markdown 使用NGINX的Ghost CMS实现最佳性能

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 使用NGINX的Ghost CMS实现最佳性能相关的知识,希望对你有一定的参考价值。

Full blog post can be found here: http://pnommensen.com/2014/09/07/high-performance-ghost-configuration-with-nginx/

Ghost is an open source platform for blogging founded by John O'Nolan and Hannah Wolfe. It's a node.js application and therefore works great in conjunction with nginx. This guide will will help you create a high performance nginx virtual host configuration for Ghost. 

<blockquote class="twitter-tweet" lang="en"><p>&quot;Don&#39;t use <a href="https://twitter.com/hashtag/nodejs?src=hash">#nodejs</a> for static content&quot; - <a href="https://twitter.com/trevnorris">@trevnorris</a>. If <a href="https://twitter.com/hashtag/nginx?src=hash">#nginx</a> isn&#39;t sitting in front of your node server, you&#39;re probably doing it wrong.</p>&mdash; Bryan Hughes (@nebrius) <a href="https://twitter.com/nebrius/statuses/505543249969176576">August 30, 2014</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>

The node.js application runs on a port on your server. We can configure nginx to proxy to this port and also cache so that we don't need to rely on express, the default node web application framework. 

To start we need to tell nginx what port Ghost is running on. Define an upstream in your domains virtual host configuration file. 

    upstream ghost_upstream {
        server 127.0.0.1:2368;
        keepalive 64;
    }

This tells nginx that Ghost is running on `127.0.0.1:2358` and sets the connection to last 64 secconds to avoid having to reconnect for every request. 

### Proxy Cache

We want to cache responses from Ghost so we can avoid having to proxy to the application for every request. The first step to do this is set a `proxy_cache_path`. In your configuration define the cache. The configuration below creates a zone that is 75 megabytes, and removes files after 24 hours if they haven't been requested. 


    proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;

### Server Block
Now we can start the configuration for the domain that will be serving your Ghost blog. Note, if your using SSL/TLS for your blog you will want to use the configuration towards the end of this guide.

####1) Location block for blog page requests:

This configuration will cache valid 200 responses for 30 minutes and 404 responses for 1 minute from the previously defined upstream into the `STATIC` proxy_cache. We also want to ignore and or hide several headers that Ghost creates since we will be using our own. In addition to the nginx cache we will also be caching the pages in the browser for 10 minutes, `expires 10m;`.   

    location / {
            proxy_cache STATIC;
            proxy_cache_valid 200 30m;
            proxy_cache_valid 404 1m;
            proxy_pass http://ghost_upstream;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
            proxy_ignore_headers Set-Cookie;
            proxy_hide_header Set-Cookie;
            proxy_hide_header X-powered-by;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            expires 10m;
        }

It's also helpful to add a header to your page requests that tells if the request hit the nginx cache. This can be done easily with `add_header X-Cache $upstream_cache_status;`. 

####2) Location block(s) for static file requests like css, js and images:

We are going to tell nginx where to find static files like css, js and images since the node.js powered Ghost application is on the same server as nginx. To do thise we need four location blocks that point to the location of `images` folder, `assets` folder, `public` folder, and `scripts` folder. We will cache these static fiiles with `expires max;` so they remain cached forever in the users browser. This is safe to do since ghost appends a version query string that updates when node.js is reloaded/restarted. 

**Note**: When changing your Ghost theme you will need to change the alias path in the `location /assets` nginx block. 

    location /content/images {
            alias /path/to/ghost/content/images;
            access_log off;
            expires max;
        }
        location /assets {
            alias /path/to/ghost/content/themes/(theme-name)/assets;
            access_log off;
            expires max;
        }
        location /public {
            alias /path/to/ghost/core/built/public;
            access_log off;
            expires max;
        }
        location /ghost/scripts {
            alias /path/to/ghost/core/built/scripts;
            access_log off;
            expires max;
        }
        
#####3) nginx Location Block for Ghost Admin Interface

The administrative interface should definitely not be cached. The location block below applies to the backend and signout page. It defines the establed `ghost_upstream` backend and sets cache headers to ensure nothing is cached. Most importantly, note that we are not defining any `proxy_cache` settings. 

	location ~ ^/(?:ghost|signout) { 
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
            proxy_pass http://ghost_upstream;
            add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
        }
        
