1.10 ITPro nginx MSP http://heartbeats.jp/12013-05-18nginx

2. : @ttkzw : 24365 MSP nginx nginx http://heartbeats.jp/hbblog/nginx/ Software Design 2012122HTTP Nginx22013-05-18nginx 3. nginx nginx 32013-05-18nginx 4. 2013-05-18nginx4 5. 52013-05-18nginx 6. nginx OS 2013-05-18nginx6 7. nginx http://nginx.org/en/download.html OS Windows Linux RHEL 5, RHEL 6, CentOS 5, CentOS 6 Debian GNU/Linux Ubuntu yumapt-get2013-05-18nginx7 8. OS Linux RHEL/CentOS - Fedora EPEL Fedora Debian GNU/Linux Ubuntu Gentoo Portage *BSD Mac OS X - homebrew Mac OS X - MacPorts FreeBSD Ports NetBSD Packages Collection OpenBSD Ports2013-05-18nginx8 9. OpenSSL 1.0.1SPDYTLS v1.1,v1.2 2013-05-18nginx9 10. ./congure 2013-05-18nginx10./configure --with-http_XXXX_module --add-module=/path/to/module --with-openssl=/path/to/openssl-1.0.1e 11. congure2013-05-18nginx11./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --add-module=$HOME/src/ngx_cache_purge-2.1 --add-module=$HOME/src/ngx_devel_kit-0.2.18 --add-module=$HOME/src/lua-nginx-module-0.8.1 --add-module=$HOME/src/modsecurity-apache_2.7.3/nginx/modsecurity 12. "nginx -V"./congure 2013-05-18nginx12 13. CentOS 6 http://nginx.org/ "download" http://nginx.org/en/download.html "Linux packages for stable version" http://nginx.org/en/linux_packages.html "CentOS 6"RPM2013-05-18nginx13 14. CentOS 62013-05-18nginx14$ sudo yum install http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm$ sudo yum install nginx$ sudo service nginx start 15. 2013-05-18nginx15 16. 2013-05-18nginx16 17. /etc/nginx/nginx.conf2013-05-18nginx17./congure 18. include include include /etc/nginx/conf.d/*.conf; glob "*.conf" 1.2.62013-05-18nginx18src/os/unix/ngx_les.c ngx_open_glob() n = glob((char *) gl->pattern, GLOB_NOSORT, NULL, &gl->pglob); 19. nginx.conf $ ls -1 /etc/nginxfastcgi.conffastcgi_paramskoi-utfkoi-winmime.typesnginx.confscgi_paramsuwsgi_paramswin-utf2013-05-18nginx19 20. mime.types MIMEfastcgi_params FastCGIfastcgi_paramfastcgi.conf fastcgi_paramsscgi_params SCGIscgi_paramuwsgi_params uWSGIuwsgi_param2013-05-18nginx20 21. koi-utf koi8-rUTF-8koi-win windows-1251UTF-8win-utf windows-1251UTF-82013-05-18nginx213 22. include include /etc/nginx/mime.types; include mime.types;2013-05-18nginx22nginx.conf 23. 2013-05-18nginx23 24. 2013-05-18nginx24 25. events {}http {server {location URI_PATH {}location URI_PATH {...}...}server {...}} 2013-05-18nginx25maineventshttpserverlocationHTTPURInginx.conf 26. www.example.org.conf2013-05-18nginx26events {}http {include conf.d/*.conf}maineventshttpserver {location URI_PATH {}location URI_PATH {...}...}serverlocationserver {location URI_PATH {}location URI_PATH {...}...}serverlocationnginx.confwww.example.jp.conf 27. 2013-05-18nginx27 28. user nginx;worker_processes auto;worker_rlimit_nofile 2048;error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;main2013-05-18nginx28workerworkerCPU1.2.5"auto"masterID$ ps auxfUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMANDroot 27593 0.0 2.4 137552 24772 ? Ss 01:06 0:00 nginx: master processnginx 27594 0.0 2.5 137880 25624 ? S 01:06 0:00 _ nginx: worker processnginx 27595 0.0 2.5 137880 25624 ? S 01:06 0:00 _ nginx: worker processworker_connections 29. events {worker_connections 1024;}events2013-05-18nginx29worker512 30. http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for";access_log /var/log/nginx/access.log main;http12013-05-18nginx30MIMEMIMEtext/plain"combined"apache 31. sendfile on;tcp_nopush on;keepalive_timeout 5;gzip on;gzip_types text/plain text/css application/jsonapplication/x-javascript text/xml application/xmlapplication/xml+rss text/javascript;include /etc/nginx/conf.d/*.conf;}http22013-05-18nginx31sendle() APIsendleTCP_NOPUSHFreeBSDTCP_CORKLinux75 