BobMaster's Blog

生活的点滴-是热爱呀

网站优化之开启brotli和配置redis持久化缓存

今天看到一篇介绍匿名pear to pear文件分享程序的文章,于是我打开程序的官网
找到安装教程,发现里面有个brotli的一键安装脚本,脚本适用于ubuntu18.04

然后我去到ngx_brotli的项目地址,发现是谷歌出品,看了看介绍,好像还不错。再看看我博客用的nginx,发现版本太老,然后打算重新编译新版本,没想到遇到了坑-导致博客挂了一个钟头,下面记录这样一个过程和解决的思路

编译安装nginx最新版compile latest nginx

新建一个用户bobmaster跟root区分开

adduser bobmaster --gecos "bobmaster"
# 给予root权限
usermod -aG sudo bobmaster

切换到新用户, 更新系统软件并安装必要程序

su - bobmaster
sudo apt update && sudo apt upgrade -y
sudo apt install -y software-properties-common vim

接下来安装编译需要的工具

sudo apt install -y build-essential git 

下载nginx源码以及必要的依赖源码, 同时解压,最后删除所有压缩包

wget https://nginx.org/download/nginx-1.19.0.tar.gz && tar zxvf nginx-1.19.0.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-8.44.tar.gz
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar zxvf zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz && tar zxvf openssl-1.1.1g.tar.gz 
# 删除压缩包
rm -r *.tar.gz

安装nginx额外的依赖

sudo apt install -y perl libperl-dev libgd3 libgd-dev libgeoip1 libgeoip-dev geoip-bin libxml2 libxml2-dev libxslt1.1 libxslt1-dev

下载ngx_brotli 源码,同时合并子模块

git clone https://github.com/google/ngx_brotli
cd ngx_brotli && git submodule update --init

进入nginx-1.19.0源码文件夹

cd ~/nginx-1.19.0

配置编译安装nginx
PS: perl路径请自行ls /usr/share/perl 查看

./configure --prefix=/etc/nginx \
            --sbin-path=/usr/sbin/nginx \
            --modules-path=/usr/lib/nginx/modules \
            --conf-path=/etc/nginx/nginx.conf \
            --error-log-path=/var/log/nginx/error.log \
            --pid-path=/var/run/nginx.pid \
            --lock-path=/var/run/nginx.lock \
            --user=nginx \
            --group=nginx \
            --build=Debian \
            --builddir=nginx-1.19.0 \
            --with-select_module \
            --with-poll_module \
            --with-threads \
            --with-file-aio \
            --with-http_ssl_module \
            --with-http_v2_module \
            --with-http_realip_module \
            --with-http_addition_module \
            --with-http_xslt_module=dynamic \
            --with-http_image_filter_module=dynamic \
            --with-http_geoip_module=dynamic \
            --with-http_sub_module \
            --with-http_dav_module \
            --with-http_flv_module \
            --with-http_mp4_module \
            --with-http_gunzip_module \
            --with-http_gzip_static_module \
            --with-http_auth_request_module \
            --with-http_random_index_module \
            --with-http_secure_link_module \
            --with-http_degradation_module \
            --with-http_slice_module \
            --with-http_stub_status_module \
            --with-http_perl_module=dynamic \
            --with-perl_modules_path=/usr/share/perl/5.28.1 \
            --with-perl=/usr/bin/perl \
            --http-log-path=/var/log/nginx/access.log \
            --http-client-body-temp-path=/var/cache/nginx/client_temp \
            --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
            --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
            --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
            --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
            --with-mail=dynamic \
            --with-mail_ssl_module \
            --with-stream=dynamic \
            --with-stream_ssl_module \
            --with-stream_realip_module \
            --with-stream_geoip_module=dynamic \
            --with-stream_ssl_preread_module \
            --with-compat \
            --with-pcre=../pcre-8.44 \
            --with-pcre-jit \
            --with-zlib=../zlib-1.2.11 \
            --with-openssl=../openssl-1.1.1g \
            --with-openssl-opt=no-nextprotoneg \
            --with-debug \
            --with-compat \
            --add-dynamic-module=../ngx_brotli
make
sudo make install

安装好后,可以查看下版本

sudo nginx -V

#nginx version: nginx/1.19.0 (Debian)
#built by gcc 8.3.0 (Debian 8.3.0-6) 
#built with OpenSSL 1.1.1g  21 Apr 2020
#TLS SNI support enabled
#configure arguments: --prefix=....................

