nginx+memcache配置+性能优化，nginxmemcache

一、openresty

1、编译

[root@server6 ~]# tar zxf openresty-1.13.6.1.tar.gz 
[root@server6 ~]# cd openresty-1.13.6.1
[root@server6 openresty-1.13.6.1]# ./configure --prefix=/usr/local/lnmp/openresty

2、安装

[root@server6 openresty-1.13.6.1]# gmake && gmake install 

3、修改openresty自带nginx配置文件
vim /usr/local/lnmp/openresty/nginx/conf/nginx.conf

 17 http {
 18         upstream memcache {
 19                 server 172.25.9.6:11211;
 20                 keepalive 512;
 21         }
 22     include       mime.types;
 23     default_type  application/octet-stream;
 47         location / {
 48             root   html;
 49             index  index.html index.htm;
 50         }
 51         location /memc {
 52         internal;
 53         memc_connect_timeout 100ms;
 54         memc_send_timeout 100ms;
 55         memc_read_timeout 100ms;
 56         set $memc_key $query_string;
 57         set $memc_exptime 300;
 58         memc_pass memcache;
 59         }
 77         location ~ \.php$ {
 78                 set $key $uri$args;
 79                 srcache_fetch GET /memc $key;
 80                 srcache_store PUT /memc $key;
 81             root           html;
 82             fastcgi_pass   127.0.0.1:9000;
 83             fastcgi_index  index.php;
 84        #     fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
 85             include        fastcgi.conf;
 86         }

开启memcached，php-fpm，nginx

[root@server6 ~]# /etc/init.d/php-fpm start 
Starting php-fpm  done
[root@server6 ~]# /etc/init.d/memcached restart 
Stopping memcached:                                        [  OK  ]
Starting memcached:                                        [  OK  ]
[root@server6 ~]# /usr/local/lnmp/openresty/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/lnmp/openresty/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/openresty/nginx/conf/nginx.conf test is successful
[root@server6 ~]# /usr/local/lnmp/openresty/nginx/sbin/nginx 

4、测试

Nginx 没有添加 Memcache 模块，Php 有 Memcache 模块

[kiosk@foundation9 Desktop]$ ab -c 1 -n 1000 http://172.25.12.1/example.php

Time taken for tests:   0.362 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Requests per second:    2761.68 [#/sec] (mean)

[kiosk@foundation9 Desktop]$ ab -c 1 -n 1000 http://172.25.12.1/index.php

Time taken for tests:   2.328 seconds
Complete requests:      1000
Failed requests:        97

Requests per second:    429.56 [#/sec] (mean)


Nginx 添加 Memcahche 模块，Php 相当于 “双 Memcache”

[kiosk@foundation9 Desktop]$ ab -c 1 -n 1000 http://172.25.12.1/example.php

Time taken for tests:   0.405 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Requests per second:    2468.97 [#/sec] (mean)


[kiosk@foundation9 Desktop]$ ab -c 1 -n 1000 http://172.25.12.1/index.php

Time taken for tests:   0.491 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Requests per second:    2037.92 [#/sec] (mean)

二、nginx访问限制限制

1、内核连接限制（高并发限制）
vim /usr/local/lnmp/openresty/nginx/conf/nginx.conf

 36     limit_conn_zone $binary_remote_addr zone=addr:10m;
  51         location /download/ {
 52         limit_conn addr 1;
 53         }

104  mkdir download 
  105  cd download/

在该目录下复制图片一张，重启openresty自带的nginx
2、物理主机测试：
ab -c 5 -n 100 http://172.25.9.6/download/vi.png
3、查看nginx错误日志
cat /usr/local/lnmp/nginx/logs/error.log
三、访问重定向

1、修改配置文件 /usr/local/lnmp/openresty/nginx/conf/nginx.conf

 37     charset utf8;  ##字符集
125 server {
126         listen 80;
127         server_name www.test.org;
128         ##重定向 （301永久，302临时）
129         rewrite ^/(.*)$ https://www.test.org/$1 permanent;
130 #       location / {
131 #               root /www1;
132 #               index index.html;
133 #       }
134 }

[root@server1 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 nginx]# nginx -s reload

2、物理主机命令行测试：

[kiosk@foundation12 Desktop]$ curl -I www.test.org/test.html
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 03 Jul 2018 06:13:58 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.test.org/test.html

3、物理主机网页测试（域名解析）

注意：https设置时，默认发布目录为 /www1，所以，当访问配置文件中（$1文件必须存在）

[root@server1 nginx]# mv html/test.html /www1/

129         rewrite ^/(.*)$ https://www.test.org/$1 permanent;

119         location / {
120             root   /www1;
121             index  index.html index.htm;
122         }

4、反向重定向

当访问 bbs.test.org 时跳转到 http://www.test.org/bbs

126 server
127         listen 80;
128         server_name www.test.org bbs.test.org;
129 
130         #rewrite ^/(.*)$ https://www.test.org/$1 permanent;
131         #rewrite ^/bbs/(.*)$ https://www.test.org/$1 permanent;
132         if ($host = "bbs.test.org") {
133         rewrite ^/(.*)$ http://www.test.org/bbs/$1 permanent;
134         }
135 
136         location / {
137                 root /www1;
138                 index index.html;
139         }
140 }