32. server {listen 80;server_name example.jp;root /var/www/html;index index.html index.php;location / {}location /images/ {alias /var/www/images/;}}server2013-05-18nginx32IPURI"/"locationURI 33. listen listen IP: ;IP: *: 80default_serversslspdy2013-05-18nginx33 34. listen listen *:80; listen 80; listen *; IPv4 listen 192.0.2.1:80; listen 192.0.2.1; IPv6 listen [2001:db8:dead:beef::1]:80;2013-05-18nginx34 35. listen SSL/TLS listen 443 ssl; listen 192.0.2.1:443 ssl; listen [2001:db8:dead:beef::1]:443 ssl; SPDY listen 443 ssl spdy; listen 192.0.2.1:443 ssl spdy; listen [2001:db8:dead:beef::1]:443 ssl spdy; listen 80 default_server; listen 443 default_server ssl;2013-05-18nginx35 36. server_name server_name ...;: """"Host2013-05-18nginx36 37. server_name server_name example.com; server_name example.com www.example.com; server_name *.example.com; server_name .example.com; server_name ~^wwwd+.example.com$; server_name ""; server_name _;2013-05-18nginx37Host 38. server {listen 192.0.2.1:80;listen 192.0.2.1:443 ssl;server_name example.jp;....}server {listen 192.0.2.2:80;listen 192.0.2.2:443 ssl;server_name www.example.org;....}IP2013-05-18nginx38SSL/TLSexample.jpwww.example.orgSSL/TLSSNI(Server Name Indication)IPSNI 39. server {listen 80 default_server;server_name _;....}server {listen 80;server_name example.jp www.example.jp;....}server {listen 80;listen 443 ssl;server_name www.example.org;....}2013-05-18nginx39SSL/TLSexample.jpwww.example.org $ nginx -V 2>&1 | grep SNITLS SNI support enabledSSL/TLSnginxSNI 40. SSL/TLS2013-05-18nginx40server {listen 443 ssl spdy;server_name example.jp;ssl_certificate /etc/nginx/cert.pem;ssl_certificate_key /etc/nginx/cert.key;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;}SSL/TLS1CNSSL/TLS(TLSv1.1,TLSv1.2OpenSSL 1.0.1)openssl ciphers cipherlist -vSPDYnginx 1.4.0OpenSSL 1.0.1 41. server {listen 80;server_name example.jp;root /var/www/html;index index.html index.php;location / {}location /images/ {alias /var/www/images/;}}server2013-05-18nginx41IPURI"/"locationURI 42. location location URI { location} ^~ = ~ ~* 2013-05-18nginx42 43. "~", "~*"locationURI2013-05-18nginx43"=", "^~", URIlocation"="location"="location"^~"locationlocationyesyesyesnonono 44. locationURI2013-05-18nginx44location / {[location A]}location /example/ {[location B]}location/example/page.html 45. locationURI2013-05-18nginx45location / {[location A]}location /example/ {[location B]}location/example/page.html 46. locationURI2013-05-18nginx46location / {[location A]}location = / {[location B]}location = /page.html {[location C]}location/ 47. locationURI2013-05-18nginx47location / {[location A]}location = / {[location B]}location = /page.html {[location C]}location/"=" 48. locationURI2013-05-18nginx48location / {[location A]}location = / {[location B]}location = /page.html {[location C]}location/page.html 49. locationURI2013-05-18nginx49location / {[location A]}location = / {[location B]}location = /page.html {[location C]}location/page.html"=" 50. locationURI2013-05-18nginx50location / {[location A]}location /example/page.html {[location B]}location ~ ^/example/ {[location C]}location/example/page.html 51. locationURI2013-05-18nginx51location / {[location A]}location /example/page.html {[location B]}location ~ ^/example/ {[location C]}location/example/page.html 52. locationURI2013-05-18nginx52location / {[location A]}location ^~ /example/page.html {[location B]}location ~ ^/example/ {[location C]}location/example/page.html 53. locationURI2013-05-18nginx53location / {[location A]}location ^~ /example/page.html {[location B]}location ~ ^/example/ {[location C]}location/example/page.html"^~" 54. locationURI2013-05-18nginx54location / {[location A]}location /example/ {[location B]}location ~ .php$ {[location C]}location ~ ^/example/.