Book Image

Mastering NGINX - Second Edition

By : Aivaliotis
Book Image

Mastering NGINX - Second Edition

By: Aivaliotis

Overview of this book

NGINX is a high-performance HTTP server and mail proxy designed to use very few system resources. But despite its power it is often a challenge to properly configure NGINX to meet your expectations. Mastering Nginx is the solution – an insider’s guide that will clarify the murky waters of NGINX’s configuration. Tune NGINX for various situations, improve your NGINX experience with some of the more obscure configuration directives, and discover how to design and personalize a configuration to match your needs. To begin with, quickly brush up on installing and setting up the NGINX server on the OS and its integration with third-party modules. From here, move on to explain NGINX's mail proxy module and its authentication, and reverse proxy to solve scaling issues. Then see how to integrate NGINX with your applications to perform tasks. The latter part of the book focuses on working through techniques to solve common web issues and the know-hows using NGINX modules. Finally, we will also explore different configurations that will help you troubleshoot NGINX server and assist with performance tuning.
Table of Contents (15 chapters)
10
A. Directive Reference
13
D. Persisting Solaris Network Tunings
14
Index

Configuring SSL support

NGINX uses the OpenSSL Project for TLS/SSL protocols. More information about this Open Source toolkit can be found at https://www.openssl.org. Support for SSL can be had from either the OS or directly from a separate copy of the toolkit. If you use either --with-http_ssl_module or --with-mail_ssl_module without --with-ssl, you're using the OpenSSL library that is installed on the machine where you executed the configure command. If you'd like to compile against a specific version of OpenSSL, download the distribution, unpack it in a directory, and then specify the path to that directory as the argument to --with-openssl. Use the --with-openssl-opt option to specify additional build options for OpenSSL itself.

For example, to build NGINX with an OpenSSL that has optimized elliptic curves, you would use a command such as the following:

$ ./configure --with-http_ssl_module --with-openssl=${BUILD_DIR}/openssl-1.0.1p --with-openssl-opt=enable-ec_nistp_64_gcc_128