        
### Full HTTP NGINX Configuration for Ghost. 

If you've followed along you will now end up with a working nginx configuration that looks like this: 

    server {
       server_name domain.com;
       add_header X-Cache $upstream_cache_status;
       location / {
            proxy_cache STATIC;
            proxy_cache_valid 200 30m;
            proxy_cache_valid 404 1m;
            proxy_pass http://ghost_upstream;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
            proxy_ignore_headers Set-Cookie;
            proxy_hide_header Set-Cookie;
            proxy_hide_header X-powered-by;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            expires 10m;
        }
        location /content/images {
            alias /path/to/ghost/content/images;
            access_log off;
            expires max;
        }
        location /assets {
            alias /path/to/ghost/content/themes/uno-master/assets;
            access_log off;
            expires max;
        }
        location /public {
            alias /path/to/ghost/core/built/public;
            access_log off;
            expires max;
        }
        location /ghost/scripts {
            alias /path/to/ghost/core/built/scripts;
            access_log off;
            expires max;
        }
        location ~ ^/(?:ghost|signout) { 
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
            proxy_pass http://ghost_upstream;
            add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
        }
        
    }

  

## SSL/TLS Configuration for Ghost Blog

You may want to server your blog over HTTPS with SSL/TLS. First thing you should do is update the URL in the Ghost `config.js` file. 

The nginx setup for usin SSL/TLS for Ghost requires several additional configurations. A full sample configuration is below. I will highlight the important differences. 

The first several lines of the nginx configuration below establish and optimize HTTPS connections. You can use `SPDY` and additional settings like `spdy_headers_comp`, `keepalive_timeout` , `ssl_session_cache`, and OCSP stapling. Here I'm going to assume you know what those are since the purpose of this guide is to talk about Ghost. 

In the `location /` block it's very important that you include `proxy_set_header X-Forwarded-Proto https;` or else when you go to load your Ghost blog you will receive a redirect loop. You'll need the same thing in the `location ~ ^/(?:ghost|signout) { ` block. 

    server {
       server_name domain.com;
       listen 443 ssl spdy;
       spdy_headers_comp 6;
       spdy_keepalive_timeout 300;
       keepalive_timeout 300;
       ssl_certificate_key /etc/nginx/ssl/domain.key;
       ssl_certificate /etc/nginx/ssl/domain.crt;
       ssl_session_cache shared:SSL:10m;  
       ssl_session_timeout 24h;           
       ssl_buffer_size 1400;              
       ssl_stapling on;
       ssl_stapling_verify on;
       ssl_trusted_certificate /etc/nginx/ssl/trust.crt;
       resolver 8.8.8.8 8.8.4.4 valid=300s;
       add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
       add_header X-Cache $upstream_cache_status;
       location / {
            proxy_cache STATIC;
            proxy_cache_valid 200 30m;
            proxy_cache_valid 404 1m;
            proxy_pass http://ghost_upstream;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
            proxy_ignore_headers Set-Cookie;
            proxy_hide_header Set-Cookie;
            proxy_hide_header X-powered-by;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $http_host;
            expires 10m;
        }
        location /content/images {
            alias /path/to/ghost/content/images;
            access_log off;
            expires max;
        }
        location /assets {
            alias /path/to/ghost/themes/uno-master/assets;
            access_log off;
            expires max;
        }
        location /public {
            alias /path/to/ghost/built/public;
            access_log off;
            expires max;
        }
        location /ghost/scripts {
            alias /path/to/ghost/core/built/scripts;
            access_log off;
            expires max;
        }
        location ~ ^/(?:ghost|signout) { 
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
            proxy_pass http://ghost_upstream;
            add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
            proxy_set_header X-Forwarded-Proto https;
        }
    }
    
Questions or comments? Post below! 

以上是关于markdown 使用NGINX的Ghost CMS实现最佳性能的主要内容,如果未能解决你的问题,请参考以下文章

markdown 将您的Octopress文件导出到Ghost

markdown 将自定义帮助程序添加到Ghost CMS

CentOS 7.2 搭建 Ghost 博客

ghostcentos使用nginx实现ghost博客系统的反向代理

Ghost+Nginx部署HTTP2

在Azure中搭建Ghost博客并绑定自定义域名和HTTPS