+.php$ {[location D]}location/example/index.php 55. locationURI2013-05-18nginx55location / {[location A]}location /example/ {[location B]}location ~ .php$ {[location C]}location ~ ^/example/.+.php$ {[location D]}location/example/index.php 56. rootalias2013-05-18nginx56root /var/www/html;location ~ ^/.+.(?:gif|jpg|png)$ {root /var/www/images;}location /s/ {alias /var/www/s/html/;}location ~ ^/s/(.+.(?:gif|jpg|png)$) {alias /var/www/s/images/$1;}locationalias:locationURIrootlocationlocation"/var/www/images/" 57. rootalias2013-05-18nginx57root /var/www/html;location ~ ^/.+.(?:gif|jpg|png)$ {root /var/www/images;}location /s/ {alias /var/www/s/html/;}location ~ ^/s/(.+.(?:gif|jpg|png)$) {alias /var/www/s/images/$1;} /page.html /le.jpg /s/page.html /s/le.jpg 58. rootalias2013-05-18nginx58root /var/www/html;location ~ ^/.+.(?:gif|jpg|png)$ {root /var/www/images;}location /s/ {alias /var/www/s/html/;}location ~ ^/s/(.+.(?:gif|jpg|png)$) {alias /var/www/s/images/$1;} /page.html /le.jpg /s/page.html /s/le.jpg/var/www/html/page.html/var/www/images/le.jpg/var/www/s/html/page.html/var/www/s/images/le.jpg 59. location /s/ {root /var/www/html/;}rootalias2013-05-18nginx59location /s/ {alias /var/www/html/s/;}URIroot 60. 2013-05-18nginx60location ~ ^/admin/ {satisfy any;allow 127.0.0.1;allow ::1;allow 192.0.2.1;allow 2001:db8:dead:beef::1;deny all;auth_basic on;auth_basic_user_file auth/htpasswd-admin;}location ~ /. {deny all;log_not_found off;access_log off;} 61. 2013-05-18nginx61location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {log_not_found off;access_log off;}location = /favicon.ico {log_not_found off;access_log off;}location = /robots.txt {log_not_found off;access_log off;} 62. 2013-05-18nginx62 63. 2013-05-18nginx63 64. Web2013-05-18nginx64Web nginxWebhttp(s)http(s)FastCGISCGIuWSGIWebWeb 65. 2013-05-18nginx65Webnginx WebSSL/TLSnginxWebnginxSSL/TLS 66. 2013-05-18nginx66Web nginxWebWebWeb 67. 2013-05-18nginx67location / {try_files $uri $uri/ @webapp;}location /images/ {root /var/www/html/webapps;}location @webapp {proxy_pass http://127.0.0.1:8080/;}location ~ .cgi$ {proxy_pass http://127.0.0.1:8080/;}URIURIPATH_INFOURIURI 68. 2013-05-18nginx68upstream backend {ip_hash;server backend1.example.jp:8080 weight=5;server backend2.example.jp:8080;server unix:/var/run/backend.sock;}server {location / {try_files $uri $uri/ @webapp;}location @webapp {proxy_pass backend;}location ~ .cgi$ {proxy_pass backend;}}upstream 69. proxy2013-05-18nginx69location /webapp/ {proxy_pass http://192.0.2.1:8080/;proxy_set_header Host $host;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_redirect off;}URIHTTP 70. FastCGI2013-05-18nginx70location ~ .php$ {fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include /etc/nginx/fastcgi_params;}URIFastCGIfastcgi_param 71. [uwsgi]master = trueworkers = 5no-orphans = truepidfile = /var/run/uwsgi/uwsgi.pidsocket = /var/run/uwsgi/uwsgi.sockchmod-socket = 660uid = nginxgid = nginxcgi = /mt=/var/www/cgi-bin/mtcgi-allowed-ext = .cgiuWSGI + CGI2013-05-18nginx71location ~ .cgi$ {uwsgi_pass unix:/var/run/uwsgi/uwsgi.sock;uwsgi_modifier1 9;include /etc/nginx/uwsgi_params;}URIuwsgimodier1WSGI: 0PSGI: 5CGI: 9uwsgi_param/etc/uwsgi.ini 72. uWSGI +PSGI2013-05-18nginx72location ~ .cgi$ {uwsgi_pass unix:/var/run/uwsgi/uwsgi.sock;uwsgi_modifier1 5;uwsgi_param UWSGI_APPID mt;uwsgi_param UWSGI_SCRIPT mt.psgi;include /etc/nginx/uwsgi_params;}URIuwsgimodier1WSGI: 0PSGI: 5CGI: 9uwsgi_param[uwsgi]psgichdir = /var/www/cgi-bin/mtmount = mt=mt.psgi/etc/uwsgi.iniuWSGI 73. 2013-05-18nginx73