规范优化Nginx配置文件:
----------------------------------------------------------------------------------------
Nginx的主配置文件为nginx.conf,主配置文件包含所有虚拟主机的子配置文件同一放到extra目录中。
虚拟主机的配置文件按照网站的域名或功能取名。
使用include包含到Nginx主配置文件。
优化后示例:
mkdir /application/nginx/extra #创建虚拟主机配置文件目录
vim /application/nginx/conf/nginx.conf #Nginx主配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include ../extra/www.conf; #包含虚拟主机配置文件
include ../extra/bbs.conf; #包含虚拟主机配置文件
include ../extra/pan.conf; #包含虚拟主机配置文件
}
vim /application/nginx/extra/www.conf #虚拟主机配置文件
server {
listen 192.168.30.3;
server_name www.smartbro.com;
location / {
root html/www;
index index.html index.htm;
}
}
vim /application/nginx/extra/bbs.conf #虚拟主机配置文件
server {
listen 192.168.20.3;
server_name bbs.smartbro.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
vim /application/nginx/extra/pan.conf #虚拟主机配置文件
server {
listen 192.168.10.3;
server_name pan.smartbro.com;
location / {
root html/pan;
index index.html index.htm;
}
}
/application/nginx/sbin/nginx -t #检查配置文件
nginx: the configuration file /application/nginx-1.13.4//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.13.4//conf/nginx.conf test is successful
/application/nginx/sbin/nginx -s reload #平滑重启Nginx
----------------------------------------------------------------------------------------
Nginx虚拟主机配置文件:
----------------------------------------------------------------------------------------
所谓虚拟主机别名,就是为虚拟主机设置除了主域名以外的一个或多个域名名字,这样就能实现用户访问的多个域名对应同一个主机。
vim /application/nginx/extra/www.conf
server {
listen 192.168.30.3;
server_name www.smartbro.com smart.com; #设置别名
location / {
root html/www;
index index.html index.htm;
}
}
----------------------------------------------------------------------------------------
Nginx状态信息功能实战:
----------------------------------------------------------------------------------------
Nginx 软件的功能模块有一个ngx_http_stub_status_module模块,这个模块的主要功能就是记录Nginx的基本访问状态信息的。
要是用该模块的功能必须编译安装增加http_stub_status_module模块。
/application/nginx/sbin/nginx -V #查看编译安装的参数
nginx version: nginx/1.13.4
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/application/nginx-1.13.4/ --with-http_stub_status_module --with-http_ssl_module
配置Nginx status:
(1)生成状态配置,并增加状态配置参数:
vim /application/nginx/extra/status.conf #创建新的配置文件
server {
listen 192.168.10.3:8088;
server_name status.smartbro.com;
location / {
stub_status on; #打开状态开关
access_log off;
}
}
vim /application/nginx/conf/nginx.conf #修改Nginx主配置文件
include ../extra/status.conf; #将状态配置文件包含
/application/nginx/sbin/nginx -t #检查配置文件
nginx: the configuration file /application/nginx-1.13.4//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.13.4//conf/nginx.conf test is successful
/application/nginx/sbin/nginx #启动Nginx
curl http://192.168.10.3:8088 #测试服务
Active connections: 1 #表示Nginx正处理的活动连接数
server accepts handled requests #表示到现在总共创建的握手次数
2 2 2
Reading: 0 Writing: 1 Waiting: 0
#Reading是Nginx读取客户端的Header信息次数
#Writing是Nginx返回给客户端的Header信息次数
#Waiting是Nginx已经处理完正在等候下一次请求指令的驻留连接
#在开启Keepalived的情况下,Waiting的值等于active - (reading - writing)
----------------------------------------------------------------------------------------
Nginx错误日志:
----------------------------------------------------------------------------------------
属于核心模块(ngx_core_module)的参数,参数名是error_log,可以放到Main区块的全局配置,也可以放到不同的虚拟主机中。
语法格式:
error_log file level;
关键字 日志文件 等级
日志级别常见有:debug info notice warn error crit alert emerg
生产场景一般是:warn error crit
使用debug或info时会带来巨大的磁盘I/O消耗
error_log的默认配置是:
error_log logs/error.log error;
可以放置的标签段:
main http server location
配置Nginx错误日志:
vim /application/nginx/conf/nginx.conf
error_log logs/error.log error;
/application/nginx/sbin/nginx -t #检查配置文件语法
nginx: the configuration file /application/nginx-1.13.4//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.13.4//conf/nginx.conf test is successful
/application/nginx/sbin/nginx -s reload #平滑重启Nginx
----------------------------------------------------------------------------------------
Nginx访问日志:
----------------------------------------------------------------------------------------
功能由ngx_http_log_module模块负责。
log_format:用来定义记录日志的格式
