标签归档:nginx

LVS、Nginx 及 HAProxy 的工作原理

当前大多数的互联网系统都使用了服务器集群技术,集群是将相同服务部署在多台服务器上构成一个集群整体对外提供服务,这些集群可以是 Web 应用服务器集群,也可以是数据库服务器集群,还可以是分布式缓存服务器集群等等。

在实际应用中,在 Web 服务器集群之前总会有一台负载均衡服务器,负载均衡设备的任务就是作为 Web 服务器流量的入口,挑选最合适的一台 Web 服务器,将客户端的请求转发给它处理,实现客户端到真实服务端的透明转发。

最近几年很火的「云计算」以及分布式架构,本质上也是将后端服务器作为计算资源、存储资源,由某台管理服务器封装成一个服务对外提供,客户端不需要关心真正提供服务的是哪台机器,在它看来,就好像它面对的是一台拥有近乎无限能力的服务器,而本质上,真正提供服务的,是后端的集群。 继续阅读

CentOS / Redhat: Install nginx As Reverse Proxy Load Balancer

How do I configure nginx as failover reverse proxy load balancer in front of two Apache web servers under CentOS / RHEL 5.x?

nginx is a Web and Reverse proxy server. Nginx used in front of Apache Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the nginx proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers. 继续阅读

Nginx: Too Many Open Files Error And Solution

I‘m getting the following error in my nginx server error log file:

2010/04/16 13:24:16 [crit] 21974#0: *3188937 open() “/usr/local/nginx/html/50x.html” failed (24: Too many open files), client: 88.x.y.z, server: example.com, request: “GET /file/images/background.jpg HTTP/1.1”, upstream: “http://10.8.4.227:81//file/images/background.jpg”, host: “example.com”

2010/12/21 12:39:25 [crit] 20157#0: *230260 open() “/usr/local/nginx/html/50x.html” failed (24: Too many open files), client: 58.245.186.49, server: example.com, request: “GET /style/all.css HTTP/1.1”, host: “example.com”, referrer: “http://domain.com/x.php?…

2010/12/21 12:39:25 [alert] 20157#0: accept() failed (24: Too many open files)

继续阅读

Nginx限制IP,限制目录访问的设置

Nginx限制IP,限制目录访问的设置

根据nginx的文档:

ngx_http_access_module

This module provides a simple host-based access control.

Module ngx_http_access_module makes it possible to control access for specific IP-addresses of clients. Rules are checked in the order of their record to the first match.

Example configuration

location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
deny all;
}

In the above example access is only granted to networks 10.1.1.0/16 and 192.168.1.0/24 with the exception of the address 192.168.1.1.

When implementing many rules, it is generally better to use the ngx_http_geo_module.

根据这个文档,比如我要限制private这个目录的访问,用如下规则

location /private {
allow 192.168.1.0/24;
deny all;
}
location ~ \.php$ {
include fastcgi.conf;
}

这个时候实验会发现,private目录下的php之外的文件确实只有192.168.1.0这个网段的机器访问,但是php文件却依然可以访问,这是为什么哪? 因为nginx的匹配方式是正则表达式优先级比较高。因此PHP解析用的是正则表达式进行匹配,而要限制的目录如果不是用正则表达式,所以,就算是要限制的目录,因为PHP还是能被匹配到,所以,还是解析PHP了。 所以,如果想解决的话,需要把目录也写成正则匹配,而且要放在PHP的前面,否则就会先匹配PHP。

location ~ ^/private/ {
allow 192.168.1.0/24;
deny all;
}
location ~ \.php$ {
include fastcgi.conf;
}

改成这样以后,会发现php文件提示打开、保存,我点了保存以后,下载回来的文件就是明文的源代码。这又是为什么哪? 根据nginx的文档:

location

syntax: location [=|~|~*|^~] /uri/ { … }

default: no

context: server

This directive allows different configurations depending on the URI. It can be configured using both conventional strings and regular expressions. To use regular expressions, you must use the prefix ~* for case insensitive match and ~ for case sensitive match.

To determine which location directive matches a particular query, the conventional strings are checked first. Conventional strings match the beginning portion of the query and are case-sensitive – the most specific match will be used (see below on how nginx determines this). Afterwards, regular expressions are checked in the order defined in the configuration file. The first regular expression to match the query will stop the search. If no regular expression matches are found, the result from the convention string search is used.

在location中使用正则表达式去匹配的话,第一个匹配上的就不会再去匹配别的规则了,因此下面的那个匹配php文件的规则实际上被忽略了,因此php文件访问的时候就提示是打开还是保存了。

因此解决办法就是:单独把private目录下的php文件限制也写到规则里面,而且在php文件解析的规则之前:

location /private/ {
allow 192.168.1.0/24;
deny all;
}
location ~ ^/private/.*\.php$ {
allow 192.168.1.0/24;
deny all; include fastcgi.conf;
}
location ~ \.php$ {
include fastcgi.conf;
}

这样就可以实现我们的要求了,private目录下的文件都严格按照ip限制来访问,php文件也可以解析。

实例:

默认站点结构:

117.25.230.147 允许所有访问

117.25.230.147/test 限制访问

# Default site
server
{
listen       80;
server_name  117.25.230.147;
index index.html index.htm index.php;
root  /usr/local/apache/htdocs/noexist/;
location ^~ /test {
allow 117.25.229.128/27;
allow 117.25.230.128/27;
allow 117.57.251.32/27;
deny all;
location ~ .*\.php$
{
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
include        fcgi.conf;

}
}
location ~ \.php$
{
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#include        fastcgi_params;
include        fcgi.conf;
}
access_log  off;
}

Using Nginx As Reverse-Proxy Server On High-Loaded Sites

Two weeks ago we have started new version of one of our primary web projects and have started very massive advertisement campaign to promote this web site. As the result of that advertisements, our outgoing traffic has been increased to 200-250Mbit/s from only one server! In this article I will describe, how to build stable and efficient web site with two-layer architecture (with frontend + backend web servers) or how to modify your current server configuration to get additional resources to handle more requests. 继续阅读

Tuning Nginx for Best Performance

This article is part 2 of a series about building a high-performance web cluster powerful enough to handle 3 million requests per second. For this part of the project, you can use any web server you like. I decided to use Nginx, because it’s lightweight, reliable, and fast.

Generally, a properly tuned Nginx server on Linux can handle 500,000 – 600,000 requests per second. My Nginx servers consistently handle 904k req/sec, and have sustained high loads like these for the ~12 hours that I tested them.

It’s important to know that everything listed here was used in a testing environment, and that you might actually want very different settings for your production servers.

Install the Nginx package from the EPEL repository. 继续阅读

强大的负载均衡+静态文件WEB服务器nginx实战

强大的负载均衡+静态文件WEB服务器nginx实战
当前比较流行的负载均衡前端服务器主要有apache(with mod_proxy),nginx,lighttpd,squid,perlbal,pound,或者如果你的域名服务商提供DNS级别的负载均衡,也可以(就是一个域名随机指向多个IP,定制性不高)。

以前自己常用pound作为前端,它专注于负载均衡,支持https协议,配置还算简单,不过渐渐发现功能不够强大,转而研究其他一些既可以做负载均衡,又能做web服务器的高性能工具吧。Perlbal是第一个看的,大牛Danga的杰作,它们开发的memcached(分布式内存cache系统)非常好用,Perlbal也不差,虽然是基于Perl的,速度上比纯C开发的可能稍逊,但不得不说Danga大牛实力非凡。不过公司的机器都是perl5.8.5,而Perlbal必须perl5.8.8以上,升级可能有兼容性问题,故只能作罢。 继续阅读