nginx 核心知识100讲笔记(三)

Posted on Posted in nginx

缓存

expires

expires

  • max 永久有效
  • off 默认, 不会添加或者修改expires 和 Cache-Control 字段
  • epoch 不使用缓存
  • time 具体时间

proxy_cache_path

proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];

  • path 定义缓存文件存放位置
  • levels 定义缓存路径的目录层级, 最多3级, 每层目录长度为1或者2字节
  • user_temp_path
    • on 使用 proxy_temp_path 定义的临时目录
    • off 直接使用path路径存放临时文件
  • keys_zone
    • name 是共享内存名字, 由 proxy_cache 指令使用
    • size 是共享内存大小, 1MB大约可以存放8000个key
  • inactive
    • 默认 10 分钟
    • 再 inactive 时间内没有被访问的缓存, 会被淘汰掉
  • max_size
    • 折纸最大的缓存文件大小, 超出后由 cache manager 进程按 LRU 链表淘汰
  • manager_files
    • cache manager 进程在1次淘汰过程中,淘汰的最大文件数
    • 默认 100
  • manager_sleep
    • 执行一次淘汰循环后 cache manager 进程的休眠时间
    • 默认 200 ms
  • manager_threshold
    • 执行一次淘汰循环的最大耗时
    • 默认 50 ms
  • loader_files
    • cache loader 进程载入磁盘中缓存文件至共享内存, 每批最多处理的文件数
    • 默认100
  • loader_sleep
    • 执行一次缓存文件至共享内存后, 进程休眠的时间
    • 载入默认200毫秒
  • loader_threshold
    • 每次载入缓存文件至共享内存的最大耗时
    • 默认 50 ms

proxy_cache_key string

# 定义名字为 tow 的共享内存
proxy_cache_path /data/nginx/tmpcache levels=2:2 keys_zone=two:10m loader_threshold=300 
                     loader_files=200 max_size=200m inactive=1m;

server {
    server_name cache.liuhonghe.me;

    root html/;
    error_log logs/cacherr.log debug;

    location ~ /purge(/.*) {
            proxy_cache_purge two $scheme$1; # 清除缓存
        }   

    location /{
        #expires @20h30m;
        #if_modified_since off;
        proxy_cache two; # 使用 two 缓存
        proxy_cache_valid 200 1m; # 200 请求使用 1m 有效期
        add_header X-Cache-Status $upstream_cache_status; # 验证缓存有没有命中
        #proxy_cache_use_stale error timeout updating;
        #proxy_cache_key $scheme$uri;
        #proxy_cache_revalidate on;
        #proxy_cache_background_update on;
        #proxy_hide_header      Set-Cookie;
        #proxy_ignore_headers   Set-Cookie;

        #proxy_force_ranges on;

        proxy_cache_key $scheme$uri; # 缓存
        proxy_pass http://localhost:8012;
    }

    listen 443 ssl; # managed by Certbot
        ssl_certificate examples/cert/a.crt;
        ssl_certificate_key examples/cert/a.key; 
        #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_verify_client  optional;
    ssl_verify_depth 2;
    #ssl_trusted_certificate examples/cert/ca.crt;
    ssl_client_certificate examples/cert/ca.crt;
    #ssl_client_certificate LetsEncryptAuthorityX3.crt;

    location /test {
        default_type text/plain;
        return 200 '
ssl_client_escaped_cert: $ssl_client_escaped_cert
ssl_client_cert: $ssl_client_cert
ssl_client_raw_cert: $ssl_client_raw_cert
ssl_cipher: $ssl_cipher
ssl_ciphers: $ssl_ciphers
ssl_client_fingerprint: $ssl_client_fingerprint
ssl_client_i_dn: $ssl_client_i_dn
ssl_client_i_dn_legacy: $ssl_client_i_dn_legacy
ssl_client_s_dn: $ssl_client_s_dn
ssl_client_s_dn_legacy: $ssl_client_s_dn_legacy
ssl_client_serial: $ssl_client_serial
ssl_client_v_end: $ssl_client_v_end
ssl_client_v_remain: $ssl_client_v_remain
ssl_client_v_start: $ssl_client_v_start
ssl_client_verify: $ssl_client_verify
ssl_curves: $ssl_curves
ssl_protocol: $ssl_protocol
ssl_server_name: $ssl_server_name
ssl_session_id: $ssl_session_id
ssl_session_reused: $ssl_session_reused
';
    }

    listen 80; # managed by Certbot
}
server {
        listen 127.0.0.1:8011;
    default_type text/plain;
    limit_rate 1;
        return 200 '8011 server response.\n';
}

server {
        listen 8013;
        default_type text/plain;
        return 500 '8013 Server Internal Error.\n';
}

server {
        listen 8012;
    default_type text/plain;
    #client_body_in_single_buffer on;
    #add_header Cache-Control 'max-age=3,stale-while-revalidate=3'; # 一样不缓存
    #add_header Vary *; # 不缓存
    #add_header X-Accel-Expires 3; # 3 秒后过期
    root html;

    location / {
        #add_header aaa 'aaa value';
        #add_header X-Accel-Limit-Rate 10;
    }

    location /test {
            return 200 '8012 server response.
uri: $uri
method: $request_method
request: $request
http_name: $http_name
curtime: $time_local
\n';
    }
}

及时清除缓存

ngx_cache_purge

websocket 反向代理

ngx_http_proxy_module

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

http://www.websocket.org/echo.html

server {
    server_name websocket.liuhonghe.me;
    #root html/;
    default_type text/plain;
    
    access_log logs/ws.log;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://echo.websocket.org;
    }

    listen 80; # managed by Certbot

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/websocket.liuhonghe.me/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/websocket.liuhonghe.me/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

slice 分片提升缓存效率

--with-http_slice_module

proxy_cache_path /data/nginx/tmpcache3 levels=2:2 keys_zone=three:10m loader_threshold=300 
                     loader_files=200 max_size=200m inactive=1m;

server {
    server_name slice.taohui.tech;

    error_log logs/cacherr.log debug;

    location ~ /purge(/.*) {
                proxy_cache_purge three $1$is_args$args$slice_range;
        }

    location /{
        proxy_cache three;
        slice             1m; # 分 1M 进行切分
        proxy_cache_key   $uri$is_args$args$slice_range;
        proxy_set_header  Range $slice_range;

        proxy_cache_valid 200 206 1m;
        add_header X-Cache-Status $upstream_cache_status;

        proxy_pass http://localhost:8012;
    }
}

open_file_cache

server {
    listen 8092;
    root html;
    location / {
        open_file_cache max=10 inactive=60s; # 最多缓存10个文件在内存中, 如果一个文件60秒之后都不访问了, 就从内存中移除
        open_file_cache_min_uses 1; # 至少访问1次以上, 才继续留在缓存中
        open_file_cache_valid 60s; # 确认经过 60s 后, 如果发生更新, 就更新
        open_file_cache_errors on; # 对于访问文件错误的信息是否缓存
    }
}

调试跟踪

strace -p 4567 # nginx 主 pid 号
» 转载请注明来源:呢喃 » nginx 核心知识100讲笔记(三)

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 1 =