首页 > 系统相关 >Nginx——Nginx生产环境压测与性能优化实战

Nginx——Nginx生产环境压测与性能优化实战

时间:2023-04-04 19:39:16浏览次数:55  
标签:实战 http nginx 压测 Completed Nginx requests 80


摘要

nginx的主要作用有三个方面:1、作为 Web 服务器;2、负载均衡服务器;3、邮件代理服务器等三个方面。其特点是占有内存少,并发能力强,给使用者带来了很多的便利。nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,在BSD-like 协议下发行。但是在日常的工作中,很多同学接触不到nginx服务和设计,更加谈不上学习nginx在系统中的应用设计。在大公司中nginx服务基本有公司基础架构组的同学负责。小公司基本上对nginx的优化与性能提升不关心。本博文将详细的介绍真实企业中Nginx在生产环境压测与性能优化实战,给想要学习的同学提供一个参考。

一、生产环境机器配置

系统

内核

线程

内存

硬盘容量

Ubuntu 20.4

2个

4线程

16G

500G

二、Nginx的安装

2.1 Nginx的直接安装

ubuntun自动安装nginx

apt-get update

apt-get install nginx

2.2 Nginx的docker部署

docker pull nginx

docker images

建目录用于存放nginx配置文件、证书文件

mkdir /opt/docker/nginx/conf.d -p
touch /opt/docker/nginx/conf.d/nginx.conf
mkdir /opt/docker/nginx/cert -p
vim /opt/docker/nginx/conf.d/nginx.conf

1、不需要SSL的情况

server {
    listen 80;  # 监听80端口
    server_name example.com www.example.com;  # 自己的域名
    
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090;  # 需要代理的地址:端口
    }
}


2、需要SSL的情况

如果不需要访问http的时候强制重定向为https,可以用下面的配置
# 非强制重定向https
server {
    listen 80; #侦听80端口,如果强制所有的访问都必须是HTTPs的,这行需要注销掉
    listen 443 ssl; #侦听443端口,用于SSL
    server_name example.cn www.example.cn;  # 自己的域名
    # 注意文件位置,是从/etc/nginx/下开始算起的
    ssl_certificate 1_example_bundle.crt;
    ssl_certificate_key 2_example.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024m;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    # 这里写的是我的腾讯云内网地址,不知道为啥,不能用127.0.0.1...
        proxy_pass http://xxx.xx.xx.xx:8090;
    }
}

如果需要访问http的时候强制重定向为https,可以用下面的配置

# 强制重定向
server {
    listen 443 ssl;
    server_name example.com www.example.com;  # 自己的域名
    # 注意文件位置,是从/etc/nginx/下开始算起的
    ssl_certificate 1_www.example.com_bundle.crt;
    ssl_certificate_key 2_www.example.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024m;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # 这里写的是我的腾讯云内网地址,不知道为啥,不能用127.0.0.1...
        proxy_pass http://172.17.0.8:9090;
    }
}
server {
     listen 80; # 监听80端口
     server_name example.com www.example.com;  # 绑定证书的域名
     #把http的域名请求转成https
     return 301 https://$host$request_uri; 
}
docker run -itd --name nginx -p 80:80 -p 443:443 -v /opt/docker/nginx/conf.d/nginx.conf:/etc/nginx/conf.d/nginx.conf -v /opt/docker/nginx/cert:/etc/nginx -m 100m nginx

动后,输入docker ps 查看是否启动成功!docker logs nginx 查看日志。

三、Nginx压测工具的安装

3.1 webbench安装(Linux)

webbench官网:http://home.tiscali.cz/~cz210552/webbench.html

yum install -y gcc ctags

mkdir -m 644 -p /usr/local/man/man1

wget http://www.ha97.com/code/webbench-1.5.tar.gz

tar zxvf webbench-1.5.tar.gz

cd webbench-1.5

make

make install
webbench使用

-c client数量

-t time测试时间

webbench -c 300 -t 30 http://xxx.xxx.xxx.xxx/BBS/login.html(目标地址)

3.2  Apache bench安装

Centos:yum -y install httpd-tools

Ubuntu: sudo apt-get install apache2-utils
# 查询相关版本

ab -V

root@ubuntu:/home/xjl# ab -V
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/


