调优-Nginx性能监控与调优

5、Nginx性能监控与调优

5.1 ngx_http_stub_status监控连接信息

>
5.1.1 ngx_http_stub_status 配置

sbin/nginx -V 查看编译参数

在之前的模块安装基础上继续安装ngx_http_stub_status模块

--add-module=/home/admin/mylibs/rmtpmodule/nginx-rtmp-module --with-http_ssl_module --with-pcre --with-ipv6 --with-http_stub_status_module

重新编译过程可以参考《CentOS-nginx配置Https-SSL-ngx_http_ssl_module》

cd /usr/mylibs/nginx/nginx-1.10.2
./configure  --add-module=/home/admin/mylibs/rmtpmodule/nginx-rtmp-module --with-http_ssl_module --with-pcre --with-ipv6 --with-http_stub_status_module && make && make install

添加配置

location = /nginx_status {
     stub_status on;
     access_log off;
     allow 127.0.0.1; 
     # 关于这个ip 和
     #《1.4-详细笔记-Tomcat性能监控与调优.md》中的4.2.2.3节相同，即192.168.1.1
     deny all;
   }

./sbin/nginx -t
 ./sbin/nginx 
or
./sbin/nginx -s reload

#如果netstat -ntlp | grep nginx 没有找到配置的81端口
./sbin/nginx -s stop
./sbin/nginx

http://192.168.1.3:81/nginx_status

Active connections: 13 
server accepts handled requests
29 29 80 
Reading: 0 Writing: 1 Waiting: 12

解释文档 http://nginx.org/en/docs/http/ngx_http_stub_status_module.html#data

5.2 ngxtop监控请求信息

5.2.1 ngxtop安装

#安装python-pip
yum install epel-release
yum install python-pip

#安装python-pip
pip install ngxtop

5.2.2 ngxtop文档

https://github.com/lebinh/ngxtop

5.2.3 ngxtop使用

5.2.3.1 指定配置文件：

ngxtop -c /usr/local/nginx/conf/vhost/test.ngxin.status.conf

注意 .conf 只能是当前nginx正在使用的配置文件

5.2.3.2 查询状态是404：

ngxtop -c /usr/local/nginx/conf/vhost/test.ngxin.status.conf -i 'status == 404'

5.2.3.3 查询访问最多的ip：

ngxtop -c /usr/local/nginx/conf/vhost/test.ngxin.status.conf -g remote_addr

5.3 nginx-rrd监控

前提是 5.1 ngx_http_stub_status监控连接信息 已完成配置

5.3.1 安装php

yum install php php-gd php-soap php-mbstring php-xmlrpc php-dom php-fpm -y

PHP之PDO_MYSQL扩展安装步骤（php安装mysql扩展）

https://www.cnblogs.com/qq78292959/p/4084868.html

5.3.2 nginx整合php

修改/etc/php-fpm.d/www.conf文件中的user和group，与./conf/nginx.conf中的user一致

搜索 /user = apache
user = nginx
group = nginx

5.3.3 启动php-fpm服务

systemctl start php-fpm
or 
service php-fpm start

启动失败，查看状态
systemctl status php-fpm.service

  php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 二 2018-10-02 20:03:25 CST; 19s ago
   Process: 25825 ExecStart=/usr/sbin/php-fpm --nodaemonize (code=exited, status=78)
   Main PID: 25825 (code=exited, status=78)

   10月 02 20:03:25 localhost.localdomain systemd[1]: Starting The PHP FastCGI Process Manager...
   10月 02 20:03:25 localhost.localdomain php-fpm[25825]: [02-Oct-2018 20:03:25] ERROR: [pool www] cannot get uid for user 'nginx'
   10月 02 20:03:25 localhost.localdomain php-fpm[25825]: [02-Oct-2018 20:03:25] ERROR: FPM initialization failed
   10月 02 20:03:25 localhost.localdomain systemd[1]: php-fpm.service: main process exited, code=exited, status=78/n/a
   10月 02 20:03:25 localhost.localdomain systemd[1]: Failed to start The PHP FastCGI Process Manager.
   10月 02 20:03:25 localhost.localdomain systemd[1]: Unit php-fpm.service entered failed state.
   10月 02 20:03:25 localhost.localdomain systemd[1]: php-fpm.service failed.

