一、性能调优概述
1. 为什么要进行性能调优
text
性能调优的目标:
├── 提高并发处理能力
├── 降低响应延迟
├── 减少资源消耗
├── 提升系统稳定性
└── 优化用户体验
性能指标:
├── QPS (每秒查询数)
├── TPS (每秒事务数)
├── 并发连接数
├── 响应时间
├── 错误率
└── 资源利用率2. 调优方法论
text
调优步骤:
1. 监控现状 → 收集性能数据
2. 分析瓶颈 → 定位问题点
3. 制定方案 → 选择优化策略
4. 实施优化 → 调整配置参数
5. 验证效果 → 对比性能数据
6. 持续优化 → 循环改进
调优原则:
├── 先架构后参数
├── 先硬件后软件
├── 先系统后应用
├── 先网络后服务
└── 单因素变更二、系统层面调优
1. 操作系统参数优化
bash
# /etc/sysctl.conf 内核参数优化
# 1. 网络参数优化
# 提高TCP连接队列大小
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
# 本地端口范围
net.ipv4.ip_local_port_range = 1024 65535
# TCP连接重用
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# TCP缓冲区优化
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# 启用SYN Cookie(防SYN Flood攻击)
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
# 连接跟踪优化
net.netfilter.nf_conntrack_max = 1048576
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
# 文件系统优化
fs.file-max = 6553500
fs.nr_open = 6553500
# 虚拟内存优化
vm.swappiness = 10
vm.dirty_ratio = 30
vm.dirty_background_ratio = 5
# 应用参数
sysctl -p2. 系统限制优化
bash
# /etc/security/limits.conf
# 修改系统资源限制
# 文件描述符限制
* soft nofile 655350
* hard nofile 655350
* soft nproc 655350
* hard nproc 655350
# Nginx用户单独设置
nginx soft nofile 655350
nginx hard nofile 655350
nginx soft nproc 655350
nginx hard nproc 655350
# /etc/systemd/system.conf
# 系统级限制
DefaultLimitNOFILE=655350
DefaultLimitNPROC=655350
# /etc/systemd/system/nginx.service.d/override.conf
# Nginx服务限制
[Service]
LimitNOFILE=655350
LimitNPROC=6553503. 磁盘I/O优化
bash
# 1. 选择合适的文件系统
# ext4 或 xfs(推荐)
# 2. 挂载参数优化
# /etc/fstab
/dev/sda1 /data ext4 defaults,noatime,nodiratime,barrier=0 0 0
/dev/sdb1 /var/log xfs defaults,noatime,nodiratime 0 0
# 3. 重新挂载
mount -o remount,noatime,nodiratime /data
# 4. 查看磁盘调度器
cat /sys/block/sda/queue/scheduler
# 5. 修改调度器(SSD推荐noop或none,机械硬盘推荐deadline)
echo 'deadline' > /sys/block/sda/queue/scheduler
# 6. 永久修改
# grubby --update-kernel=ALL --args="elevator=deadline"三、Nginx核心配置优化
1. 基础配置优化
nginx
# /etc/nginx/nginx.conf
# 1. 工作进程
# 设置为auto可自动检测CPU核心数
worker_processes auto;
worker_rlimit_nofile 655350;
# 2. CPU亲和性(手动分配)
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
# 3. 工作进程优先级
worker_priority -5;
# 4. 事件模块优化
events {
# 使用epoll事件模型(Linux高性能)
use epoll;
# 每个工作进程最大连接数
worker_connections 65535;
# 同时接收所有新连接
multi_accept on;
# 接收新连接后立即处理
accept_mutex off;
# 连接队列大小
accept_mutex_delay 100ms;
}
# 5. HTTP模块优化
http {
# 基础优化
sendfile on; # 启用零拷贝
tcp_nopush on; # 优化数据包发送
tcp_nodelay on; # 禁用Nagle算法
directio 4m; # 大文件直接I/O
aio on; # 启用异步I/O
# 连接超时
keepalive_timeout 65;
keepalive_requests 1000;
# 客户端超时
client_body_timeout 10s;
client_header_timeout 10s;
send_timeout 10s;
# 客户端缓冲区
client_body_buffer_size 128k;
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
client_max_body_size 20m;
# 输出缓冲区
output_buffers 32 32k;
postpone_output 1460;
# 文件缓存
open_file_cache max=10000 inactive=60s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}2. 缓冲区优化
nginx
http {
# 1. 代理缓冲区
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 8k;
proxy_busy_buffers_size 16k;
proxy_max_temp_file_size 0;
proxy_temp_file_write_size 16k;
# 2. FastCGI缓冲区
fastcgi_buffering on;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 8k;