# 对目标ip 进访问 c表示单次访问量 n表示总的访问量

ab -c 100 -n 1000  https://targetip/

四、Nginx未优化下的生产环境压测试验

 当单次访问超过100的时候压测的结果 

root@ubuntu:/home/xjl# ab -c 100 -n 10000 http://192.168.25.144:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.25.144 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:        nginx/1.14.0
Server Hostname:        192.168.25.144
Server Port:            80

Document Path:          /index.html
Document Length:        178 bytes

Concurrency Level:      100
Time taken for tests:   0.706 seconds
Complete requests:      10000
Failed requests:        0
Non-2xx responses:      10000
Total transferred:      3370000 bytes
HTML transferred:       1780000 bytes
Requests per second:    14154.44 [#/sec] (mean)
Time per request:       7.065 [ms] (mean)
Time per request:       0.071 [ms] (mean, across all concurrent requests)
Transfer rate:          4658.25 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    3   0.8      3       6
Processing:     1    4   0.9      4       8
Waiting:        0    3   1.0      3       7
Total:          1    7   0.7      7      10

Percentage of the requests served within a certain time (ms)
  50%      7
  66%      7
  75%      7
  80%      7
  90%      8
  95%      8
  98%      8
  99%      8
 100%     10 (longest request)

 当单次访问超过1000的时候压测的结果 

root@ubuntu:/home/xjl# ab -c 1000 -n 10000 http://192.168.25.144:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.25.144 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:
Server Hostname:        192.168.25.144
Server Port:            80

Document Path:          /index.html
Document Length:        0 bytes

Concurrency Level:      1000
Time taken for tests:   0.796 seconds
Complete requests:      10000
Failed requests:        10000
   (Connect: 0, Receive: 0, Length: 9936, Exceptions: 64)
Non-2xx responses:      9936
Total transferred:      3348432 bytes
HTML transferred:       1768608 bytes
Requests per second:    12563.18 [#/sec] (mean)
Time per request:       79.598 [ms] (mean)
Time per request:       0.080 [ms] (mean, across all concurrent requests)
Transfer rate:          4108.10 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       13   35   6.9     35      57
Processing:    10   41  10.8     41      78
Waiting:        0   29  10.9     26      65
Total:         40   76   7.0     77      92

Percentage of the requests served within a certain time (ms)
  50%     77
  66%     79
  75%     80
  80%     81
  90%     83
  95%     84
  98%     84
  99%     85
 100%     92 (longest request)

 当单次访问超过1024的时候压测的结果

root@ubuntu:/home/xjl# ab -c 2000 -n 10000 http://192.168.25.144:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.25.144 (be patient)
socket: Too many open files (24)

五、 Nginx优化下的生产环境压测试验

5.1 Nginx的服务出错

Nginx服务器访问量非常高,在Nginx的错误日志中不停的输出如下错误信息。

2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)
2020-07-23 02:53:49 [alert] 13576#0: accept() failed (24: Too many open files)

根据错误日志的输出信息,我们可以看出:是打开的文件句柄数太多了,导致Nginx报错了!既然我们能够从Nginx的错误日志中基本能够确定导致问题的原因,那这到底是不是Nginx本身的问题呢?答案为:是,也不全是!

原因很简单:Nginx无法打开那么多的文件句柄,一方面是因为我没有配置Nginx能够打开的最大文件数;另一方面是因为Ubuntu 20.4操作系统本身对打开的最大文件句柄数有限制,我同样没有配置操作系统的最大文件句柄数。所以说,不全是Nginx的锅!

