Nginx优化-性能调优
大约 7 分钟
Nginx优化-性能调优
业务场景引入
在运营一个全球性的视频流媒体平台时,技术团队面临严峻的性能挑战:
- 高并发访问:平台需要同时处理数百万用户的视频请求
- 低延迟要求:视频播放延迟必须控制在毫秒级别
- 带宽优化:需要最大化利用网络带宽,降低传输成本
- 资源利用率:服务器资源(CPU、内存、网络)需要高效利用
- 用户体验:确保用户在各种网络环境下都能流畅观看视频
这些需求正是Nginx性能调优的核心应用场景。通过深入的性能优化,Nginx可以显著提升系统的处理能力、降低响应延迟、优化资源利用效率。
性能优化基础
性能指标定义
在进行性能调优之前,需要明确关键性能指标:
- QPS(Queries Per Second):每秒处理请求数
- 响应时间:从请求发出到收到响应的时间
- 并发连接数:同时处理的连接数量
- 资源利用率:CPU、内存、网络等资源使用情况
- 错误率:请求处理失败的比例
性能测试工具
# ab (Apache Bench) - 基础压力测试
ab -n 10000 -c 100 https://example.com/
# wrk - 高性能HTTP基准测试
wrk -t12 -c400 -d30s https://example.com/
# siege - HTTP负载测试和基准测试
siege -c100 -t60s https://example.com/
# hey - HTTP负载生成器
hey -n 10000 -c 100 https://example.com/系统级性能优化
操作系统优化
# 调整文件描述符限制
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
# 调整内核参数
cat >> /etc/sysctl.conf << EOF
# 网络优化
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 5000
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
EOF
# 应用内核参数
sysctl -pCPU优化
# nginx.conf - CPU相关优化
worker_processes auto; # 自动设置为CPU核心数
worker_cpu_affinity auto; # 自动绑定CPU核心
events {
worker_connections 65535;
use epoll; # Linux下使用epoll
multi_accept on; # 允许一次接受多个连接
accept_mutex off; # 关闭接受互斥锁(高并发场景)
}内存优化
# nginx.conf - 内存相关优化
worker_rlimit_nofile 65535; # 设置每个worker进程的最大文件描述符数
http {
# 连接和缓冲区优化
client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
# 输出缓冲区优化
output_buffers 1 32k;
postpone_output 1460;
# 代理缓冲区优化
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# FastCGI缓冲区优化
fastcgi_buffering on;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}网络性能优化
TCP优化配置
# nginx.conf - TCP优化
http {
# 启用sendfile
sendfile on;
tcp_nopush on; # 启用TCP_NOPUSH
tcp_nodelay on; # 启用TCP_NODELAY
# 连接超时设置
keepalive_timeout 65;
keepalive_requests 1000;
client_header_timeout 60;
client_body_timeout 60;
send_timeout 60;
# 代理超时设置
proxy_connect_timeout 5s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
}HTTP/2优化
server {
listen 443 ssl http2;
server_name example.com;
# HTTP/2优化配置
http2_max_field_size 16k;
http2_max_header_size 32k;
http2_body_preread_size 32k;
http2_idle_timeout 3m;
# 连接优化
keepalive_timeout 75s;
keepalive_requests 1000;
location / {
root /var/www/html;
index index.html;
}
}负载均衡优化
# 负载均衡优化配置
upstream backend {
# 使用最少连接算法
least_conn;
# 服务器配置优化
server 192.168.1.10:8080 weight=3 max_fails=2 fail_timeout=10s;
server 192.168.1.11:8080 weight=3 max_fails=2 fail_timeout=10s;
server 192.168.1.12:8080 weight=2 max_fails=2 fail_timeout=10s;
# 连接池优化
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
}
server {
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
# 缓冲区优化
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}缓存优化策略
静态资源缓存
server {
listen 80;
server_name static.example.com;
root /var/www/static;
# 静态资源缓存配置
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header Vary Accept-Encoding;
# 启用gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
}
# 字体文件特殊处理
location ~* \.(woff|woff2|ttf|eot)$ {
expires 1y;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control "public";
}
# 大文件优化
location ~* \.(mp4|webm|ogg|mp3|wav|flac|aac)$ {
expires 7d;
add_header Cache-Control "public";
add_header Accept-Ranges bytes;
}
}代理缓存配置
# 代理缓存配置
http {
# 定义缓存区域
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=backend_cache:10m
max_size=10g inactive=60m use_temp_path=off;
# 缓存键定义
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
location / {
proxy_pass http://backend;
proxy_cache backend_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_min_fresh 5m;
proxy_cache_revalidate on;
proxy_cache_lock on;
# 缓存头设置
add_header X-Cache-Status $upstream_cache_status;
# 缓存旁路
proxy_cache_bypass $http_pragma $http_authorization;
proxy_no_cache $http_pragma $http_authorization;
}
# 不缓存的路径
location ~* /api/(login|logout|payment) {
proxy_pass http://backend;
proxy_cache_bypass 1;
proxy_no_cache 1;
}
}
}FastCGI缓存配置
# FastCGI缓存配置
http {
# 定义FastCGI缓存区域
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=php_cache:10m
max_size=10g inactive=60m use_temp_path=off;
server {
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# FastCGI缓存配置
fastcgi_cache php_cache;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