fastcgi_busy_buffers_size 16k;
fastcgi_max_temp_file_size 0;
fastcgi_temp_file_write_size 16k;
# 3. 缓存配置
# 缓存路径和参数
proxy_cache_path /var/cache/nginx/proxy_cache
levels=1:2
keys_zone=my_cache:100m
max_size=10g
inactive=60m
use_temp_path=off
loader_threshold=300
loader_files=200
loader_sleep=50;
# 4. 共享内存
# 限制区域
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;
# 状态缓存
lua_shared_dict status 10m;
}3. 压缩优化
nginx
http {
# 1. Gzip压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6; # 压缩级别 1-9
gzip_min_length 1000; # 最小压缩大小
gzip_disable "msie6"; # 禁用IE6
gzip_http_version 1.1;
# 2. 压缩类型
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml
application/font-woff
application/font-woff2;
# 3. Brotli压缩(需要模块)
brotli on;
brotli_comp_level 6;
brotli_min_length 1000;
brotli_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
image/svg+xml;
# 4. 预压缩静态文件
gzip_static on;
}4. 日志优化
nginx
http {
# 1. 自定义日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json escape=json '{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"upstream_response_time":"$upstream_response_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
# 2. 缓冲区日志
access_log /var/log/nginx/access.log main buffer=32k flush=5s;
access_log /var/log/nginx/json_access.log json buffer=32k flush=5s;
# 3. 错误日志级别
error_log /var/log/nginx/error.log warn;
# 4. 条件日志(忽略健康检查请求)
map $request $loggable {
default 1;
~*/health 0;
~*/status 0;
}
access_log /var/log/nginx/access.log main if=$loggable;
# 5. 日志轮转
# 在logrotate配置中设置
}5. SSL/TLS优化
nginx
server {
listen 443 ssl http2;
server_name example.com;
# 1. SSL会话缓存
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 4h;
ssl_session_tickets on;
# 2. SSL缓冲区
ssl_buffer_size 4k;
# 3. 协议和加密套件
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
# 4. DH参数
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# 5. OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# 6. HTTP/2优化
http2_max_concurrent_streams 128;
http2_idle_timeout 300s;
http2_recv_timeout 30s;
}四、静态文件优化
1. 静态资源缓存
nginx
server {
listen 80;
server_name static.example.com;
# 1. 静态文件根目录
root /var/www/static;
# 2. 缓存头设置
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
add_header Cache-Control "public, immutable";
add_header Pragma "public";
access_log off;
log_not_found off;
# 开启sendfile
sendfile on;
sendfile_max_chunk 1m;
# 开启tcp_nopush
tcp_nopush on;
# 预压缩文件
gzip_static on;
}
# 3. 字体文件缓存
location ~* \.(woff|woff2|eot|ttf|svg)$ {
expires 365d;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin "*";
access_log off;
}
# 4. 媒体文件缓存
location ~* \.(mp4|mp3|webm|ogg)$ {
expires 30d;
add_header Cache-Control "public";
# 支持断点续传
add_header Accept-Ranges bytes;
# 限制下载速度
limit_rate 500k;
limit_rate_after 10m;
}
}2. 目录列表优化
nginx
server {
location /download/ {
alias /data/downloads/;
# 启用目录列表
autoindex on;
autoindex_exact_size off; # 显示友好大小
autoindex_localtime on; # 使用本地时间
# 限制访问
limit_rate 200k;
# 缓存目录列表
expires 1h;
}
}3. 图片实时处理
nginx
# 需要安装image_filter模块
server {
location ~ /images/(\d+)x(\d+)/(.+)\.(jpg|jpeg|png|gif)$ {
alias /var/www/images/$3.$4;
# 图片处理
image_filter resize $1 $2;
image_filter_buffer 10M;
image_filter_jpeg_quality 85;