我们可以在命令行输入如下命令来查看服务器默认配置的最大文件句柄数。

[root@binghe150 ~]# ulimit -n

1024

 此时,当Nginx的连接数超过1024时,Nginx的错误日志中就会输出如下错误信息:

[alert] 13576#0: accept() failed (24: Too many open files)

5.2 Nginx临时增大连接数

使用如下命令可以把打开文件句柄数设置的足够大。

ulimit -n 655350

同时修改nginx.conf , 添加如下配置项。

worker_rlimit_nofile 655350;

注意:上述配置需要与error_log同级别。这样就可以解决Nginx连接过多的问题,Nginx就可以支持高并发(这里需要配置Nginx)。另外, ulimit -n还会影响到MYSQL的并发连接数。把它提高,也可以提高MySQL的并发。注意:用 ulimit -n 655350 修改只对当前的shell有效,退出后失效。

5.3 Nginx 永久增大连接数

若要令修改ulimits的数值永久生效,则必须修改配置文件,可以给ulimit修改命令放入/etc/profile里面,这个方法实在是不方便。还有一个方法是修改/etc/security/limits.conf配置文件,如下所示。

vim /etc/security/limits.conf

在文件最后添加如下配置项。

* soft nofile 655360
* hard nofile 655360

保存并退出vim编辑器。其中:星号代表全局, soft为软件,hard为硬件,nofile为这里指可打开的文件句柄数。

最后,需要注意的是:要使 limits.conf 文件配置生效,必须要确保 pam_limits.so 文件被加入到启动文件中。查看 /etc/pam.d/login 文件中是否存在如下配置。不存在,则需要添加上述配置项。

session required /lib64/security/pam_limits.so

5.4 Nginx优化总结

1、开启Linux系统epoll支持:epoll支持,能够大大提高系统网络IO的并发数。

2、扩大Linux文件句柄数限制:Nginx代理过程,将服务器业务请求数据缓存到本地文件,再将文件数据转发给请求客户端。高并发的客户端请求,必然要求服务器文件句柄的并发打开限制。

5.5 Nginx优化下的生产环境压测试验结果

root@ubuntu:/etc/nginx# ab -c 2000 -n 10000 http://192.168.25.144:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.25.144 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:
Server Hostname:        192.168.25.144
Server Port:            80

Document Path:          /index.html
Document Length:        0 bytes

Concurrency Level:      2000
Time taken for tests:   0.783 seconds
Complete requests:      10000
Failed requests:        9952
   (Connect: 0, Receive: 0, Length: 7392, Exceptions: 2560)
Non-2xx responses:      7440
Total transferred:      2507280 bytes
HTML transferred:       1324320 bytes
Requests per second:    12766.24 [#/sec] (mean)
Time per request:       156.663 [ms] (mean)
Time per request:       0.078 [ms] (mean, across all concurrent requests)
Transfer rate:          3125.83 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0   66  14.9     67      95
Processing:    30   74  19.2     77     122
Waiting:        0   43  27.6     54     101
Total:         93  140  12.1    141     163

Percentage of the requests served within a certain time (ms)
  50%    141
  66%    147
  75%    149
  80%    150
  90%    153
  95%    156
  98%    161
  99%    162
 100%    163 (longest request)
root@ubuntu:/etc/nginx# ab -c 20000 -n 100000 http://192.168.25.144:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.25.144 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests


Server Software:
Server Hostname:        192.168.25.144
Server Port:            80

Document Path:          /index.html
Document Length:        0 bytes

Concurrency Level:      20000
Time taken for tests:   56.537 seconds
Complete requests:      100000
Failed requests:        99839
   (Connect: 0, Receive: 0, Length: 12499, Exceptions: 87340)
Non-2xx responses:      12499
Total transferred:      4212163 bytes
HTML transferred:       2224822 bytes
Requests per second:    1768.75 [#/sec] (mean)
Time per request:       11307.399 [ms] (mean)
Time per request:       0.565 [ms] (mean, across all concurrent requests)
Transfer rate:          72.76 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:      273 7456 3218.9   8366   11155
Processing:    99 2761 3066.8    694   11195
Waiting:        0  379 1603.1      0   10953
Total:       6381 10217 2645.7  10197   21013

Percentage of the requests served within a certain time (ms)
  50%  10197
  66%  11118
  75%  11231
  80%  11422
  90%  11455
  95%  16615
  98%  20414
  99%  20810
 100%  21013 (longest request)
root@ubuntu:/etc/nginx# ab -c 30000 -n 100000 http://192.168.25.144:80/index.html
ab: Invalid Concurrency [Range 0..20000]
Usage: ab [options] [http[s]://]hostname[:port]/path

