Location 语法规则: location [=|~|~*|^~] /uri/ { … }
= 开头表示精确匹配
^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即可。nginx不对url做编码,因此请求为/static/20%/aa,可以被规则^~ /static/ /aa匹配到(注意是空格)。
~ 开头表示区分大小写的正则匹配
~* 开头表示不区分大小写的正则匹配
!~和!~*分别为区分大小写不匹配及不区分大小写不匹配 的正则
/ 通用匹配,任何请求都会匹配到。
多个location配置的情况下匹配顺序为(参考资料而来,还未实际验证,试试就知道了,不必拘泥,仅供参考):
首先匹配 =,其次匹配^~, 其次是按文件中顺序的正则匹配,最后是交给 / 通用匹配。当有匹配成功时候,停止匹配,按当前匹配规则处理请求。
例子,有如下匹配规则:
#规则A
}
location = /login {
#规则B
}
location ^~ /static/ {
#规则C
}
location ~ \.(gif|jpg|png|js|css)$ {
#规则D
}
location ~* \.png$ {
#规则E
}
location !~ \.xhtml$ {
#规则F
}
location !~* \.xhtml$ {
#规则G
}
location / {
#规则H
}
那么产生的效果如下:
访问根目录/, 比如http://localhost/ 将匹配规则A
访问 http://localhost/login 将匹配规则B,http://localhost/register 则匹配规则H
访问 http://localhost/static/a.html 将匹配规则C
访问 http://localhost/a.gif, http://localhost/b.jpg 将匹配规则D和规则E,但是规则D顺序优先,规则E不起作用, 而 http://localhost/static/c.png 则优先匹配到 规则C
访问 http://localhost/a.PNG 则匹配规则E, 而不会匹配规则D,因为规则E不区分大小写。
访问 http://localhost/a.xhtml 不会匹配规则F和规则G,http://localhost/a.XHTML不会匹配规则G,因为不区分大小写。规则F,规则G属于排除法,符合匹配规则但是不会匹配到,所以想想看实际应用中哪里会用到。
访问 http://localhost/category/id/1111 则最终匹配到规则H,因为以上规则都不匹配,这个时候应该是nginx转发请求给后端应用服务器,比如FastCGI(php),tomcat(jsp),nginx作为方向代理服务器存在。
所以实际使用中,个人觉得至少有三个匹配规则定义,如下:
#这里是直接转发给后端应用服务器了,也可以是一个静态首页
# 第一个必选规则
location = / {
proxy_pass http://tomcat:8080/index
}
# 第二个必选规则是处理静态文件请求,这是nginx作为http服务器的强项
# 有两种配置模式,目录匹配或后缀匹配,任选其一或搭配使用
location ^~ /static/ {
root /webroot/static/;
}
location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ {
root /webroot/res/;
}
#第三个规则就是通用规则,用来转发动态请求到后端应用服务器
#非静态文件请求就默认是动态请求,自己根据实际把握
#毕竟目前的一些框架的流行,带.php,.jsp后缀的情况很少了
location / {
proxy_pass http://tomcat:8080/
}
未试验过的其他信息:
三、ReWrite语法
last – 基本上都用这个Flag。
break – 中止Rewirte,不在继续匹配
redirect – 返回临时重定向的HTTP状态302
permanent – 返回永久重定向的HTTP状态301
1、下面是可以用来判断的表达式:
-f和!-f用来判断是否存在文件
-d和!-d用来判断是否存在目录
-e和!-e用来判断是否存在文件或目录
-x和!-x用来判断文件是否可执行
2、下面是可以用作判断的全局变量
例:http://localhost:88/test1/test2/test.php
$host:localhost
$server_port:88
$request_uri:http://localhost:88/test1/test2/test.php
$document_uri:/test1/test2/test.php
$document_root:D:\nginx/html
$request_filename:D:\nginx/html/test1/test2/test.php
四、Redirect语法
listen 80;
server_name start.igrow.cn;
index index.html index.php;
root html;
if ($http_host !~ “^star\.igrow\.cn$" {
rewrite ^(.*) http://star.igrow.cn$1 redirect;
}
}
五、防盗链
valid_referers none blocked start.igrow.cn sta.igrow.cn;
if ($invalid_referer) {
rewrite ^/ http://$host/logo.png;
}
}
六、根据文件类型设置过期时间
if (-f $request_filename) {
expires 1h;
break;
}
}
七、禁止访问某个目录
root /data/www/wwwroot/linuxtone/test;