vi ./conf/nginx.conf

#user  nobody 改成 user nginx ，并在测试后重启nginx
../sbin/nginx -t
#报错
#nginx: [emerg] getpwnam("nginx") failed in /usr/local/nginx/conf/nginx.conf:2
#nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
#解决
useradd nginx -s /sbin/nologin 创建虚拟用户（无登录权限）
../sbin/nginx -t #测试成功
#重新启动
systemctl start php-fpm
#启动成功，在9000端口监听
netstat -ntlp | grep 9000

5.3.4 nginx配置

location ~ \.php$ {
     root           /product/frontend/mmall_fe/dist/view; # 这个同 location / 或者 location = / 下的root路径即可，如果有问题，以后可以看看这里
     fastcgi_pass   127.0.0.1:9000;
     fastcgi_index  index.php;
     #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name; #不能访问
     fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name;
     include        fastcgi_params;
}

./sbin/nginx -t
./sbin/nginx -s reload

测试php整合

cd /product/frontend/mmall_fe/dist/view
vi testphp.php
<?php phpinfo();?>
#访问 http://192.168.1.3:81/testphp.php 成功

5.3.5 安装rrdtool相关依赖

yum install perl rrdtool perl-libwww-perl libwww-perl perl-rrdtool -y

5.3.6 安装nginx-rdd

cd /usr/mylibs/nginx-rdd 
wget http://soft.vpser.net/status/nginx-rrd/nginx-rrd-0.1.4.tgz 
tar -xvf nginx-rrd-0.1.4.tgz
cd nginx-rrd-0.1.4/ 
cp usr/sbin/*  /usr/sbin
cp etc/nginx-rrd.conf /etc

mkdir -p /usr/share/nginx/html/
mkdir -p /usr/share/nginx/html/nginx-rrd/

cp html/index.php /usr/share/nginx/html/

#修改配置  
vi /etc/nginx-rrd.conf 

> RRD_DIR="/usr/share/nginx/html/nginx-rrd";
> WWW_DIR="/usr/share/nginx/html/";

5.3.7 新建定时任务

#添加定时任务
crontab -e 

*  * * * * /bin/sh /usr/sbin/nginx-collect 
*/1 * * * * /bin/sh /usr/sbin/nginx-graph 

#查看定时任务
crontab -l 

#查看任务执行状态
tail -f /var/log/cron

5.3.8 ab压测

安装ab压测工具:

yum -y install httpd-tools
ab -n 10000 -c 10  http://192.168.1.3:81/

配置nginx访问

location = /nginx-rrd {
  root           /usr/share/nginx/html; # 这个同 / 下的root路径即可
  #fastcgi_pass   127.0.0.1:9000;
  #fastcgi_index  index.php;
  #fastcgi_param  SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  #include        fastcgi_params;
  #index index.php;
}

502 要注意php服务有没有启动

systemctl start php-fpm

出错:

tail -f ../../logs/error.log 
FastCGI sent in stderr: "Access to the script '/usr/share/nginx/html/nginx-rrd' has been denied (see security.limit_extensions)"

vi /etc/php-fpm.d/www.conf
> security.limit_extensions = .php .php3 .php4 .php5 .html .js .css .jpg .jpeg .gif .png .htm
systemctl restart php-fpm

修改还是没有权限：新增一个nginx域名的82端口conf文件，增加不添加路径的访问配置

location = / {
     root  /usr/share/nginx/html; # 这个同 / 下的root路径即可    
     fastcgi_pass   127.0.0.1:9000;
     fastcgi_index  index.php;
     fastcgi_param  SCRIPT_FILENAME $document_root/$fastcgi_script_name;
     include        fastcgi_params;
     index index.php;
}

# 生成截图
/usr/sbin/nginx-collect && /usr/sbin/nginx-graph

再次测试

ab -n 10000 -c 10  http://192.168.1.3:81/
ab -n 10000 -c 10  http://127.0.0.1:81/
ab -n 10000 -c 10  http://localhost:81/
# 单独给82端口增加nginx_status 好像也没有检测到数据
location = /nginx_status {
     stub_status on;
     access_log off;
     #allow 192.168.1.1;
     #deny all;
}

访问ngxin-rrd
http://192.168.1.3:82/

结果：始终没有记录到访问数据

在线参考：

nginx-RRD stats - Nginx图形化监控工具

用nginx-rrd监控nginx访问数

5.4 Nginx优化

5.4.1 nginx配置

vi /usr/local/nginx/conf/nginx.conf

1. 增加工作线程数和并发连接数

worker_processes  4;#cpu个数
events {
   worker_connections  10240;
   #每一个进程打开的最大连接数，
   #包含nginx与客户端和nginx与upstream之间的连接
   multi_accept on; # 可以一次建立多个连接
   use epoll; #linux2.6的高性能方式
}

