Differences

This shows you the differences between two versions of the page.

--- nginxarchitecture [2016/01/06 07:44] – [Optimize nginx configuration and benchmark] admin
+++ nginxarchitecture [2024/10/27 02:55] (current) – [Basic Nginx Configuration] admin
@@ Line 1: / Line 1: @@
-====== nginx architecture ======
+====== nginx with PHP-FPM ======
 refer:
   * http://www.aosabook.org/en/nginx.html
@@ Line 26: / Line 26: @@
   * Since Nginx comes only with core features that are required for a web server, **it is lightweight when compared to Apache**.
   * The performance and scalability of Nginx is not completely dependent on hardware resources, whereas the performance and scalability of the Apache is dependent on underlying hardware resources like memory and CPU.
+===== Basic Nginx Configuration =====
+Some basic directives:
+  * Location (refer: https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/)<code ini>
+user nobody; # a directive in the 'main' context
+events {
+    # configuration of connection processing
+}
+http {
+    # Configuration specific to HTTP and affecting all virtual servers
+    server {
+        # configuration of HTTP virtual server 1
+        location /one {
+            # configuration for processing URIs starting with '/one'
+        }
+        location /two {
+            # configuration for processing URIs starting with '/two'
+        }
+    }
+    server {
+        # configuration of HTTP virtual server 2
+    }
+}
+stream {
+    # Configuration specific to TCP/UDP and affecting all virtual servers
+    server {
+        # configuration of TCP virtual server 1
+    }
+}
+</code>
+  * request_filename (refer: https://docs.nginx.com/nginx/admin-guide/web-server/web-server/)<code>
+if (!-e $request_filename) { rewrite ^ /path/index.php last; }
+</code> => This checks whether there is a file, directory, or symbolic link that **matches the $request_filename**. If such a file is **not found**, the connection is being **redirected to /path/index.php**.
+  * try_files (refer https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/)<code>
+location / {
+    try_files $uri $uri/ $uri.html =404;
+}
+</code><code>
+location / {
+    try_files $uri $uri/ /test/index.html;
+}
+</code> => you probably understand:<code>
+location / => matches all locations**
+try_files $uri =>try $uri first, for example http://example.com/images/image.jpg nginx will try to check if there's a file inside /images called image.jpg if found it will serve it first.
+$uri/=> which means if you didn't find the first condition $uri try the URI as a directory
+</code>
 ===== Optimize nginx configuration for performance and benchmark =====
 refer:
+  * http://www.freshblurbs.com/blog/2015/11/28/high-load-nginx-config.html
   * http://tweaked.io/guide/nginx/
   * http://wiki.nginx.org/FullExample
@@ Line 42: / Line 93: @@
 events {
-    worker_connections  8096;
+    worker_connections  8192;
     multi_accept        on;
     use                 epoll;
@@ Line 89: / Line 140: @@
 ==== Nginx Request / Upload Max Body Size (client_max_body_size) ====
-If you want to allow users upload something or upload personally something over the HTTP then you should maybe **increase post size**. It can be done with **client_max_body_size** value which goes under **http/server/location section**. On default it’s **1 Mb**, but it can be **set example to 20 Mb** and also **increase buffer size** with following configuration:<code>
+If you want to allow users upload something or upload personally something over the HTTP then you should maybe **increase post size**. It can be done with **client_max_body_size** value inside **http {…}**. On default it’s **1 Mb**, but it can be **set example to 20 Mb** and also **increase buffer size** with following configuration :<code>
 client_max_body_size 20m;
 client_body_buffer_size 128k;
@@ Line 138: / Line 189: @@
   * benchmark load speed from other countries from http://www.webpagetest.org/
 => with above benchmarch for static file ab -n 20 -c 4 http://shop.babies.vn/media/js/af1ae2e07ff564e3d1499f7eb7aecdf9.js(size 400k), we can see the problem for performance because the network or bandwidth
+===== Nginx Rewrite Rules and Regular Expression =====
+refer: https://blog.nginx.org/blog/creating-nginx-rewrite-rules
+<code>
+# -----------------------------------------------------------------------------------------
+#     ~     : Enable regex mode for location (in regex ~ mean case-sensitive match)
+#     ~*    : case-insensitive match
+#     |     : Or
+#     ()    : Match group or evaluate the content of ()
+#     $     : the expression must be at the end of the evaluated text
+#             (no char/text after the match) $ is usually used at the end of a regex
+#             location expression.
+#     ?     : Check for zero or one occurrence of the previous char ex jpe?g
+#     ^~    : The match must be at the beginning of the text, note that nginx will not perform
+#             any further regular expression match even if an other match is available
+#             (check the table above); ^ indicate that the match must be at the start of
+#             the uri text, while ~ indicates a regular expression match mode.
+#             example (location ^~ /realestate/.*)
+#             Nginx evaluation exactly this as don't check regexp locations if this
+#             location is longest prefix match.
+#     =     : Exact match, no sub folders (location = /)
+#     ^     : Match the beginning of the text (opposite of $). By itself, ^ is a
+#             shortcut for all paths (since they all have a beginning).