deny all;
}
一些可用的全局变量
$args
$content_length
$content_type
$document_root
$document_uri
$host
$http_user_agent
$http_cookie
$limit_rate
$request_body_file
$request_method
$remote_addr
$remote_port
$remote_user
$request_filename
$request_uri
$query_string
$scheme
$server_protocol
$server_addr
$server_name
$server_port
$uri
问题:nginx+fastcgi+php+某论坛程序的环境下,通过论坛上传的比较大(500KB)的文件下载后体积变小了。而较小的文件(100KB)则安然无恙。
用WinHex比较,可以看到文件从中间被截断了,并且没有多出任何内容。使用经多次测试,每次下载的大小在64KB左右(小于64KB),但不相 同。下载到64KB左右的时候卡住了,几秒钟之后下载进度直接跳到100%,显示下载完成。为排除伟大的墙的因素,翻 墙测试,每次下载的大小在127KB左右。
找到论坛源代码,可以看到使用的是php的readfile()进行文件输出,而在输出前已经写入了content-length header。通过HttpFox进行观察,content-length的大小是正确的文件大小。
由于64KB这个大小比较敏感,所以去代码里找了有没有循环缓存读取文件的地方,并没有发现。readfile()直接读取全部内容进行输出。
为了排查,先将服务器切换到httpd(mod_php),则恢复正常,也就是说问题很可能在nginx和fastcgi上。
检查nginx.conf,注意到这个地方:
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
它的值正好等于64K,也就是说问题可能和它有关。将其修改为16K,重启nginx服务,重新下载,这次文件的大小变成了16KB左右。
检查日志发现这么一行:
2010/07/15 02:11:40 [crit] 6064#0: *112 open() "/var/lib/nginx/tmp/fastcgi/1/00/0000000001" failed (13: Permission denied)
nginx会使用fastcgi_buffer_size指定的大小的缓冲区用于缓存fastcgi流的内容。当大小超出此大小时会继续用fastcgi_buffers指定的数量和大小申请缓冲区。如果依然超出此大小,会将多出的内容写入临时文件。
也就是说,在本情况下,nginx首先会使用一个64K的缓冲区缓冲fastcgi流的第一部分,超出后最多申请4*64K=256K的缓冲区用于缓冲。如果继续超出,则写入临时文件。
下载100KB的文件时,内存完全足够,不用写入临时文件,所以没有问题。
下载500KB的文件,64KB+64KB*4已经装不下这个文件,需要使用临时文件。
而日志中反应的就是nginx无权写入临时文件。我不清楚nginx在这里具体是如何实现的,个人猜测可能在写入失败后就放弃了后面4个缓冲区,发 送完第一个缓冲区后就停止发送。如果是这样,一旦超过keep-alive的时间,服务器会断开tcp连接,浏览器认为文件下载完成。考虑header的 大小,浏览器下载的文件略小于64KB。这样一来就能够解释通观察到的现象。
将目录权限问题修正后,问题解决。
有时间研究下nginx的源码,进一步确认该解决方法的有效性。
LNMP配置一例,没有过多的说明文字,几乎是纯安装步骤了,不过,仔细研读,定有收获哦。
/usr/sbin/ntpdate ntp.api.bz
service crond restart
crontab -e
* 3 * * * /usr/sbin/ntpdate ntp.api.bz
vi /etc/profile
ulimit -n 65535
PATH=$PATH:/usr/local/mysql/bin/
alias vi=vim
ulimit -l 4096
PATH=$PATH:/usr/local/mysql/bin/
cd /usr/src
wget http://ftp.jaist.ac.jp/pub/mysql/Downloads/MySQL-5.1/mysql-5.1.57.tar.gz
tar xvzf mysql-5.1.57.tar.gz
cd mysql-5.1.57
./configure --prefix=/usr/local/mysql --datadir=/data/mysql --with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static --with-plugins=myisam,innobase --with-ssl --with-server-suffix --with-pthread --with-charset=utf8 --with-extra-charsets=gbk,gb2312 --enable-assembler --enable-profiling --with-low-memory --with-big-tables
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chmod 700 /etc/init.d/mysqld
chkconfig mysqld on
groupadd -g 1000 mysql
useradd -g 1000 -u 1000 -d /dev/null -s /sbin/nologin mysql
cd /usr/local/mysql
chown -R mysql.mysql .