image_filter_transparency on;
# 缓存处理后的图片
proxy_cache image_cache;
proxy_cache_key "$uri$is_args$args";
proxy_cache_valid 200 24h;
# 错误处理
image_filter_intercept_errors on;
error_page 415 = /empty;
}
location = /empty {
empty_gif;
}
}五、代理和负载均衡优化
1. 反向代理优化
nginx
http {
# 1. 上游服务器定义
upstream backend {
# 负载均衡算法
# least_conn; # 最少连接
# ip_hash; # IP哈希
# random; # 随机
# 默认轮询
server 192.168.1.10:8080 weight=3 max_fails=3 fail_timeout=30s;
server 192.168.1.11:8080 weight=2 max_fails=3 fail_timeout=30s;
server 192.168.1.12:8080 backup;
# 保持连接
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
}
server {
location / {
proxy_pass http://backend;
# 2. 代理优化参数
proxy_http_version 1.1;
proxy_set_header Connection "";
# 3. 缓冲优化
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 8k;
proxy_busy_buffers_size 16k;
# 4. 超时优化
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
# 5. 重试机制
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_next_upstream_tries 3;
proxy_next_upstream_timeout 10s;
# 6. 传递客户端信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 7. 缓存
proxy_cache my_cache;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating;
add_header X-Cache-Status $upstream_cache_status;
}
}
}2. FastCGI优化
nginx
http {
upstream php_backend {
server unix:/var/run/php-fpm/php-fpm.sock;
# server 127.0.0.1:9000;
}
server {
location ~ \.php$ {
# 1. FastCGI传递
fastcgi_pass php_backend;
fastcgi_index index.php;
# 2. 参数优化
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 3. 缓冲优化
fastcgi_buffering on;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 8k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
# 4. 超时优化
fastcgi_connect_timeout 60s;
fastcgi_send_timeout 60s;
fastcgi_read_timeout 60s;
# 5. 缓存
fastcgi_cache php_cache;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header;
# 6. 忽略客户端中断
fastcgi_ignore_client_abort off;
# 7. 请求体限制
fastcgi_max_temp_file_size 1g;
}
}
}3. 负载均衡算法选择
nginx
# 1. 轮询(默认)
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
# 2. 加权轮询
upstream backend {
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080 weight=2;
server 192.168.1.12:8080 weight=1;
}
# 3. 最少连接
upstream backend {
least_conn;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
# 4. IP哈希(会话保持)
upstream backend {
ip_hash;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080 down;
}
# 5. 一致性哈希(需要第三方模块)
upstream backend {
hash $request_uri consistent;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
# 6. 随机
upstream backend {
random;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}六、缓存优化
1. 代理缓存
nginx
http {
# 1. 缓存路径定义
proxy_cache_path /var/cache/nginx/proxy_cache
levels=1:2
keys_zone=static_cache:100m
max_size=10g
inactive=60m
use_temp_path=off;
proxy_cache_path /var/cache/nginx/api_cache
levels=1:2
keys_zone=api_cache:50m
max_size=5g
inactive=30m
use_temp_path=off;
server {
location / {
# 2. 启用缓存
proxy_cache static_cache;
# 3. 缓存键
proxy_cache_key "$scheme$request_method$host$request_uri";
# 4. 缓存有效期
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
# 5. 跳过缓存的条件
proxy_cache_bypass $http_pragma;
proxy_cache_bypass $http_authorization;
proxy_no_cache $http_pragma $http_authorization;