然后创建nginx modules的软链接-通常这样做

sudo ln -s /usr/lib/nginx/modules /etc/nginx/modules

给nginx分配用户和用户组

sudo adduser --system --home /nonexistent --shell /bin/false --no-create-home --disabled-login --disabled-password --gecos "nginx user" --group nginx
 然后检测是否被成功创建
 sudo tail -n 1 /etc/passwd /etc/group /etc/shadow
 显示了nginx就成功了

接着创建nginx缓存目录以及配置权限

sudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_temp
 sudo chmod 700 /var/cache/nginx/*
 sudo chown nginx:root /var/cache/nginx/*
 检查下nginx是否配置正常
 sudo nginx -t

如果没有任何问题,就可以将nginx交由systemd来管理

sudo vim /etc/systemd/system/nginx.service
# 并填入以下配置文件
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPost=/bin/sleep 0.1
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

然后让nginx开机自启,并运行nginx

sudo systemctl enable nginx.service
sudo systemctl start nginx.service
# 再检查下运行状态
sudo systemctl status nginx

nginx的源码中,有专门的vim代码高亮配置文件和man配置文件

# 对于非root用户
mkdir ~/.vim/
cp -r ~/nginx-1.19.0/contrib/vim/* ~/.vim/
# 对于root用户
sudo mkdir /root/.vim/
sudo cp -r ~/nginx-1.19.0/contrib/vim/* /root/.vim/
sudo cp ~/nginx-1.19.0/man/nginx.8 /usr/share/man/man8
sudo gzip /usr/share/man/man8/nginx.8
# 检查下man nginx是否正常工作
man nginx

接下来创建nginx的常用文件夹

sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled}

更改日志目录权限

sudo chmod 640 /var/log/nginx/*
sudo chown nginx:adm /var/log/nginx/access.log /var/log/nginx/error.log

然后将nginx的日志用logrotate管理

sudo vim /etc/logrotate.d/nginx
# 添加如下内容
/var/log/nginx/*.log {
    daily
    missingok
    rotate 52
    compress
    delaycompress
    notifempty
    create 640 nginx adm
    sharedscripts
    postrotate
            if [ -f /var/run/nginx.pid ]; then
                    kill -USR1 `cat /var/run/nginx.pid`
            fi
    endscript
}

最后把残留不需要的文件都删除吧!

cd ~
rm -rf nginx-1.19.0/ pcre-8.44/ zlib-1.2.11/ openssl-1.1.1g/

优化optimize

编译讲完了下面步入正题,优化的过程以及遇到的一些坑

优化我采取了以下步骤:
1. 开启brotli
2. redis-server
3. 大部分程序都使用最新版本(数据库、php等)

1. 配置nginx

首先修改下/etc/nginx/nginx.conf

因为ngx-brotli我们采取的是动态加载而不是静态编译, 所以需要在配置文件中添加上述模块

# 加在开头等地方
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

接下来只需要在网站的配置文件中加入brotli的语法即可,详见项目地址,比如

brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype  font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

还有将sites-enabled,conf.d加入nginx.conf的http{}区块

include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/conf.d/*.conf;

2. 配置redis-server

首先安装redis-server

sudo apt install redis-server

然后配置php-fpm,这里我安装的是php7.4-fpm,具体安装的方式请参考How To Install PHP 7.4 on Debian 10 / Debian 9
wordpress-php插件可以看考
https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions

这里假设你已经安装好php{version}-fpm了,我们要修改php.ini, 一般在 /etc/php/7.<your version>/fpm/目录下

编辑并更改或添加以下两个地方

# 找到[Session]部分,修改如下两处地方
session.save_handler = redis
session.save_path = "tcp://127.0.0.1:6379"

之后重启php7.4-fpm

sudo systemctl restart php7.4-fpm

之后wordpress安装个Redis Object Cache插件即可

解决“坑”

php权限问题

具体表现为打开博主主页,502Bad Gateway,就是无法加载。通过检查/var/log/nginx/blog.hibobmaster.com.error.log日志发现报
connect() to unix:/run/php/php7.4-fpm.sock failed (13: Permission denied) while connecting to upstream

找到了问题–什么没有权限?通过查阅资料可知是/etc/php/7.4/fpm/pool.d/www.conf的权限配置出了些问题

于是编辑上述文件

sudo vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改listen.owner和listen.group
# 将www-data修改为nginx即可
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

保存然后重启php7.4-fpm就解决了这个权限问题

fastcgi内容缺失

解决了php的问题后,打开网站,什么都没有加载,于是按照常理检查error_log,什么都没有,不对啊为啥加载不出界面,谷歌一下– “nginx wordpress blank page”,通过查询得知:

Nginx source does not defineSCRIPT_FILENAME in the fastcgi_params

NARGA Editorial

根据说明,编辑nginx目录下的fastcgi_params,加入如下内容然后重载配置就好了!

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

reffer:

1.How to Compile Nginx From Source on Debian 10
2.How to Fix and Avoid WordPress Blank Page on NGINX


评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注


©BobMaster 2018~2024