Book Image

Mastering Nginx

By : Dimitri Aivaliotis
Book Image

Mastering Nginx

By: Dimitri Aivaliotis

Overview of this book

<p>NGINX is a high-performance HTTP server and mail proxy designed to use very few system resources. With the many tutorials and example configurations floating around the Web, it is difficult to know how to properly configure NGINX to meet your expectations.<br /><br />"Mastering Nginx" will serve to clarify the murky waters of NGINX configuration, helping you learn how to tune NGINX for various situations, what some of the more obscure configuration directives do, and how to design a decent configuration to match your needs.<br /><br />Beginning with an overview of compiling NGINX and describing its basic configuration file format, this guide next takes you on a tour of NGINX's modules.</p> <p>From the unique mail module to the upstream module, this book explores the various possibilities of using NGINX as a reverse proxy. The multiple HTTP modules are explained, and the book rounds off the tour with a discussion of troubleshooting.</p> <p>"Mastering Nginx" will explain all aspects of configuring NGINX to help solve your hosting problems.</p>

Related Content you might be interested in

Current Title:

Small book image
Mastering Nginx
Dimitri Aivaliotis
Mar, 2013 | 322 pages
No titles found
Table of Contents (19 chapters)
Mastering NGINX
Mastering NGINX
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Installing NGINX and Third-Party Modules
Installing NGINX and Third-Party Modules
Installing NGINX using a package manager
Installing NGINX from source
Configuring for web or mail service
Enabling various modules
Finding and installing third-party modules
Putting it all together
Summary
2
A Configuration Guide
A Configuration Guide
The basic configuration format
NGINX global configuration parameters
Using include files
The HTTP server section
The virtual server section
Locations – where, when, and how
The mail server section
Full sample configuration
Summary
3
Using the Mail Module
Using the Mail Module
Basic proxy service
Authentication service
Combining with memcached
Interpreting log files
Operating system limits
Summary
4
NGINX as a Reverse Proxy
NGINX as a Reverse Proxy
Introduction to reverse proxying
Types of upstream servers
Converting an "if"-fy configuration to a more modern interpretation
Using error documents to handle upstream problems
Determining the client's real IP address
Summary
5
Reverse Proxy Advanced Topics
Reverse Proxy Advanced Topics
Security through separation
Isolating application components for scalability
Reverse proxy performance tuning
Summary
6
The NGINX HTTP Server
The NGINX HTTP Server
NGINX's architecture
The HTTP core module
Using limits to prevent abuse
Restricting access
Streaming media files
Predefined variables
Using NGINX with PHP-FPM
Wiring NGINX and uWSGI together
Summary
7
NGINX for the Developer
NGINX for the Developer
Caching integration
Changing content on-the-fly
Using Server Side Includes
Decision-making in NGINX
Creating a secure link
Generating images
Tracking website visitors
Preventing inadvertent code execution
Summary
8
Troubleshooting Techniques
Troubleshooting Techniques
Analyzing log files
Configuring advanced logging
Common configuration errors
Operating system limits
Performance problems
Using the Stub Status module
Summary
Directive Reference
Directive Reference
Table: Directive reference
Rewrite Rule Guide
Rewrite Rule Guide
Introducing the rewrite module
Creating new rewrite rules
Translating from Apache
Summary
The NGINX Community
The NGINX Community
Mailing list
IRC channel
Web resources
Writing a good bug report
Summary
Persisting Solaris Network Tunings
Persisting Solaris Network Tunings
Index
Index

Enabling various modules

Besides the http and mail modules, there are a number of other modules included in the NGINX distribution. These modules are not activated per default, but may be enabled by setting the appropriate configuration option --with-<module-name>_module.

Table: HTTP module configure options

Option

Explanation

--with-http_ssl_module

If you need to encrypt web traffic, you will need this option to be able to use URLs beginning with https. (Requires the OpenSSL library.)

--with-http_realip_module

If your NGINX will be behind a L7 load balancer or other device that passes the client's IP address in an HTTP header, you will need to enable this module. For use in situations where multiple clients appear to come from one IP address.

--with-http_addition_module

This module works as an output filter, enabling you to add content of a different location before or after that of the location itself.

--with-http_xslt_module

This module will handle transformations of XML responses, based on one or more XSLT stylesheets. (Requires the libxml2 and libxslt libraries.)

--with-http_image_filter_module

This module is able to act as a filter on images, processing them before handing them over to the client. (Requires the libgd library.)