bin/mysql_install_db --datadir=/data/mysql --user=mysql
chown -R root .
chown -R mysql.mysql /data/mysql
bin/mysqld_safe --datadir=/data/mysql --user=mysql &
echo 'PATH=$PATH:/usr/local/mysql/bin/' >> /etc/profile
source /etc/profile
groupadd -g 1100 www
useradd -g 1100 -u 1100 -d /dev/null -s /sbin/nologin www
cd /usr/src
tar xvjf pcre-8.12.tar.bz2
cd pcre-8.12
./configure
make
make install
cd /usr/src
wget http://labs.frickle.com/files/ngx_cache_purge-1.3.tar.gz
tar xvzf ngx_cache_purge-1.3.tar.gz
wget http://nginx.org/download/nginx-0.8.55.tar.gz
tar xvzf nginx-0.8.55.tar.gz
cd nginx-0.8.55
./configure --prefix=/usr/local/nginx --with-pcre --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --add-module=../ngx_cache_purge-1.3
make
make install
echo '/usr/local/nginx/sbin/nginx' >> /etc/rc.local
cd /usr/src
tar xvzf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure --prefix=/usr/local/libiconv
make
make install
cd /usr/src
tar xvjf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure
make
make install
cd ./libltdl
./configure --enable-ltdl-install
make
make install
echo '/usr/local/lib/' >> /etc/ld.so.conf
ldconfig -v
cd /usr/src
tar xvjf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9
./configure
make
make install
cd /usr/src
tar xvzf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make
make install
cd /usr/src
tar xvzf t1lib-5.0.0.tar.gz
cd t1lib-5.0.0
./configure --host=i386
make without_doc
make install
cd /usr/src
wget http://museum.php.net/php5/php-5.2.10.tar.bz2
tar xvjf php-5.2.10.tar.bz2
wget http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.11.diff.gz
gzip -cd php-5.2.10-fpm-0.5.11.diff.gz |patch -d php-5.2.10 -p1
cd php-5.2.10
./configure --prefix=/usr/local/php --enable-fastcgi --enable-force-cgi-redirect --with-mysql=/usr/local/mysql --with-pdo-mysql=/usr/local/mysql --with-curl --with-libxml-dir --with-libexpat-dir --with-gd --with-jpeg-dir --with-zlib-dir --with-png-dir --with-freetype-dir --with-t1lib --enable-gd-native-ttf --with-ttf --enable-soap --enable-sockets --enable-dom --enable-sysvshm=yes --enable-ftp --enable-calendar --enable-sockets --with-db4 --enable-fpm --with-bz2 --with-iconv=/usr/local/libiconv --with-gettext --enable-mbstring --with-mhash --with-mcrypt --with-mime-magic --with-openssl --disable-cli
make
make install
cp php.ini-dist /usr/local/php/lib/php.ini
#cd /usr/src
#tar xvjf php-5.3.6.tar.bz2
#cd php-5.3.6
#./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql/ --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local/libconv --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-mhash --with-gd --with-zlib-dir --with-libxml-dir --enable-xml --enable-safe-mode --enable-shmop --with-curl --enable-zip --enable-soap --enable-mbstring --with-openssl-dir --enable-gd-native-ttf --with-mhash --enable-fpm
#make
#make install
#cp php.ini-production /usr/local/php/lib/php.ini
cd /usr/src
tar xvjf ImageMagick-6.7.1-7.tar.bz2
cd ImageMagick-6.7.1-7
./configure --prefix=/usr/local/imagemagick
make
make install
cd /usr/src
tar xvzf MagickWandForPHP-1.0.8.tar.gz
cd MagickWandForPHP-1.0.8
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-magickwand=/usr/local/imagemagick
make
make install
cd /usr/src
tar xvjf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make
make install
mkdir -p /usr/local/php/eaccelerator_cache
cd /usr/src
tar xvzf memcache-3.0.6.tgz
cd memcache-3.0.6
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd /usr/src
tar xvzf libevent-2.0.12-stable.tar.gz
cd libevent-2.0.12-stable
./configure --prefix=/usr/local/libevent
make && make install
cd /usr/src
tar xvzf memcached-1.4.6.tar.gz
cd memcached-1.4.6
./configure --prefix=/usr/local/memcache --with-libevent=/usr/local/libevent/
make
make install
vi /usr/local/php/lib/php.ini
extension_dir="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613"
output_buffering=On
data.timezone=Asia/Shanghai
[magickwand]
extension=magickwand.so
[eAccelerator]
extension=eaccelerator.so
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/usr/local/php/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.check_mtime="1"
eaccelerator.debut="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="300"
eaccelerator.shm_prune_period="120"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator
[memcache]
extension=memcache.so
配置php-fpm
cd /usr/local/php/etc/
cp php-fpm.conf php-fpm.conf.bk
vi php-fpm.conf
<?xml version="1.0" ?>
<configuration>
All relative paths in this config are relative to php's install prefix
<section name="global_options">
Pid file
<value name="pid_file">/usr/local/php/logs/php-fpm.pid</value>
Error log file
<value name="error_log">/usr/local/php/logs/php-fpm.log</value>
Log level
<value name="log_level">notice</value>
When this amount of php processes exited with SIGSEGV or SIGBUS ...
