Nginx Configuration Guide

introduction introduction nginx is a lightweight, high performance web server and reverse proxy server, characterized by low memory usage and strong concurrency nginx adopts an event driven + asynchronous non blocking i/o model compared with the traditional multi process/multi thread model, it can maintain low resource consumption and high response speed in high concurrency scenarios the architecture of nginx consists of a master process and multiple worker processes the master process is responsible for reading and evaluating the configuration and managing the worker processes; the worker processes handle the actual client requests nginx instructions for use nginx instructions for use server configuration file and path description server configuration file and path description 1 for the server configuration block files that need to be loaded for the nginx service, this block is used to define a virtual host (virtual host), which can distinguish different websites based on domain names, ip addresses, and ports an http block can contain multiple server blocks here is an example server { listen 17 1 1 2 188 ssl; ignore invalid headers off; \#access log /var/log/ngx access log; \#error log /var/log/ngx error log; access log off; resolver 8 8 8 8 valid=5 ipv6=off; ssl certificate /etc/sonic/nginx/cert/asterfusion crt; ssl certificate key /etc/sonic/nginx/cert/asterfusion key; location ^ / { \#proxy pass http //108 0 0 10 80; \#proxy set header host $host; \#proxy set header x real ip $remote addr; \#proxy set header x forwarded for $proxy add x forwarded for; \#proxy set header x forwarded proto $scheme; root /etc/sonic/nginx mmc; index 16k txt; try files $uri $uri/ =404; } } if ssl encrypted request access is used in similar files as above, the certificate file path needs to be specified simultaneously; otherwise, it does not need to be specified 2 for situations where there is a need to differentiate user access to different resources based on urls, we can use a configuration file similar to the following for loading server { listen 17 1 1 2 188 ssl; ignore invalid headers off; \#access log /var/log/ngx access log; \#error log /var/log/ngx error log error; resolver 8 8 8 8 valid=5 ipv6=off; ssl certificate /etc/sonic/nginx/cert/asterfusion crt; ssl certificate key /etc/sonic/nginx/cert/asterfusion key; location /static/ { alias /etc/sonic/nginx mmc/; index index html; } location ^ / { proxy pass http //108 0 0 10 80; proxy set header host $host; proxy set header x real ip $remote addr; proxy set header x forwarded for $proxy add x forwarded for; proxy set header x forwarded proto $scheme; } } in the server configuration file mentioned above, when the client specifies a url ending with the /static/ path, it accesses resources in the mmc partition; otherwise, all requests are proxied users can customize server files to load nginx services according to their needs note that nginx reload must be executed after every file update all nginx configuration files are stored under /etc/sonic/nginx/ if users require nginx configurations to persist after a device reload or reboot, they must execute the write command to save the configuration regarding the directory structure under /etc/sonic/nginx/ the conf folder stores the currently running nginx configurations the saved folder stores the nginx configurations that have been saved on the device (via the write command) the configed folder stores the configurations that are read whenever nginx reload is executed important users should note that if you intend to load configurations by directly modifying files in this path, you must modify the files under configed do not modify the files under conf; otherwise, the modifications will be overwritten and become invalid once nginx reload loads the configurations from the configed folder any nginx configurations that need to be retained must be saved by executing write on the device nginx accessing different partitions nginx accessing different partitions since the et2500 device operates on the emmc partition, users can access local resources by specifying files within /etc/sonic/nginx mmc if a user connects a removable usb drive or an nvme hard drive to the device, they must mount the partition on the device sudo mount make rshared /etc/sonic/nginx sda sudo mount /dev/sda1 /etc/sonic/nginx sda after mounting the partition, a device reload is required for the changes to take effect if the device is rebooted or undergoes a version upgrade, the mounted partition will become invalid you will need to remount it and perform the reload again (please note this refers to a device reload, not an nginx reload) modify queue cache size modify queue cache size for modifying the queue cache size related to nginx, you can modify the vcl conf file in the/etc/sonic/nginx/conf path vcl { heapsize 2g #the memory heap size allocated for vcl, 2gb (for storing data buffers, etc ) segment size 1073741824 #the size of each shared memory segment, 1gb (1073741824 bytes), used for vcl and vpp communication add segment size 268435456 #when it is necessary to dynamically add new shared memory segments, the size of each new segment is 256mb rx fifo size 16777216 #receive fifo buffer size, 16mb (for receiving data from vpp) tx fifo size 16777216 #send fifo buffer size, default 16mb (for sending data to vpp), adjustable size api socket name /var/run/vpp/api sock app scope local app scope global use mq eventfd event queue size 1000000 } after the file modification is completed, the device needs to perform a reload to take effect nginx configuration nginx configuration global nginx switch global nginx switch operation command description enter the system configuration view configure terminal global enable nginx nginx enable global disable nginx nginx stop configuring nginx/vpp core count configuring nginx/vpp core count operation command description enter the system configuration view configure terminal configuring nginx/vpp core count cpu core {nginx num string1 |vpp num string2 } the default number of cores for vpp is 6, and for nginx, it is 1 the et2500 device features a total of 8 cores by default, vpp utilizes the last 6 cores (core indices 2 7), while nginx uses the first core (core index 0) the recommended configuration is to set vpp num to 3 and nginx num to 3 note for the et2500 model, ensure that nginx num + vpp num ≤ 8 additionally, please be aware of the activation requirements changes to the nginx core count require an nginx reload to take effect, whereas changes to the vpp core count require you to execute write to save the configuration followed by a device reload reload nginx configuration nginx reload reload configuration this action is required whenever nginx configurations are modified this includes scenarios such as uploading new configuration files via update, adjusting global parameters, changing the core count, or deleting related configuration files essentially, you must execute nginx reload after any configuration change to apply the new settings nginx global parameter configuration nginx global parameter configuration operation command description enter the system configuration view configure terminal configure nginx to maintain timeout for tcp connections nginx keepalive timeout time after configuration, execute nginx reload to successfully load it configure the maximum number of connections that each nginx worker process can open simultaneously nginx worker connections num after configuration, execute nginx reload to successfully load it loading/deleting nginx configuration files loading/deleting nginx configuration files operation command description enter the system configuration view configure terminal nginx updates certificate file/server configuration file nginx update {cert|server} string after configuration, execute nginx reload to successfully load it display and maintenance display and maintenance operation command description enter the system view show nginx status view nginx enabled status and the number of cores used by nginx enter the system view show nginx config display the global parameter configuration results and configuration file loading status of nginx nginx configuration example nginx configuration example network requirements a certain company needs to provide nginx services for export, which facilitates users to access other partition resources or reverse proxy to backend servers through devices users can load and use nginx services through specified server configuration files according to their needs procedure \#enable nginx functionality sonic(config)# nginx start sonic(config)# cpu core vpp num 3 nginx num 3 sonic(config)# nginx keepalive timeout 80 sonic(config)# nginx worker connections 1500 sonic(config)# nginx update server /home/admin/nginx test1 conf sonic(config)# nginx reload \#three layer interface configuration, users can configure themselves according to the network to enable nginx services to be accessed by clients normally sonic(config)# interface ethernet 10 sonic(config if 10)#ip address 17 1 1 2/24 sonic(config)# interface ethernet 15 sonic(config if 15)#ip address 19 1 1 2/24