+#     .*    : Match zero, one or more occurrence of any char
+#     \     : Escape the next char
+#     .     : Any char
+#     *     : Match zero, one or more occurrence of the previous char
+#     !     : Not (negative look ahead)
+#     {}    : Match a specific number of occurrence ex. [0-9]{3} match 342 but not 32
+#             {2,4} match length of 2, 3 and 4
+#     +     : Match one or more occurrence of the previous char
+#     []    : Match any char inside
+# --------------------------------------------------------------------------------------------
+</code>
+===== PHP-FPM Config and Optimize =====
+refer:
+  * https://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/
+  * https://tweaked.io/guide/nginx/
+**global** config for all pools:<code>
+[global]
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; in a local file.
+; Note: the default prefix is /usr/local/php/var
+; Default Value: log/php-fpm.log
+;error_log = log/php-fpm.log
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+; The maximum number of processes FPM will fork. This has been design to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+</code>
+**pool** www config:<code>
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+</code>
+==== PHP-FPM Global Configuration Tweaks ====
+Set up **emergency_restart_threshold, emergency_restart_interval and process_control_timeout**. **Default values** for these options **are totally off**, but I think it’s better use these options example like following in **php-fpm.conf**(we can off for performance):<code>
+emergency_restart_threshold 10
+emergency_restart_interval 1m
+process_control_timeout 10s
+</code>
+What this mean? So if **10 PHP-FPM child** processes exit with SIGSEGV or SIGBUS within 1 minute*then **PHP-FPM restart automatically**. This configuration also **sets 10 seconds time limit for child processes to wait for a reaction** on signals from master.
+(In some case, the php-fpm child processes full memory and can't process the request, these configurations will automatically restart the php-fpm child processes)
+==== PHP-FPM Pools Configuration ====
+=== Basic Config ===
+Default php-fpm will use pool **[www]** to configuration for all site. In advance, it’s possible to use **different pools** for different sites and **allocate resources very accurately** and even use **different users and groups for every pool**. Following is just example configuration files structure for PHP-FPM pools for three different sites (or actually three different part of same site):<code>
+/etc/php-fpm.d/site.conf
+/etc/php-fpm.d/blog.conf
+/etc/php-fpm.d/forums.conf
+</code>
+Or config in php-fpm.conf<code>
+; Relative path can also be used. They will be prefixed by:
+;  - the global prefix if it's been set (-p argument)
+;  - /onec/php otherwise
+;include=etc/fpm.d/*.conf
+</code>(Create directory **/onec/php/etc/fpm.d/**)
+Just example configurations for every pool:
+  * default pool [www](listen on port 9000)<code>
+[www]
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /onec/php) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+;       will be used.
+user = nobody
+group = nobody
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
+;                            specific port;
+;   '[::]:port'            - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = 127.0.0.1:9000
+</code>
+  * /etc/php-fpm.d/site.conf<code>
+[site]
+listen = 127.0.0.1:9000
+user = site
+group = site
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-site.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 3
+pm.min_spare_servers = 2
+pm.max_spare_servers = 4
+pm.max_requests = 200
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code> =>pool **[site] use port 9000**
+  * /etc/php-fpm.d/blog.conf<code>
+[blog]
+listen = 127.0.0.1:9001
+user = blog
+group = blog
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-blog.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 4
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 200
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code>=>pool **[blog] use port 9001**
+  * /etc/php-fpm.d/forums.conf<code>
+[forums]
+listen = 127.0.0.1:9002
+user = forums
+group = forums
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-forums.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 3
+pm.min_spare_servers = 2
+pm.max_spare_servers = 4
+pm.max_requests = 400
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code> =>pool **[forums] use port 9002**
+So this is just example howto configure multiple different size pools.
+=== Optimize config ===
+Example Config:<code bash>
+process.max = 15
+pm.max_children = 100
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 15
+pm.max_requests = 1000
+</code>
+**process.max**: The **maximum number of processes FPM will fork**. This has been design to **control the global number of processes when using dynamic PM within a lot of pools**
+The configuration variable **pm.max_children** controls the maximum amount of FPM processes that can ever run at the same time. This value can be calculate like this :<code>
+pm.max_children = total RAM - (500MB) / average process memory
+</code>
+  * To find the average process memory:<code bash>
+ps -ylC php-fpm --sort:rss | awk '!/RSS/ { s+=$8 } END { printf "%s\n", "Total memory used by PHP-FPM child processes: "; printf "%dM\n", s/1024 }'
+</code>=> get **total memory** used by all php-fpm process base on basic command **ps -ylC php-fpm**. Then get number of php-fpm processes:<code bash>
+ps -ylC php-fpm --sort:rss | grep php-fpm | wc -l
+</code>And the average process memory:<code>
+Avg Memory = Total Memory/number of process
+</code>
+  * Why **500MB** ? Depends **of what is running on your system**, but you want to keep memory for nginx (about 20MB), MySql and others services.
+Other configs:
+  * **pm.start_servers**: The number of children created on startup. Value must be between pm.min_spare_servers and pm.max_spare_servers.<code>
+pm.start_servers = (pm.max_spare_servers + pm.min_spare_servers)/2
+</code>
+  * **pm.max_requests**: We want to keep it hight to prevent server respawn. Note: **If you have a memory leak** in your PHP code **decrease this value to recreate it quickly and free the memory**.
+===== Nginx Security =====
+refer:
+  * List nginx security issues: http://nginx.org/en/security_advisories.html
+  * http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html