fastcgi_cache_min_fresh 5m;
fastcgi_cache_revalidate on;
fastcgi_cache_lock on;
# 缓存头设置
add_header X-FastCGI-Cache $upstream_cache_status;
# 缓存旁路
fastcgi_cache_bypass $http_pragma $http_authorization;
fastcgi_no_cache $http_pragma $http_authorization;
}
}
}Gzip压缩优化
基础Gzip配置
http {
# 启用gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_http_version 1.1;
# 压缩的MIME类型
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
application/x-javascript
application/x-httpd-php
image/svg+xml;
# 禁用压缩的用户代理
gzip_disable "MSIE [1-6]\.";
}高级Gzip优化
http {
# Gzip优化配置
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_http_version 1.0;
# 针对不同内容类型设置不同压缩级别
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# 预压缩静态文件
location ~* \.(css|js|html|xml)$ {
gzip_static on;
expires 1y;
add_header Cache-Control "public, immutable";
}
}日志优化配置
高效日志配置
# 自定义日志格式优化
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
log_format detailed '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time" '
'cs=$upstream_cache_status';
# 条件日志记录
map $status $loggable {
~^[23] 0;
default 1;
}
server {
access_log /var/log/nginx/access.log main if=$loggable;
error_log /var/log/nginx/error.log warn;
# 关闭特定路径的日志
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
}日志轮转配置
# /etc/logrotate.d/nginx
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 644 nginx nginx
sharedscripts
postrotate
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}SSL性能优化
SSL优化配置
server {
listen 443 ssl http2;
server_name example.com;
# SSL证书配置
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
# SSL协议和加密套件优化
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE+AES256:ECDHE+CHACHA20:!DSS;
ssl_prefer_server_ciphers off;
# SSL会话优化
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets on; # TLS 1.3推荐启用
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Diffie-Hellman参数
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
}监控与性能分析
性能监控配置
# 启用状态监控
server {
listen 8080;
server_name localhost;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location /metrics {
# Prometheus指标导出(需要nginx-module-vts模块)
vhost_traffic_status_display;
vhost_traffic_status_display_format prometheus;
allow 127.0.0.1;
deny all;
}
}性能分析脚本
#!/bin/bash
# Nginx性能分析脚本
# 检查Nginx进程状态
echo "=== Nginx Process Status ==="
ps aux | grep nginx | grep -v grep
# 检查连接状态
echo "=== Connection Status ==="
netstat -an | grep :80 | awk '{print $6}' | sort | uniq -c
# 检查Nginx状态
echo "=== Nginx Status ==="
curl -s http://localhost:8080/nginx_status
# 检查系统资源使用
echo "=== System Resources ==="
echo "CPU Usage:"
top -bn1 | grep "Cpu(s)" | awk '{print $2}' | awk -F'%' '{print $1}'
echo "Memory Usage:"
free -m | awk 'NR==2{printf "%.2f%%", $3*100/$2 }'
echo "Disk Usage:"
df -h / | awk 'NR==2{print $5}'
# 检查Nginx配置
echo "=== Nginx Configuration ==="
nginx -t性能测试与基准
压力测试配置
# 基准测试脚本
#!/bin/bash
# 测试参数
URL="https://example.com"
CONCURRENCY=100
REQUESTS=10000
# 执行测试
echo "Starting load test with $CONCURRENCY concurrent connections and $REQUESTS requests"
wrk -t12 -c$CONCURRENCY -d30s --timeout 30s $URL
# 分析结果
echo "Test completed. Check results above for performance metrics."性能调优验证
# 调优前后对比测试
#!/bin/bash
# 调优前测试
echo "=== Before Optimization ==="
ab -n 10000 -c 100 http://example.com/ > /tmp/before.txt
# 应用优化配置
# ... 应用优化配置 ...
# 重启Nginx
systemctl reload nginx
# 调优后测试
echo "=== After Optimization ==="
ab -n 10000 -c 100 http://example.com/ > /tmp/after.txt
# 对比结果
echo "=== Performance Comparison ==="
echo "Before: $(grep 'Requests per second' /tmp/before.txt)"
echo "After: $(grep 'Requests per second' /tmp/after.txt)"最佳实践总结
性能优化清单
系统级优化
- 调整文件描述符限制
- 优化内核网络参数
- 合理设置CPU亲和性
Nginx配置优化
- 设置合适的worker_processes和worker_connections
- 启用sendfile和tcp_nopush
- 优化缓冲区大小
缓存策略
- 合理配置静态资源缓存
- 启用代理缓存和FastCGI缓存
- 使用预压缩静态文件
网络优化
- 启用HTTP/2
- 优化TCP连接参数
- 合理设置超时时间
安全与性能平衡
- 优化SSL配置
- 启用OCSP Stapling
- 使用合适的加密套件
常见性能问题解决
高CPU使用率
- 检查worker_processes设置
- 优化SSL配置
- 减少不必要的日志记录
高内存使用
- 调整缓冲区大小
- 优化缓存配置
- 监控连接数
连接超时
- 调整超时参数
- 优化后端服务性能
- 检查网络连接
响应慢
- 启用缓存
- 优化静态资源
- 使用CDN加速
通过系统性的性能优化,Nginx可以在高并发场景下提供卓越的性能表现。在实际应用中,需要根据具体的业务需求和系统环境,逐步调整和优化相关配置,并持续监控性能指标,确保系统始终处于最佳运行状态。