月下博客

使用Nginx缓存加速WordPress站点

博客开通以来,主要记录学习和使用过程中遇到的问题及解决方案。文章风格偏向自娱自乐,因此访问量较少,一台1核1G的vps足以支撑网站的正常运行。

本人是Google的重度使用者,如果设备无法连上Google,情况之糟糕无异于断网。因为这个原因,本人对各种科学上网技术均稍有涉猎和研究。为了方便自用以及帮助有同样需求的网友,本站提供 Shadowsocks/SS客户端ShadowsocksR/SSR客户端V2Ray客户端 的本地托管下载。

这三个页面应该对有上外网需求的网友很有帮助,也给本站带来了很大的流量。本站用的WordPress程序,尝试过安装各种缓存插件(super cache, w3 total cache等)加速运行,但是低配的vps依然难以支持这么大的访问量。通过日志可以看到随着访问量的增加,php-fpm进程增多,Mysql的连接和线程增多,接着出现OOM,然后系统kill掉占用内存最大的Mysql进程,于是网站进入503宕机模式。

买更好的vps能解决访问量大的问题,但是要花更多的钱。做为一个技术宅,首先想到的当然是如何榨干现有机器来支撑大流量。做过的尝试包括切换到比WordPress性能更好的Ghost,参考:尝试Ghost 。但是相对于WordPress,Ghost的生态远没有那么成熟,最终放弃了。

左思右想下,终极解决办法是用Nginx缓存,最初的文章可参考:Nginx配置fastcgi cache。fastcgi_cache的好处是大部分用户的请求不用后端php-fpm打交道,直接发送缓存的静态页面,速度上甩各种WordPress插件好几条街!相比之下wordpress的各种插件还要执行php,也避免不了访问数据库,弱爆了!

自从使用了nginx缓存,网站平稳运行,再也没有出现过宕机的现象。同时vps的cpu和内存占用率直线下降,再也无需担心vps的配置问题,感觉再来10倍流量博客也撑得住!

因为nginx稳如狗的体验,所以现在对于博客类读多写少的产品都是强推nginx缓存(fastcgi缓存或者proxy缓存)。鉴于可能帮到一些网友,现贴出 /etc/nginx/nginx.conf  配置文件供网友参考(包含ssl设置和gzip部分):

# 文件: /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$request_time"';

    access_log  /var/log/nginx/access.log  main buffer=32k flush=30s;

    server_tokens       off;
    client_max_body_size 100m;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # ssl配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    add_header Strict-Transport-Security "max-age=63072000; preload";
    #add_header X-Frame-Options DENY;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    # 请按照自己的需求更改
    fastcgi_cache_path /var/cache/nginx/tlanyan levels=1:2 keys_zone=tlanyan:10m inactive=30m use_temp_path=off; 
    fastcgi_cache_key $request_method$scheme$host$request_uri;
    # note: can also use HTTP headers to form the cache key, e.g.
    #fastcgi_cache_key $scheme$request_method$host$request_uri$http_x_custom_header;
    #fastcgi_cache_lock on;
    fastcgi_cache_use_stale error timeout invalid_header updating http_500;
    fastcgi_cache_valid 200 301 302 10h;
    fastcgi_cache_valid 404 10m;
    fastcgi_ignore_headers Expires Set-Cookie Vary;

    # gzip 配置
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_comp_level 7;
    gzip_types
        text/css
        text/plain
        text/javascript
        application/javascript
        application/json
        application/x-javascript
        application/xml
        application/xml+rss
        application/xhtml+xml
        application/x-font-ttf
        application/x-font-opentype
        application/vnd.ms-fontobject
        image/svg+xml
        image/x-icon
        application/rss+xml
        application/atom_xml
        image/jpeg
        image/gif
        image/png
        image/icon
        image/bmp
        image/jpg;
    gzip_vary on;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

以及用于WordPress站点的网站配置文件(/etc/nginx/conf.d/tlanyan.conf):

server {
    listen 80;
    listen [::]:80;
    server_name www.tlanyan.me tlanyan.me; # 请换成自己的域名
    rewrite ^(.*) https://$server_name$1 permanent;
}

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name www.tlanyan.me tlanyan.me; # 请换成自己的域名
    charset utf-8;
    ssl_certificate /etc/nginx/conf.d/tlanyan.pem;  # 请换成自己的证书和密钥
    ssl_certificate_key /etc/nginx/conf.d/tlanyan.key;

    set $host_path "/var/www/tlanyan";  # 请改成自己的路径
    access_log  /var/log/nginx/tlanyan.access.log  main buffer=32k flush=30s;
    error_log /var/log/nginx/tlanyan.error.log;

    root   $host_path;

    # 缓存标记
    set $skip_cache 0;
    if ($query_string != "") {
        set $skip_cache 1;
    }
    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
        set $skip_cache 1;
    }
    # 登录用户或发表评论者
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $skip_cache 1;
    }

    location = / {
        index  index.php index.html;
        try_files /index.php?$args /index.php?$args;
    }

    location / {
        index  index.php index.html;
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ ^//.user/.ini {
            deny all;
    }

    location ~ /.php$ {
        try_files $uri =404;
        fastcgi_index index.php;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_cache tlanyan;
        fastcgi_cache_valid 200 301 302 30m;
        fastcgi_cache_valid 404 10m;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache_lock on;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    }
    location ~ /.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar|jpeg)$ {
        expires max;
        access_log off;
        try_files $uri =404;
    }
}

上述配置对最新版的Nginx测试有效,详细配置指令请参考Nginx官方文档。