参考博文

Nginx并发访问优化 - 腾讯云开发者社区-腾讯云

【Nginx】并发量太高,Nginx扛不住?这次我错怪Nginx了!! - 腾讯云开发者社区-腾讯云

webbench网站压力测试工具 | Mingor的在线笔记本s

标签:实战,http,nginx,压测,Completed,Nginx,requests,80
From: https://blog.51cto.com/u_13643065/6169262

相关文章

  • KubeSphere——KubeSphere集群构建实战
    摘要KubeSphere愿景是打造一个以Kubernetes为内核的云原生分布式操作系统,它的架构可以非常方便地使第三方应用与云原生生态组件进行即插即用(plug-and-play)的集成,支持云原生应用在多云与多集群的统一分发和运维管理。一、安装环境准备如需在Kubernetes上安装KubeSphere3.2.1,......
  • nginx 配置小程序校验文件
    1、参考nginx配置小程序校验文件location/riAwbtUM3G.txt{default_typetext/html;return200"43191f769a41f4035dbc1e6d9d0cfa32";}......
  • python——异步编程代码实战
    摘要主要介绍python中相关的异步编程的原理和是代码的实战协程实现协程(Coroutine),也可以被称为微线程,是一种用户态内的上下文切换技术。简而言之,其实就是通过一个线程实现代码块相互切换执行。协程不是计算机提供,程序员人为创造。协程的优点:在一个线程中如果遇到IO等待时间,线程不......
  • SpringCloud——SpringCloud Alibaba Sentinel原理与实战
    摘要在微服务架构中,我们将系统拆分成了很多服务单元,各单元的应用间通过服务注册与订阅的方式互相依赖。由于每个单元都在不同的进程中运行,依赖通过远程调用的方式执行,这样就有可能因为网络原因或是依赖服务自身问题出现调用故障或延迟而这些问题会直接导致调用方的对外服务也出现延......
  • SpringCloud——SpringCloud Sleuth原理与实战
    摘要SpringCloudEureka是SpringCloudNetflix微服务套件中的一部分,它基于NetflixEureka做了二次封装,主要负责完成微服务架构中的服务治理功能。SpringCloud通过为Eureka增加了SpringBoot风格的自动化配置,我们只需通过简单引入依赖和注解配置就能让SpringBoot构建的微服务......
  • Spring——spring MVC源码分析与实战
    摘要SpringWebMVC是基于ServletAPI构建的原始Web框架,基于servlet3.0的规范实现的web框架。springmvc主要实现请求的接受,请求解析,请求响应等步骤。本文将详细的介绍springMVC的源码和springMVC的启动流程与相关原理。一、传统springMVC执行流程用户发送请求至前端控制器Dispa......
  • Spring——spring事务原理与实战
    摘要Spring为事务管理提供了丰富的功能支持。Spring事务管理分为编程式和声明式两种。编程式事务指的是通过编码方式实现事务;声明式事务基于AOP,将具体的逻辑与事务处理解耦。生命式事务管理使业务代码逻辑不受污染,因此实际使用中声明式事务用的比较多。声明式事务有两种方式,一种......
  • Spring——Alibaba-pandora boot实战
    摘要阿里的PandoraBoot的核心是Pandora,因此在介绍PandoraBoot之前需要先介绍Pandora。在阿里集体内部,几乎所有的应用都用到了各式各样的中间件,比如HSF、TDDL、Diamond等等。本身中间件之间可能就有版本依赖的问题,比如你的应用HSF和Diamond分别依赖了同名jar包的不同版本,maven只会......
  • 3-nginx
    2、正向代理和反向代理的区别是什么?正向代理是一个位于客户端和原始服务器之间的服务器,为了从原始服务器取得内容,客户端向代理发送一个请求并指定原始服务器,然后代理向原始服务器转交请求并将获得的内容返回给客户端。代理服务器和客户端处于同一个局域网内。比如说fanqiang。我......
  • DataLeap 数据资产实战:如何实现存储优化?
    更多技术交流、求职机会,欢迎关注字节跳动数据平台微信公众号,回复【1】进入官方交流群背景DataLeap作为一站式数据中台套件,汇集了字节内部多年积累的数据集成、开发、运维、治理、资产、安全等全套数据中台建设的经验,助力企业客户提升数据研发治理效率、降低管理成本。Da......