# 6. 缓存锁定(防止雪崩)
proxy_cache_lock on;
proxy_cache_lock_timeout 5s;
proxy_cache_lock_age 10s;
# 7. 使用过期缓存
proxy_cache_use_stale error timeout updating http_500 http_502 http_503;
# 8. 后台更新
proxy_cache_background_update on;
# 9. 添加缓存状态头
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backend;
}
# 10. API接口特殊缓存策略
location /api/ {
proxy_cache api_cache;
proxy_cache_valid 200 10m;
proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
proxy_cache_use_stale updating;
# 根据cookie跳过缓存
if ($http_cookie ~* "session") {
set $skip_cache 1;
}
proxy_no_cache $skip_cache;
proxy_cache_bypass $skip_cache;
proxy_pass http://api_backend;
}
}
}2. FastCGI缓存
nginx
http {
# 1. FastCGI缓存路径
fastcgi_cache_path /var/cache/nginx/fastcgi_cache
levels=1:2
keys_zone=php_cache:100m
max_size=5g
inactive=60m
use_temp_path=off;
server {
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
# 2. 启用FastCGI缓存
fastcgi_cache php_cache;
# 3. 缓存键
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# 4. 缓存有效期
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_valid any 1m;
# 5. 跳过缓存
fastcgi_cache_bypass $cookie_session;
fastcgi_no_cache $cookie_session;
# 6. 缓存锁定
fastcgi_cache_lock on;
fastcgi_cache_lock_timeout 5s;
# 7. 使用过期缓存
fastcgi_cache_use_stale error timeout updating;
# 8. 缓存状态头
add_header X-FastCGI-Cache $upstream_cache_status;
include fastcgi_params;
}
}
}3. 浏览器缓存
nginx
server {
# 1. 强缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
add_header Cache-Control "public, immutable";
add_header Pragma "public";
}
# 2. 协商缓存
location ~* \.(html|htm)$ {
expires 1h;
add_header Cache-Control "public, must-revalidate";
etag on;
if_modified_since exact;
}
# 3. 不缓存
location /admin/ {
expires -1;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
}
# 4. 版本化文件缓存
location ~* \.(css|js)\.[0-9]+\.(css|js)$ {
expires 365d;
add_header Cache-Control "public, immutable";
access_log off;
}
}七、连接和请求限制
1. 连接数限制
nginx
http {
# 1. 定义限制区域
limit_conn_zone $binary_remote_addr zone=conn_per_ip:10m;
limit_conn_zone $server_name zone=conn_per_server:10m;
server {
# 2. 限制每个IP的连接数
limit_conn conn_per_ip 10;
# 3. 限制每个虚拟主机的连接数
limit_conn conn_per_server 1000;
# 4. 限制并发连接数
location /download/ {
limit_conn conn_per_ip 2;
limit_rate 200k;
}
# 5. 设置返回状态码
limit_conn_status 503;
limit_conn_log_level warn;
}
}2. 请求速率限制
nginx
http {
# 1. 定义请求限制区域
limit_req_zone $binary_remote_addr zone=req_per_ip:10m rate=10r/s;
limit_req_zone $http_user_agent zone=req_per_agent:10m rate=5r/s;
server {
# 2. 应用请求限制
location / {
limit_req zone=req_per_ip burst=20 nodelay;
}
# 3. 不同URL不同限制
location /api/ {
limit_req zone=req_per_ip burst=5 nodelay;
limit_req_status 429;
}
location /login/ {
# 登录接口更严格限制
limit_req zone=req_per_ip burst=3 nodelay;
limit_req zone=req_per_agent burst=2 nodelay;
}
# 4. 动态限制
set $limit_rate 0;
if ($slow) {
set $limit_rate 50k;
}
limit_rate $limit_rate;
}
}3. 带宽限制
nginx
http {
# 1. 限制下载速度
server {
location /download/ {
# 每个连接限速200KB/s
limit_rate 200k;
# 超过1MB后开始限速
limit_rate_after 1m;
# 限制并发连接
limit_conn conn_per_ip 2;
}
# 2. 视频流限速
location /video/ {
limit_rate_after 10m;
limit_rate 500k;
# 支持断点续传
add_header Accept-Ranges bytes;
}