查看配置后的运行状态

../sbin/nginx -t
../sbin/nginx -s reload

ps -ef | grep nginx

root       5195      1  0 10:01 ?        00:00:00 nginx: master process ../../sbin/nginx
nginx     11719  11718  0 10:56 ?        00:00:00 php-fpm: pool www
nginx     11720  11718  0 10:56 ?        00:00:00 php-fpm: pool www
nginx     11721  11718  0 10:56 ?        00:00:00 php-fpm: pool www
nginx     11722  11718  0 10:56 ?        00:00:00 php-fpm: pool www
nginx     11723  11718  0 10:56 ?        00:00:00 php-fpm: pool www
nginx     12324  11718  0 11:03 ?        00:00:00 php-fpm: pool www
root      14607   1453  0 11:27 pts/2    00:00:00 vi /etc/nginx-rrd.conf
nginx     17422   5195  0 11:58 ?        00:00:00 nginx: worker process
nginx     17423   5195  0 11:58 ?        00:00:00 nginx: worker process
nginx     17424   5195  0 11:58 ?        00:00:00 nginx: worker process
nginx     17425   5195  0 11:58 ?        00:00:00 nginx: worker process
nginx     17426   5195  0 11:58 ?        00:00:00 nginx: cache manager process
root      17435  16654  0 11:58 pts/9    00:00:00 grep --color=auto nginx

1. 启动长连接

vi /usr/local/nginx/conf/nginx.conf

upstream server_pool{
      server localhost:8080 weight=1 max_fails=2 fail_timeout=30s;
      server localhost:8081 weight=1 max_fails=2 fail_timeout=30s;
      keepalive 300; #300个长连接
}

location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_pass http://server_pool/;
}

1. 启用缓存、压缩

   gzip on;
   gzip_http_version 1.1;
   gzip_disable "MSIE [1-6]\.(?!.*SV1)";
   gzip_proxied any;
   gzip_types  text/plain text/css application/javascript application/x-javascript application/json application/xml application/vnd.ms-fontobject application/x-font-ttf application/svg+xml application/x-icon;
   gzip_vary on; #Vary:Accept-Encoding
   gzip_static on; #如果有压缩好的，直接使用
   

../sbin/nginx -t
nginx: [emerg] unknown directive "gzip_static" in /usr/local/nginx/conf/vhost/test.ngxin.rrd.conf:71

注意gzip_static配置需要编译模块参数 --with-http_gzip_static_module :

按照 5.1.1 重新编译nginx，但是要注意nginx -V的结果要加进去

cd /usr/mylibs/nginx/nginx-1.10.2
/usr/local/nginx/sbin/nginx -V
> --add-module=/home/admin/mylibs/rmtpmodule/nginx-rtmp-module --with-http_ssl_module --with-pcre --with-ipv6 --with-http_stub_status_module
# 增加 --with-http_gzip_static_module
./configure  --add-module=/home/admin/mylibs/rmtpmodule/nginx-rtmp-module --with-http_ssl_module --with-pcre --with-ipv6 --with-http_stub_status_module --with-http_gzip_static_module && make && make install

1. 操作系统优化

#配置文件
vi /etc/sysctl.conf
sysctl -W net.ipv4.tcp_syncookies=1 #防止一个套接字在有过多试图连接到达时引起过载  
sysctl -W net.core.somaxconn=1024 #默认128 ,连接队列
sysctl -W net.ipv4.tcp_fin_timeout=10 #timewait的超时时间
sysctl -W net.ipv4.tcp_tw_reuse=1 #os直接使用timewait的连接
sysctl -W net.ipv4.tcp_tw_recycle=0 #回收禁用

sudo vi /etc/security/limits.conf
#在文件末尾增加,*是需要写入到limits.conf中的
* hard nofile 201800   #* 任何用户 hard  真正的
* soft nofile 201800
* soft core unlimited
* soft stack 201800

关于linux连接数的配置《调优-linux连接数-百万连接-局部-全局文件句柄限制》

5.4 其他优化

#nginx配置
sendfile on; #减少文件在应用和内核之间的拷贝
tcp_nopush on; #当数据包达到一定大小再发送
tcp_nodelay off; #有数据随时发送