access_log:用来指定日志文件的路径和使用日志格式记录文件
默认的格式:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
访问日志配置说明:
(1)日志格式的定义说明
log_format是关键字
main用来指定日志格式的标签
Nginx日志文件的变量说明:
+------------------------------------------------------------------------------------------------------+
|$remote_addr |记录访问网站的客户端地址 |
+------------------------------------------------------------------------------------------------------+
|$http_x_forwarded_for|当前端有代理服务器的时候,设置Web节点记录客户端得我配置,此参数生 |
| |效的前提是代理服务器上也进行相关的x_forwarded_for设置 |
+------------------------------------------------------------------------------------------------------+
|$remote_user |远程客户端用户名称 |
+------------------------------------------------------------------------------------------------------+
|$request |用户的HTTP请求起始行信息 |
+------------------------------------------------------------------------------------------------------+
|$status |HTTP状态码,记录请求返回的状态 |
+------------------------------------------------------------------------------------------------------+
|$body_bytes_sent |服务器发送给客户端的响应body字节数 |
+------------------------------------------------------------------------------------------------------+
|$http_referer |记录此次请求是从哪个链接访问过来的,可以根据referer进行防盗链设置 |
+------------------------------------------------------------------------------------------------------+
|$http_user_agent |记录客户端访问信息 |
+------------------------------------------------------------------------------------------------------+
在没有特殊情况的前提下,采用默认配置即可。
记录日志的access_log参数说明:
access_log path [format [buffer=size] [flush=time] [if=condition]];
access_log path format gzip=[level] [buffer=size] [flush=time] [if=condition];
access_log syslog:server=address [,parameter=value] [format [if=condition]];
buffer=size是存放访问日志的缓冲区大小
flush=time是讲缓冲区的日志刷新到磁盘的时间
gzip[=level]是压缩级别
[if=condition]表示其他条件
一般情况下,这些参数都无需配置,极端优化时才会考虑这些参数。
默认配置:
access_log logs/access.log combined;
放置位置:
http server location if in location limit_eccept
访问日志配置实战:
vim /application/nginx/conf/nginx.conf #修改主配置文件
worker_processes 1;
error_log logs/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' #使用默认的配置
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
keepalive_timeout 65;
include ../extra/www.conf;
include ../extra/bbs.conf;
include ../extra/pan.conf;
include ../extra/status.conf;
}
vim /application/nginx/extra/www.conf #修改各个虚拟主机的配置文件
server {
listen 192.168.30.3;
server_name www.smartbro.com smart.com;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main; #开启日志,默认使用combined格式距离日志
}
vim /application/nginx/extra/pan.conf #修改各个虚拟主机的配置文件
server {
listen 192.168.10.3;
server_name pan.smartbro.com;
location / {
root html/pan;
index index.html index.htm;
}
access_log logs/access_pan.log main; #开启日志,默认使用combined格式距离日志
}
vim /application/nginx/extra/bbs.conf #修改各个虚拟主机的配置文件
server {
listen 192.168.20.3;
server_name bbs.smartbro.com;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main; #开启日志,默认使用combined格式距离日志
}
/application/nginx/sbin/nginx -t #检查配置文件语法
nginx: the configuration file /application/nginx-1.13.4//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.13.4//conf/nginx.conf test is successful
/application/nginx/sbin/nginx -s reload #平滑重启Nginx
使用谷歌浏览器访问,出现日志:
192.168.10.1 - - [10/Aug/2017:23:38:48 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3159.5 Safari/537.36" "-"
可以在记录日志参数中加入buffer和flush选项,这样可以在高并发场景下提升网站访问性能。
----------------------------------------------------------------------------------------
Nginx访问日志轮询切割:
----------------------------------------------------------------------------------------
默认情况Nginx会把所有的日志生成到一个指定的文件,时间一长日志的个头很大,不利于日志的分析。
使用脚本加上计划任务进行定时切割:
mkdir -p /server/scripts/ #创建专门存放系统脚本的目录
vim /server/scripts/cut_log_nginx.sh
#!/bin/bash
DateFormat=`date +%Y-%m-%d`
BaseDir="/application/nginx"
NginxDir="$BaseDir/logs/"
LogName="access_www"
[ -d $NginxDir ] && cd $NginxDir || exit 1
[ -f ${LogName}.log ] || exit 1
/bin/mv ${LogName}.log ${DateFormat}_${LogName}.log
$BaseDir/sbin/nginx -s reload
vim /var/spool/cron/root #编辑计划任务文件
00 00 * * * /bin/bash /server/scrpits/cut_log_nginx.sh > /dev/null 2>&1
常见的日志分析工具有:
rsyslog awstats flume ELK storm