# 3. 基于变量限速
if ($http_user_agent ~* (mobile|iphone|android)) {
set $client_limit 100k;
} else {
set $client_limit 500k;
}
limit_rate $client_limit;
}
}八、监控和调优工具
1. Nginx状态监控
nginx
# 启用stub_status模块
server {
listen 127.0.0.1:8080;
server_name localhost;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
# 访问状态页
curl http://127.0.0.1:8080/nginx_status
# 输出示例:
# Active connections: 10
# server accepts handled requests
# 100 100 500
# Reading: 0 Writing: 2 Waiting: 8
# 指标说明:
# Active connections: 当前活跃连接数
# accepts: 总接受连接数
# handled: 总处理连接数
# requests: 总请求数
# Reading: 读取请求头的连接数
# Writing: 返回响应的连接数
# Waiting: 空闲keepalive连接数2. 性能监控脚本
bash
#!/bin/bash
# nginx_monitor.sh - Nginx性能监控脚本
NGINX_STATUS_URL="http://127.0.0.1:8080/nginx_status"
NGINX_LOG="/var/log/nginx/access.log"
NGINX_ERROR_LOG="/var/log/nginx/error.log"
INTERVAL=5
# 1. 监控连接数
monitor_connections() {
curl -s $NGINX_STATUS_URL | grep "Active" | awk '{print $3}'
}
# 2. 监控请求速率
monitor_request_rate() {
local lines=$(tail -100 $NGINX_LOG | wc -l)
echo $((lines / INTERVAL))
}
# 3. 监控响应时间
monitor_response_time() {
tail -100 $NGINX_LOG | awk '{print $NF}' | sed 's/ms//' | awk '{sum+=$1} END {print sum/NR}'
}
# 4. 监控错误率
monitor_error_rate() {
local total=$(tail -100 $NGINX_LOG | wc -l)
local errors=$(tail -100 $NGINX_LOG | grep -E '" (4[0-9]{2}|5[0-9]{2}) ' | wc -l)
if [ $total -gt 0 ]; then
echo "scale=2; $errors * 100 / $total" | bc
else
echo 0
fi
}
# 5. 实时监控
monitor_realtime() {
echo "时间,连接数,请求速率,QPS,响应时间(ms),错误率(%)"
while true; do
TIME=$(date +"%H:%M:%S")
CONN=$(monitor_connections)
REQ_RATE=$(monitor_request_rate)
RESP_TIME=$(monitor_response_time)
ERR_RATE=$(monitor_error_rate)
echo "$TIME,$CONN,$REQ_RATE,$RESP_TIME,$ERR_RATE"
sleep $INTERVAL
done
}
# 6. 生成HTML报告
generate_report() {
cat > /var/www/html/nginx_report.html << EOF
<html>
<head>
<title>Nginx性能报告</title>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
</head>
<body>
<h1>Nginx性能监控报告 - $(date)</h1>
<h2>当前状态</h2>
<ul>
<li>活跃连接数: $(monitor_connections)</li>
<li>QPS: $(monitor_request_rate)</li>
<li>平均响应时间: $(monitor_response_time)ms</li>
<li>错误率: $(monitor_error_rate)%</li>
</ul>
<h2>错误日志</h2>
<pre>$(tail -20 $NGINX_ERROR_LOG)</pre>
</body>
</html>
EOF
}
case $1 in
conn) monitor_connections ;;
rate) monitor_request_rate ;;
resp) monitor_response_time ;;
error) monitor_error_rate ;;
report) generate_report ;;
*) monitor_realtime ;;
esac3. 压力测试工具
bash
# 1. ab (Apache Bench)
# 安装
yum install httpd-tools
# 基本使用
ab -n 10000 -c 100 http://example.com/
# 带Keep-Alive
ab -k -n 10000 -c 100 http://example.com/
# POST请求
ab -n 1000 -c 50 -p post.txt -T application/json http://example.com/api
# 2. wrk
# 安装
git clone https://github.com/wg/wrk.git
cd wrk
make
cp wrk /usr/local/bin/
# 基本使用
wrk -t12 -c400 -d30s http://example.com/
# 带脚本
wrk -t4 -c100 -d30s -s script.lua http://example.com/
# 3. siege
# 安装
yum install siege
# 基本使用
siege -c 100 -t 60s http://example.com/
# 并发测试
siege -c 200 -r 10 -f urls.txt
# 4. 测试脚本示例
cat > benchmark.sh << 'EOF'
#!/bin/bash
URL="http://example.com"
CONCURRENCY="10 50 100 200"
DURATION=30
echo "并发测试报告"
echo "============="
for c in $CONCURRENCY; do
echo "并发数: $c"
