通信机制的选择

nginx和php-fpm 是使用 tcp socket 还是 unix socket ？

合理的配置nginx处理请求数

#cat /proc/cpuinfo | grep processor #查看服务器cpu的处理器数量
# vi /etc/nginx/nginx.conf
worker_processes 16;  #修改为处理器数量
events { 
  worker_connections 4096; # 单个woker进程最大连接并发数 
  multi_accept on;  #linux2.6+默认epoll，如果使用了更优秀的kqueue模型，则使用默认off。
}

配置nginx+php-fpm负载均衡

单机能力有限，比如要支持1000台并发，生成两个sock文件，让每个php-fpm处理500台。

# nginx.conf
upstream backend { 
  server unix:/dev/shm/php-fpm.sock1 weight=100 max_fails=5 fail_timeout=5; 
  server unix:/dev/shm/php-fpm.sock2 weight=100 max_fails=5 fail_timeout=5; 
}


# php-fpm.conf(同理，php7在的配置文件末行引入了pool.d的所有配置)
# www1.conf
listen = /dev/shm/php-fpm.sock1;
listen.backlog = -1  
listen.allowed_clients = 127.0.0.1

pm.max_children = 500
pm.max_requests = 5000

rlimit_files = 50000
request_slowlog_timeout = 20s
slowlog = /var/log/php-slow.log

# cp www1.conf www.conf2
listen = /dev/shm/php-fpm.sock2;

禁止访问日志文件

高流量站点涉及大量I/O，必须在线程间同步。

# nginx.conf
access_log off; 
log_not_found off; 
error_log /var/log/nginx-error.log warn;

如果不能关闭日志访问，至少设置缓冲

access_log /var/log/nginx/access.log main buffer=16k;

启用GZip

# nginx.conf
gzip on; 
gzip_disable "msie6"; 
gzip_vary on; 
gzip_proxied any; 
gzip_comp_level 6; 
gzip_min_length 1100; 
gzip_buffers 16 8k; 
gzip_http_version 1.1; 
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

缓存经常访问的文件

# nginx.conf
open_file_cache max=2000 inactive=20s; 
open_file_cache_valid 60s; 
open_file_cache_min_uses 5; 
open_file_cache_errors off;

调整客户端超时

# nginx.conf
client_max_body_size 50M; 
client_body_buffer_size 1m; 
client_body_timeout 15; 
client_header_timeout 15; 
keepalive_timeout 2 2; 
send_timeout 15; 
sendfile on; 
tcp_nopush on; 
tcp_nodelay on;

调整输出缓冲区

# nginx.conf
fastcgi_buffers 256 16k; 
fastcgi_buffer_size 128k; 
fastcgi_connect_timeout 3s; 
fastcgi_send_timeout 120s; 
fastcgi_read_timeout 120s; 
fastcgi_busy_buffers_size 256k; 
fastcgi_temp_file_write_size 256k; 
reset_timedout_connection on; 
server_names_hash_bucket_size 100;

调整/etc/sysctl.conf

# Recycle Zombie connections 
net.inet.tcp.fast_finwait2_recycle=1 
net.inet.tcp.maxtcptw=200000 

# Increase number of files 
kern.maxfiles=65535 
kern.maxfilesperproc=16384 

# Increase page share factor per process 
vm.pmap.pv_entry_max=54272521 
vm.pmap.shpgperproc=20000 

# Increase number of connections 
vfs.vmiodirenable=1 
kern.ipc.somaxconn=3240000 
net.inet.tcp.rfc1323=1 
net.inet.tcp.delayed_ack=0 
net.inet.tcp.restrict_rst=1 
kern.ipc.maxsockbuf=2097152 
kern.ipc.shmmax=268435456 

# Host cache 
net.inet.tcp.hostcache.hashsize=4096 
net.inet.tcp.hostcache.cachelimit=131072 
net.inet.tcp.hostcache.bucketlimit=120 

# Increase number of ports 
net.inet.ip.portrange.first=2000 
net.inet.ip.portrange.last=100000 
net.inet.ip.portrange.hifirst=2000 
net.inet.ip.portrange.hilast=100000 
kern.ipc.semvmx=131068 

# Disable Ping-flood attacks 
net.inet.tcp.msl=2000 
net.inet.icmp.bmcastecho=1 
net.inet.icmp.icmplim=1 
net.inet.tcp.blackhole=2 
net.inet.udp.blackhole=1

Nginx状态监控

Nginx中的stub_status模块主要用于查看Nginx的一些状态信息，默认不会编译进Nginx，重新编译安装nginx stub_status模块，

持续监视打开的连接数，可用内存和等待线程数。 设置警报以在阈值超过时通知您。您可以自己构建这些警报，或使用像ServerDensity。 请务必安装NGINX stub_status模块 你需要重新编译NGINX -

./configure \
--prefix=/usr/local/nginx \
--with-http_stub_status_module \

make && make install

安装完毕后在server块中加入location

server{  
         location /nginx-status {  
             stub_status on; 
        }  
} 

重启nginx后访问www.x.com/nginx-status即可看到返回的信息

active connections – 活跃的连接数量
server accepts handled requests — 总共处理了11989个连接 , 成功创建11989次握手, 总共处理了11991个请求
reading — 读取客户端的连接数.
writing — 响应数据到客户端的数量
waiting — 开启 keep-alive 的情况下,这个值等于 active – (reading+writing), 意思就是 Nginx 已经处理完正在等候下一次请求指令的驻留连接.

参考
Nginx基本配置整理
Nginx Core functionality
Optimizing NGINX and PHP-fpm for high traffic sites
启用nginx status状态详解