Book Image

Mastering NGINX - Second Edition

By : Dimitri Aivaliotis
Book Image

Mastering NGINX - Second Edition

By: Dimitri Aivaliotis

Overview of this book

NGINX is a high-performance HTTP server and mail proxy designed to use very few system resources. But despite its power it is often a challenge to properly configure NGINX to meet your expectations. Mastering Nginx is the solution – an insider’s guide that will clarify the murky waters of NGINX’s configuration. Tune NGINX for various situations, improve your NGINX experience with some of the more obscure configuration directives, and discover how to design and personalize a configuration to match your needs. To begin with, quickly brush up on installing and setting up the NGINX server on the OS and its integration with third-party modules. From here, move on to explain NGINX's mail proxy module and its authentication, and reverse proxy to solve scaling issues. Then see how to integrate NGINX with your applications to perform tasks. The latter part of the book focuses on working through techniques to solve common web issues and the know-hows using NGINX modules. Finally, we will also explore different configurations that will help you troubleshoot NGINX server and assist with performance tuning.
Table of Contents (20 chapters)
Mastering NGINX - Second Edition
About the Author
About the Reviewer
Directive Reference
Persisting Solaris Network Tunings

Using limits to prevent abuse

We build and host websites because we want users to visit them. We want our websites to always be available for legitimate access. This means that we may have to take measures to limit access to abusive users. We may define abusive to mean anything from one request per second to a number of connections from the same IP address. Abuse can also take the form of a distributed denial-of-service (DDoS) attack, where bots running on multiple machines around the world all try to access the site as many times as possible at the same time. In this section, we will explore methods to counter each type of abuse to ensure that our websites are available.

First, let's take a look at the different configuration directives that will help us achieve our goal:

HTTP limits directives



This directive specifies a shared memory zone (configured with limit_conn_zone) and the maximum number of connections that are allowed per key value.