wrk -t4 -c$c -d${DURATION}s $URL | grep "Requests/sec\|Latency"
echo "-------------------"
done
EOF4. 性能分析工具
bash
# 1. 使用ngxtop(实时分析)
pip install ngxtop
ngxtop -l /var/log/nginx/access.log
# 2. 使用goaccess(可视化分析)
goaccess /var/log/nginx/access.log -o report.html --log-format=COMBINED
# 3. 使用netdata(系统监控)
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
# 4. 使用prometheus + grafana
# prometheus-nginx-exporter
docker run -d -p 9113:9113 nginx/nginx-prometheus-exporter:latest -nginx.scrape-uri http://nginx/status
# 5. 自定义分析脚本
cat > analyze_log.sh << 'EOF'
#!/bin/bash
LOG_FILE="/var/log/nginx/access.log"
echo "请求最多的IP:"
awk '{print $1}' $LOG_FILE | sort | uniq -c | sort -nr | head -10
echo "请求最多的URL:"
awk '{print $7}' $LOG_FILE | sort | uniq -c | sort -nr | head -10
echo "响应状态码统计:"
awk '{print $9}' $LOG_FILE | sort | uniq -c | sort -nr
echo "平均响应时间:"
awk '{print $NF}' $LOG_FILE | sed 's/ms//' | awk '{sum+=$1} END {print sum/NR}'
echo "最慢的10个请求:"
awk '{print $NF,$0}' $LOG_FILE | sort -nr | head -10
EOF九、调优检查清单
1. 系统层面
-
内核参数优化(网络、文件系统)
-
系统限制调整(文件描述符、进程数)
-
磁盘I/O调度器优化
-
网络参数优化
-
CPU频率和节能模式
2. Nginx基础配置
-
worker_processes = CPU核心数
-
worker_connections 适当调整
-
使用epoll事件模型
-
开启sendfile和tcp_nopush
-
调整keepalive_timeout
3. 缓冲区优化
-
client_body_buffer_size
-
client_header_buffer_size
-
proxy_buffer_size
-
fastcgi_buffer_size
-
output_buffers
4. 缓存优化
-
静态文件缓存
-
代理缓存
-
FastCGI缓存
-
浏览器缓存
-
缓存锁定和过期策略
5. 压缩优化
-
启用gzip压缩
-
选择合适压缩级别
-
配置压缩类型
-
启用gzip_static
6. SSL/TLS优化
-
启用SSL会话缓存
-
配置会话超时
-
启用OCSP Stapling
-
优化加密套件
-
启用HTTP/2
7. 监控和日志
-
启用状态监控
-
配置日志格式
-
日志缓冲和轮转
-
错误日志级别
-
性能指标收集
8. 安全限制
-
连接数限制
-
请求速率限制
-
带宽限制
-
DDoS防护
-
慢速攻击防护
十、调优示例:综合配置
nginx
# /etc/nginx/nginx.conf - 性能优化完整配置
user nginx;
worker_processes auto;
worker_rlimit_nofile 655350;
worker_priority -5;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
accept_mutex_delay 100ms;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 基础优化
sendfile on;
sendfile_max_chunk 1m;
tcp_nopush on;
tcp_nodelay on;
directio 4m;
aio on;
# 连接超时
keepalive_timeout 65;
keepalive_requests 1000;
client_body_timeout 10s;
client_header_timeout 10s;
send_timeout 10s;
# 客户端缓冲区
client_body_buffer_size 128k;
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
client_max_body_size 20m;
# 输出缓冲区
output_buffers 32 32k;
postpone_output 1460;
# 文件缓存
open_file_cache max=10000 inactive=60s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
# 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss image/svg+xml;
gzip_static on;
# 代理设置
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
proxy_buffer_size 4k;
proxy_buffers 8 8k;
proxy_busy_buffers_size 16k;
proxy_max_temp_file_size 0;
# 缓存设置
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2 keys_zone=proxy_cache:100m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=fastcgi_cache:50m max_size=5g inactive=60m use_temp_path=off;
# 限制设置
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
log_format json escape=json '{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for"'
'}';
access_log /var/log/nginx/access.log main buffer=32k flush=5s;
access_log /var/log/nginx/json_access.log json buffer=32k flush=5s;
include /etc/nginx/conf.d/*.conf;
}