Nginx 内存配置文件

tag-icon tag-icon nginx php-fpm docker google-kubernetes-engine php7
Nginx 内存配置文件

我在 Docker 容器中使用 nginx 1.9.2(带有 pagespeed 和 geoIP),该容器在 Google 容器引擎上运行。它充当另一个运行 php-fpm(php7)的容器的代理。我还使用 fastcgi 代理。

我发现它非常慢,所以我开始查看不同的可用图表,然后在内存图中看到了这个:

在此处输入图片描述

有人见过这样的情况吗?这是一种常见的模式吗?实际上是否可以说 nginx 配置文件是“正常”还是不正常?如果你是我,你会怎么做 ^^?

以下是顶部:

Mem: 1352376K used, 392976K free, 0K shrd, 29581464K buff, 29581520K cached
CPU:   4% usr   1% sys   0% nic  94% idle   0% io   0% irq   0% sirq
Load average: 0.04 0.08 0.10 2/278 55
PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
7     1 www-data S     914m  54%   0% nginx: worker process
8     1 www-data S     297m  17%   0% nginx: cache manager process
1     0 root     S     288m  17%   0% nginx: master process /usr/sbin/nginx

容器中没有运行任何其他东西,只有 nginx。

我的 nginx 配置如下:

https://github.com/vincentserpoul/docker.io/blob/master/vincentserpoul/nginx/etc/nginx/nginx.conf

我的网站配置如下:

fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=xxxx:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

server {
    root /var/www/xxxx.xx;

    server_name   www.xxxx.xx;

    access_log /var/log/nginx/access.log main;
    error_log  /var/log/nginx/error.log;

    listen        443 ssl http2 deferred;

    # SSL
    ssl_certificate     /etc/nginx/ssl/xxxx.xx.bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/xxxx.xx.key;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/ssl/xxxx.xx.full_chain.pem;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    # Deny illegal Host headers
    if ($host !~* \.(xxxx.xx)$ ) {
        return 444;
    }

    include /etc/nginx/conf.d/pagespeed.safe.conf;
    pagespeed LoadFromFile "https://www.xxxx.xx" "/var/www/xxxx.xx/";

    location / {
        index index.html index.php; ## Allow a static html file to be shown first
        try_files $uri $uri/ $uri.php?$args;
    }

    # nocache by default
    set $bypass_cache 1;

    if ($request_uri = /)
    {
        set $bypass_cache 0;
    }


    # Don't cache POST requests
    if ($request_method != GET)
    {
        set $bypass_cache 1;
    }

    location ~ .php$ { ## Execute PHP scripts
        if (!-e $request_filename) { rewrite / /index.php last; }
        fastcgi_pass   phpfpm:9000;
        fastcgi_keep_conn on;
        proxy_intercept_errors on;
        fastcgi_intercept_errors on;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_read_timeout 120;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        include /etc/nginx/conf.d/fastcgi_params;

        fastcgi_cache   xxxx;
        fastcgi_cache_valid   200 302 5m;
        fastcgi_cache_valid   301      30d;
        fastcgi_cache_lock on;
        fastcgi_cache_revalidate on;
        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        fastcgi_cache_use_stale error timeout invalid_header http_500;
        fastcgi_cache_valid 5m;
        fastcgi_cache_bypass $bypass_cache;
        fastcgi_no_cache $bypass_cache;
        add_header X-Cache $upstream_cache_status;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    }

    ## static content is treated different
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|eot|woff2)$ {
        access_log        off;
        root /var/www/xxxx.xx;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
        add_header X-Cache $upstream_cache_status;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    }

    ## All other errors get the generic error page
    error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417
             500 501 502 503 504 505 /error_page.html;

    location  /error_page.html {
        internal;
    }

}

server {
    listen       80 default_server;
    return       301 https://xxxx/$request_uri;
}

server {
    listen       443 ssl;
    server_name  xxxx.xx;
    return       301 https://xxxx/$request_uri;
}

编辑-如何解决这个问题

我的自定义图像是根本原因。使用来自 dockerhub hub.docker.com/_/nginx 的“原始”nginx,一切就会正常。

答案1

为了提高评论中讨论内容的可见性,我正在发布一个答案。

这个问题已经通过使用官方 docker NGINX 构建来自 dockerhub。

根据 VincentSerpoul 的最新更新:

“我的自定义图像是根本原因。使用来自 dockerhub hub.docker.com/_/nginx 的“原始”nginx 即可正常工作。”

相关内容