1. Nginx forwarding:

location / {
    proxy_pass http://localhost:3000;
    # proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    #proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}
Copy the code

2. Page references/_next/...And output directory/.next/...Inconsistency problem, modify build output directory:

// next.config.js
module.export = {
    distDir: '_next'
}
Copy the code

3. Font file loadingnext-plugins:

npm install next-fonts

// next.config.js
const withFonts = require('next-fonts');
module.export = withFonts({
    ...
});
Copy the code

4, asynchronous loading js, global variables need to be judged, otherwise there will be a flash error message, such as Google Analytics:

<script async src="https://www.googletagmanager.com/gtag/js"></script>

if(typeof gtag ! = ="undefined"){
    gtag("event", name, {event_category: category});
}
Copy the code

5. The Linux Open Files 1024 limit causes too many Open Files errors

Modify/etc/security/limits. Conf

* soft nofile 1000000
* hard nofile 1000000

* soft nproc 1000000
* hard nproc 1000000
Copy the code

Log in again and run the ulimit -a command to check whether the command takes effect

6. Nginx load balancing

upstream yourname {
    least_conn;
    server 127.0.0.1:3006;
    server 127.0.0.1:3007;
    server 127.0.0.1:3008;
    # This connections parameter sets the maximum number of idle Keepalive connections to upstream servers to keep in the cache for each worker process. When this number is exceeded, the least recently used connection is closed.
    Note that this Keepalive directive does not limit the total number of upstream server connections that the nginx worker process can open. The Connections parameter should be set to a number small enough to allow the upstream server to process new incoming connections.
    keepalive 3;
    # nginx {EBUSY} # nginx {EBUSY} # nginx {EBUSY} # nginx {EBUSY
    keepalive_timeout 5; 
}

server {
    location / {
        proxy_pass http://yourname;
        add_header backend-addr $upstream_addr;  It is convenient to see which address the request is forwarded to
        add_header backend-status $upstream_status; }}Copy the code

7. Optimize Linux system configuration to improve concurrency

To modify /etc/sysctl.conf, run sysctl -p to take effect

# Avoid magnifying attacks
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable malicious ICMP error message protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# SYN Flood attack protection
net.ipv4.tcp_syncookies = 1

# retries
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1

Enable and record spoofing, source routing, and redirected packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1

# Process source-routed packets
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable reverse path filtering
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable redirection packetsnet.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0  net.ipv4.conf.default.secure_redirects = 0# Do not act as a router
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# open execshild
kernel.exec-shield = 1
kernel.randomize_va_space = 1

Set # IPv6
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1

# Add system file descriptor restrictions
fs.file-max = 1000000
fs.nr_open = 1000000

# Allow more PIDs (reduce rollover issues) may break some programs 32768
kernel.pid_max = 65536

Add system IP port limit
net.ipv4.ip_local_port_range = 3000 65535

Increase the TCP maximum buffer size
# Add Linux autotune TCP buffer limit
# Minimum, default, and maximum number of bytes available
The maximum value should not be less than 4MB, higher if you use a very high BDP path
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608

# Tcp window etc
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 1000000
net.ipv4.tcp_max_syn_backlog = 1000000
net.core.somaxconn = 1000000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 1000000
net.ipv4.tcp_max_orphans = 1000000

# enable reuse to reconnect TIME_WAIT sockets
net.ipv4.tcp_tw_reuse = 1

# Turn off timestamps or you'll get unintelligible network errors
net.ipv4.tcp_timestamps = 0

Net.ipv4. tcp_timestamps: enable TIME_WAIT socket fast recovery for TCP connections
net.ipv4.tcp_tw_recycle = 1

# Change the system default TIMEOUT
net.ipv4.tcp_fin_timeout = 10

# Reduce the detection time of TCP KeepAlive connections, so that the server can detect abnormal client connections more quickly. The default is 7200 s
net.ipv4.tcp_keepalive_time = 10
Copy the code

Nginx configuration

user  www www;
worker_processes auto;
error_log  /www/wwwlogs/nginx_error.log  crit;
pid        /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 1000000;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }

http
    {
        include       mime.types;
		#include luawaf.conf;

		include proxy.conf;

        default_type  application/octet-stream;

        server_names_hash_bucket_size 512;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 5;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
		fastcgi_intercept_errors on;

        gzip on;
        gzip_min_length 1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        limit_conn_zone $binary_remote_addr zone=perip:10m;
		limit_conn_zone $server_name zone=perserver:10m;

        server_tokens off;
        access_log off;

server
    {
        listen 888;
        server_name phpmyadmin;
        index index.html index.htm index.php;
        root  /www/server/phpmyadmin;

        #error_page 404 /404.html;
        include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)? $ { expires 12h; } location ~ /\. { deny all; } access_log /www/wwwlogs/access.log; } include /www/server/panel/vhost/nginx/*.conf; }Copy the code