博客開通以來,主要記錄學(xué)習(xí)和使用過程中遇到的問題及解決方案。文章風(fēng)格偏向自娛自樂,因此訪問量較少,一臺1核1G的vps足以支撐網(wǎng)站的正常運行。
后來本站引入三個頁面,這三個頁面應(yīng)該對有上外網(wǎng)需求的網(wǎng)友很有幫助,也給本站帶來了很大的流量。本站用的WordPress程序,嘗試過安裝各種緩存插件(super cache, w3 total cache等)加速運行,但是低配的vps依然難以支持這么大的訪問量。通過日志可以看到隨著訪問量的增加,php-fpm進程增多,Mysql的連接和線程增多,接著出現(xiàn)OOM,然后系統(tǒng)kill掉占用內(nèi)存最大的Mysql進程,于是網(wǎng)站進入503宕機模式。
買更好的vps能解決訪問量大的問題,但是要花更多的錢。做為一個技術(shù)宅,首先想到的當然是如何榨干現(xiàn)有機器來支撐大流量。做過的嘗試包括切換到比WordPress性能更好的Ghost,參考:嘗試Ghost 。但是相對于WordPress,Ghost的生態(tài)遠沒有那么成熟,最終放棄了。
左思右想下,終極解決辦法是用Nginx緩存,最初的文章可參考:Nginx配置fastcgi cache。fastcgi_cache的好處是大部分用戶的請求不用后端php-fpm打交道,直接發(fā)送緩存的靜態(tài)頁面,速度上甩各種WordPress插件好幾條街!相比之下wordpress的各種插件還要執(zhí)行php,也避免不了訪問數(shù)據(jù)庫,弱爆了!
自從使用了nginx緩存,網(wǎng)站平穩(wěn)運行,再也沒有出現(xiàn)過宕機的現(xiàn)象。同時vps的cpu和內(nèi)存占用率直線下降,再也無需擔(dān)心vps的配置問題,感覺再來10倍流量博客也撐得??!
因為nginx穩(wěn)如狗的體驗,所以現(xiàn)在對于博客類讀多寫少的產(chǎn)品都是強推nginx緩存(fastcgi緩存或者proxy緩存)。鑒于可能幫到一些網(wǎng)友,現(xiàn)貼出 /etc/nginx/nginx.conf 配置文件供網(wǎng)友參考(包含ssl設(shè)置和gzip部分):
# 文件: /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_time"';
access_log /var/log/nginx/access.log main buffer=32k flush=30s;
server_tokens off;
client_max_body_size 100m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ssl配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
add_header Strict-Transport-Security "max-age=63072000; preload";
#add_header X-Frame-Options DENY;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# 請按照自己的需求更改
fastcgi_cache_path /var/cache/nginx/tlanyan levels=1:2 keys_zone=tlanyan:10m inactive=30m use_temp_path=off;
fastcgi_cache_key $request_method$scheme$host$request_uri;
# note: can also use HTTP headers to form the cache key, e.g.
#fastcgi_cache_key $scheme$request_method$host$request_uri$http_x_custom_header;
#fastcgi_cache_lock on;
fastcgi_cache_use_stale error timeout invalid_header updating http_500;
fastcgi_cache_valid 200 301 302 10h;
fastcgi_cache_valid 404 10m;
fastcgi_ignore_headers Expires Set-Cookie Vary;
# gzip 配置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 7;
gzip_types
text/css
text/plain
text/javascript
application/javascript
application/json
application/x-javascript
application/xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/rss+xml
application/atom_xml
image/jpeg
image/gif
image/png
image/icon
image/bmp
image/jpg;
gzip_vary on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
以及用于WordPress站點的網(wǎng)站配置文件(/etc/nginx/conf.d/tlanyan.conf):
server {
listen 80;
listen [::]:80;
server_name www.tlanyan.me tlanyan.me; # 請換成自己的域名
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tlanyan.me tlanyan.me; # 請換成自己的域名
charset utf-8;
ssl_certificate /etc/nginx/conf.d/tlanyan.pem; # 請換成自己的證書和密鑰
ssl_certificate_key /etc/nginx/conf.d/tlanyan.key;
set $host_path "/var/www/tlanyan"; # 請改成自己的路徑
access_log /var/log/nginx/tlanyan.access.log main buffer=32k flush=30s;
error_log /var/log/nginx/tlanyan.error.log;
root $host_path;
# 緩存標記
set $skip_cache 0;
if ($query_string != "") {
set $skip_cache 1;
}
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# 登錄用戶或發(fā)表評論者
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location = / {
index index.php index.html;
try_files /index.php?$args /index.php?$args;
}
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/\.user\.ini {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_cache tlanyan;
fastcgi_cache_valid 200 301 302 30m;
fastcgi_cache_valid 404 10m;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache_lock on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar|jpeg)$ {
expires max;
access_log off;
try_files $uri =404;
}
}
上述配置對最新版的Nginx測試有效,詳細配置指令請參考Nginx官方文檔。
我們專注高端建站,小程序開發(fā)、軟件系統(tǒng)定制開發(fā)、BUG修復(fù)、物聯(lián)網(wǎng)開發(fā)、各類API接口對接開發(fā)等。十余年開發(fā)經(jīng)驗,每一個項目承諾做到滿意為止,多一次對比,一定讓您多一份收獲!