[kiosk@foundation12 Desktop]$ curl -I bbs.test.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 03 Jul 2018 07:02:12 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.test.org/bbs/

[kiosk@foundation12 Desktop]$ curl -I bbs.test.org/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 03 Jul 2018 07:02:27 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.test.org/bbs/index.html

5、防止恶意的域名解析

当别人访问 IP 时，重定向到合法的网站上

[root@server1 nginx]# vim conf/nginx.conf

 39     server {
 40         listen       80;
 41         server_name  _;  ##不设置域名
 42         rewrite ^/(.*) http://www.test.org permanent;



[kiosk@foundation12 Desktop]$ curl -I 172.25.12.1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 03 Jul 2018 07:05:10 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.test.org

6、缓存过期时间
访问图片时，设置过期时间,只适用静态！！动态页面不要做缓存！！

141         location ~ .*\.(png|jpg|gif)$ {
142                 expires 30d;
143                 root /www1;
144         }

[kiosk@foundation12 Desktop]$ curl -I www.test.org/IMG_3210.jpg
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jul 2018 08:00:13 GMT
Content-Type: image/jpeg
Content-Length: 10340120
Last-Modified: Tue, 03 Jul 2018 07:56:31 GMT
Connection: keep-alive
ETag: "5b3b2c2f-9dc718"
Expires: Thu, 02 Aug 2018 08:00:13 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

7、访问控制
拒绝 172.25.12.250 主机访问

136         location / {
137                 root /www1;
138                 index index.html;
139                 deny 172.25.12.250;
140         }

[kiosk@foundation12 Desktop]$ curl -I www.test.org
HTTP/1.1 403 Forbidden
Server: nginx
Date: Tue, 03 Jul 2018 08:02:29 GMT
Content-Type: text/html; charset=utf8
Content-Length: 162
Connection: keep-alive

8、状态查询
访问 www.test.org/status 看到状态，不收集此类日志；

147         location /status {
148                 stub_status     on;
149                 access_log      off;
150         }
151 
152 }

网页访问：http://www.test.org/status

Active connections: 2 
server accepts handled requests
 143 143 148 
Reading: 0 Writing: 1 Waiting: 1 

9、日志截断

便于日志整理，每天凌晨截断日志，生成新的空白日志文件（可编写脚本）

[root@server1 logs]# date +%F
2018-07-03
[root@server1 logs]# date +%F -d -1day
2018-07-02
[root@server1 logs]# mv access.log access-$(date +%F -d -1day).log 
[root@server1 logs]# ls
access-2018-07-02.log  error.log  nginx.pid
[root@server1 logs]# nginx -s reload
[root@server1 logs]# ls
access-2018-07-02.log  access.log  error.log  nginx.pid

10、防盗链

##另开虚拟机，配置nginx  
下载安装 nginx-1.8.0-1.el6.ngx.x86_64.rpm

[root@server2 ~]# rpm -ivh nginx-1.8.0-1.el6.ngx.x86_64.rpm 
warning: nginx-1.8.0-1.el6.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Preparing...                ########################################### [100%]
   1:nginx                  ########################################### [100%]
----------------------------------------------------------------------

[root@server2 conf.d]# cd /usr/share/nginx/html/
[root@server2 html]# vim test.html
<html>
<body>

<img src="http://www.test.org/IMG_3210.jpg">

</body>

</html>

[root@server2 html]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]

##[root@server2 html]# curl localhost 测试ok即可

####server1主机做防盗链设置

126 server {
127         listen 80;
128         server_name www.test.org;
129         root /www1;
130         #rewrite ^/(.*)$ https://www.test.org/$1 permanent;
131         #rewrite ^/bbs/(.*)$ https://www.test.org/$1 permanent;
132 #       if ($host = "bbs.test.org") {
133 #       rewrite ^/(.*)$ http://www.test.org/bbs/$1 permanent;
134 #       }
135 
136         location / {
137                 root /www1;
138                 index index.html;
139         #       deny 172.25.12.250;
140         }
141 
142         location ~ .*\.(png|jpg|gif)$ {
143                 #expires 30d;
144                 #root /www1;
145                 valid_referers none blocked www.test.org;
146                 if ($invalid_referer) {
147                 #return 403;
148                 rewrite ^/ http://bbs.test.org/daolian.jpg;
149                 }
150         }
151 
152         location /status {
153                 stub_status     on;
154                 access_log      off;
155         }
156 
157 }
158 
159 server {
160         listen 80;
161         server_name bbs.test.org;
162 
163         location / {
164                 root /www2;
165                 index index.html;
166         }
167 }

[root@server1 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 www2]# nginx -s reload


[root@server1 www2]# pwd
/www2
[root@server1 www2]# ls
daolian.jpg  index.html

####再次访问172.25.12.2/test.html时，1主机把信息重定向 http://bbs.test.org/daolian.jpg；