<value name="emergency_restart_threshold">10</value>
... in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
<value name="emergency_restart_interval">1m</value>
Time limit on waiting child's reaction on signals from master
<value name="process_control_timeout">5s</value>
Set to 'no' to debug fpm
<value name="daemonize">yes</value>
</section>
<workers>
<section name="pool">
Name of pool. Used in logs and stats.
<value name="name">default</value>
Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
<value name="listen_address">127.0.0.1:9000</value>
<value name="listen_options">
Set listen(2) backlog
<value name="backlog">-1</value>
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
<value name="owner"></value>
<value name="group"></value>
<value name="mode">0666</value>
</value>
Additional php.ini defines, specific to this pool of workers.
<value name="php_defines">
<!-- <value name="sendmail_path">/usr/sbin/sendmail -t -i</value> -->
<value name="display_errors">1</value>
</value>
Unix user of processes
<value name="user">www</value>
Unix group of processes
<value name="group">www</value>
Process manager settings
<value name="pm">
Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
<value name="style">static</value>
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
<value name="max_children">150</value>
Settings group for 'apache-like' pm style
<value name="apache_like">
Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
<value name="StartServers">40</value>
Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MinSpareServers">45</value>
Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MaxSpareServers">65</value>
</value>
</value>
The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when 'max_execution_time' ini option does not stop script execution for some reason
'0s' means 'off'
<value name="request_terminate_timeout">0s</value>
The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
'0s' means 'off'
<value name="request_slowlog_timeout">0s</value>
The log file for slow requests
<value name="slowlog">logs/slow.log</value>
Set open file desc rlimit
<value name="rlimit_files">65535</value>
Set max core size rlimit
<value name="rlimit_core">4096</value>
Chroot to this directory at the start, absolute path
<value name="chroot"></value>
Chdir to this directory at the start, absolute path
<value name="chdir"></value>
Redirect workers' stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
<value name="catch_workers_output">yes</value>
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value name="max_requests">51200</value>
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
<value name="allowed_clients">127.0.0.1</value>
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
<value name="environment">
<value name="HOSTNAME">$HOSTNAME</value>
<value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
<value name="TMP">/tmp</value>
<value name="TMPDIR">/tmp</value>
<value name="TEMP">/tmp</value>
<value name="OSTYPE">$OSTYPE</value>
<value name="MACHTYPE">$MACHTYPE</value>
<value name="MALLOC_CHECK_">2</value>
</value>
</section>
</workers>
</configuration>
/usr/local/php/sbin/php-fpm start
echo '/usr/local/php/sbin/php-fpm start' >> /etc/rc.local
nginx配置文件
vi /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes 16;
error_log logs/error.log debug;
pid logs/nginx.pid ;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
##fastcgi 404 错误跳转
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
client_max_body_size 10m;
# proxy_temp_path /data/www/tempdir;
# proxy_cache_path /data/www/cachedir; levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name stat.manwrx.com;
location / {
stub_status on;
access_log off;
}
}
server {
listen 80;
server_name www.manwrx.com;
index index.php;
root /data/www;
location ~ .*\.(php|phps)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
####404错误跳转##
error_page 404 = /404.html;
location ~ /\.ht {
deny all;
}
location ~ .*\.svn$ {
deny all;
}
location ~ .*\.(js|css)?$
{
expires 6h;
}
location ~ .*\.(gif|jpg|jpeg|png|swf|bmp)?$ {
expires 6d;
}
}
}
}
###压力测试工具http://home.tiscali.cz/~cz210552/distfiles/webbench-1.5.tar.gz
vi /etc/sysctl.conf
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296