分離出來。它僅用於限定 headers 的 buffer 區,所以它的值比 proxy_buffers 更低。
proxy_buffer_size 有一點特殊在於,無論 proxy_buffering 是否開啓,proxy_buffer_size 都會起作用。
後端服務器的相應頭會放到proxy_buffer_size當中,這個大小默認等於proxy_buffers當中的設置單個緩衝區的大小。 proxy_buffer_size只是響應頭的緩衝區,沒有必要也跟着設置太大。 proxy_buffer_size最好單獨設置,一般設置個4k就夠了。
32、proxy_buffers
Sets the number and size of the buffers used for reading a response from the proxied server, for a single connection. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.
配置接受一次響應的buffer個數和你每個buffer的大小
proxy_buffers的緩衝區大小一般會設置的比較大,以應付大網頁。 proxy_buffers當中單個緩衝區的大小是由系統的內存頁面大小決定的,Linux系統中一般爲4k。 proxy_buffers由緩衝區數量和緩衝區大小組成的。總的大小爲number*size。
若某些請求的響應過大,則超過_buffers的部分將被緩衝到硬盤(緩衝目錄由_temp_path指令指定), 當然這將會使讀取響應的速度減慢, 影響用戶體驗. 可以使用proxy_max_temp_file_size指令關閉磁盤緩衝.
eg: proxy_buffer 4 4k;
number代表數量,size代表大小,一般size設置爲內存頁的大小4k或者8k,那麼一次響應的Proxy Buffer總大小爲4 * 4k = 16k。
33、proxy_busy_buffers_size
When buffering of responses from the proxied server is enabled, limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. By default, size is limited by the size of two buffers set by the proxy_buffer_size and proxy_buffers directives.
忙時 buffer 的最大值。一個客戶端一次只能從一個 buffer 中讀取數據的同時,剩下的 buffer 會被放到隊列中,等待發送到客戶端,這個 directive 指定在這個狀態下的 buffer 的大小。
proxy_busy_buffers_size不是獨立的空間,他是proxy_buffers和proxy_buffer_size的一部分。nginx會在沒有完全讀完後端響應的時候就開始向客戶端傳送數據,所以它會劃出一部分緩衝區來專門向客戶端傳送數據(這部分的大小是由proxy_busy_buffers_size來控制的,建議爲proxy_buffers中單個緩衝區大小的2倍),然後它繼續從後端取數據,緩衝區滿了之後就寫到磁盤的臨時文件中。
34、proxy_temp_file_write_size
Limits the size of data written to a temporary file at a time, when buffering of responses from the proxied server to temporary files is enabled. By default, size is limited by two buffers set by the proxy_buffer_size and proxy_buffers directives. The maximum size of a temporary file is set by the proxy_max_temp_file_size directive.
proxy_temp_file_write_size是一次訪問能寫入的臨時文件的大小,默認是proxy_buffer_size和proxy_buffers中設置的緩衝區大小的2倍,Linux下一般是8k。
35、proxy_next_upstream
proxy_next_upstream項定義了什麼情況下進行重試
語法: proxy_next_upstream error | timeout | invalid_header | http_500 | http_502 | http_503 | http_504 |http_404 | off ...; 默認值: proxy_next_upstream error timeout; 上下文: http, server, location
error # 和後端服務器建立連接時,或者向後端服務器發送請求時,或者從後端服務器接收響應頭時,出現錯誤 timeout # 和後端服務器建立連接時,或者向後端服務器發送請求時,或者從後端服務器接收響應頭時,出現超時 invalid_header # 後端服務器返回空響應或者非法響應頭 http_500 # 後端服務器返回的響應狀態碼爲500 http_502 # 後端服務器返回的響應狀態碼爲502 http_503 # 後端服務器返回的響應狀態碼爲503 http_504 # 後端服務器返回的響應狀態碼爲504 http_404 # 後端服務器返回的響應狀態碼爲404 off # 停止將請求發送給下一臺後端服務器
更多的參考官網文檔:http://nginx.org/en/docs/
EXAMPLE 基於上述 我配置的簡單的nginx.conf 優化之後的 web代理配置:
worker_processes auto; # 工作進程數,爲CPU的核心數或者兩倍
worker_cpu_affinity auto;
error_log /home/tengine/logs/error.log notice; # debug|info|notice|warn|error|crit
pid /home/tengine/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include mime.types; #設定mime類型,類型由mime.type文件定義
default_type application/octet-stream;
charset utf-8;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#lua依賴路徑
lua_package_path "/usr/local/openresty/lualib/?.lua;;";
lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
#初始化腳本
#init_by_lua_file "/usr/local/openresty/nginx/lua/util.lua";
lua_shared_dict healthcheck 1m;
lua_socket_log_errors off;
#設定請求緩衝
server_names_hash_bucket_size 256; #增加,原爲128
client_header_buffer_size 256k; #增加,原爲32k
large_client_header_buffers 4 256k; #增加,原爲32k
#size limits
client_max_body_size 2050m; #允許客戶端請求的最大的單個文件字節數
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
server_tokens on; #不顯示nginx版本信息
#limit_conn_zone $binary_remote_addr zone=perip:10m; #添加limit_zone,限制同一IP併發數
limit_conn_zone $binary_remote_addr zone=TotalConnLimitZone:10m;
limit_conn TotalConnLimitZone 500;
limit_conn_log_level notice;
#fastcgi_intercept_errors on; #開啓錯誤頁面跳轉
gzip on;
gzip_min_length 1k; #設置最小的壓縮值,單位爲bytes.超過設置的min_length的值會進行壓縮,小於的不壓縮.
gzip_comp_level 3; #壓縮等級設置,1-9,1是最小壓縮,速度也是最快的;9剛好相反,最大的壓縮,速度是最慢的,消耗的CPU資源也多
gzip_buffers 16 64k; #設置系統的緩存大小,以存儲GZIP壓縮結果的數據流,它可以避免nginx頻煩向系統申請壓縮空間大小
gzip_types text/plain application/x-javascript text/css text/javascript;
gzip_http_version 1.1; #識別http的協議版本(1.0/1.1)
gzip_proxied any; #設置使用代理時是否進行壓縮,默認是off的
gzip_vary on; #和http頭有關係,加個vary頭,代理判斷是否需要壓縮
gzip_disable "MSIE [1-6]."; #禁用IE6的gzip壓縮
#注:proxy_temp_path和proxy_cache_path指定的路徑必須在同一分區
proxy_temp_path /home/tengine/proxy_temp;
#設置Web緩存區名稱爲cache_one,內存緩存空間大小爲500MB,1天沒有被訪問的內容自動清除,硬盤緩存空間大小爲30GB。
proxy_cache_path /home/tengine/proxy_cache levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=30g;
client_body_buffer_size 1024k; #原爲512k
proxy_connect_timeout 50; #代理連接超時
proxy_read_timeout 600; #代理髮送超時
proxy_send_timeout 600; #代理接收超時
proxy_buffer_size 128k; #代理緩衝大小,原爲32k
proxy_buffers 16 256k; #代理緩衝,原爲4 64k
proxy_busy_buffers_size 512k; #高負荷下緩衝大小,原爲128k
proxy_temp_file_write_size 1024m; #proxy緩存臨時文件的大小原爲128k
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
}