--with-http_geoip_module

With this module, you are able to set various variables to use in configuration blocks to make decisions based on the geographic location found for a client's IP address. (Requires the MaxMind GeoIP library and the corresponding precompiled database files.)

--with-http_sub_module

This module implements a substitution filter, replacing one string in the response with another.

--with-http_dav_module

Enabling this module will activate the configuration directives for using WebDAV. Note that this module should only be enabled on a need-to-use basis, as it could present security problems if configured incorrectly.

--with-http_flv_module

If you need to be able to stream Flash video files, this module will provide for pseudo-streaming.

--with-http_mp4_module

This module supports pseudo-streaming for H.264/AAC files.

--with-http_gzip_static_module

Use this module if you would like to support sending pre-compressed versions of static files when the resource is called without the .gz ending.

--with-http_gunzip_module

This module will decompress pre-compressed content for clients that do not support gzip encoding.

--with-http_random_index_module

If you would like to serve an index file chosen at random from the files in a directory, then this module needs to be enabled.

--with-http_secure_link_module

This module provides a mechanism to hash a link to a URL, so that only those with the proper password would be able to calculate the link.

--with-http_stub_status_module

Enabling this module will help you gather statistics from NGINX itself. The output can be graphed using RRDtool or something similar.

As you can see, these are all modules that build upon the http module, providing extra functionality. Enabling the modules at compile time should not affect runtime performance at all. Using the modules later in the configuration is where performance may be impacted.

I would therefore recommend the following configure options for a web accelerator/proxy:

$ ./configure --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --with-http_stub_status_module --with-openssl=${BUILD_DIR}/openssl-1.0.1c

And the following for a web server:

$ ./configure --with-http_stub_status_module

The difference lies in where NGINX will be faced with clients. The web acceleration role would take care of terminating SSL requests as well as dealing with proxied clients and making decisions based on where a client came from. The web server role would need only provide default file serving capability.

I would recommend always enabling the stub_status module, as it provides a means of gathering metrics on how your NGINX is performing.

Disabling unused modules

There are also a number of http modules that are normally activated, but may be disabled by setting the appropriate configuration option --without-<module-name>_module. If you have no use for these modules in your configuration, you can safely disable them.

Table: Disable configure options

Option

Explanation

--without-http_charset_module

The charset module is responsible for setting the Content-Type response header, as well as converting from one charset to another.

--without-http_gzip_module

The gzip module works as an output filter, compressing content as it's delivered to the client.

--without-http_ssi_module

This module is a filter that processes Server Side Includes. If the Perl module is enabled, an additional SSI command (perl) is available.

--without-http_userid_module

The userid module enables NGINX to set cookies that can be used for client identification. The variables $uid_set and $uid_got can then be logged for user tracking.

--without-http_access_module

The access module controls access to a location based on IP address.

--without-http_auth_basic_module

This module limits access via HTTP Basic Authentication.

--without-http_autoindex_module

The autoindex module enables NGINX to generate a directory listing for directories that have no index file.

--without-http_geo_module

This module enables you to set up configuration variables based on a client's IP address and then take action on the value of those variables.

--without-http_map_module

The map module enables you to map one variable to another.

--without-http_split_clients_module

This module creates variables that can be used for A/B testing.

--without-http_referer_module

This module enables NGINX to block requests based on the Referer HTTP header.

--without-http_rewrite_module

The rewrite module allows you to change URIs based on various conditions.

--without-http_proxy_module

The proxy module allows NGINX to pass requests on to another server or group of servers.

--without-http_fastcgi_module

The FastCGI module enables NGINX to pass requests to a FastCGI server.

--without-http_uwsgi_module

This module enables NGINX to pass requests to a uWSGI server.

--without-http_scgi_module

The SCGI module enables NGINX to pass requests to an SCGI server.

--without-http_memcached_module

This module enables NGINX to interact with a memcached server, placing responses to queries into a variable.

--without-http_limit_conn_module

This module enables NGINX to set connection limits based on certain keys, usually an IP address.

--without-http_limit_req_module

With this module, NGINX can limit the request rate per key.

--without-http_empty_gif_module

The empty GIF module produces a 1 x 1-pixel in-memory transparent GIF.

--without-http_browser_module

The browser module allows for configurations based on the User-Agent HTTP request header. Variables are set based on the version found in this header.

--without-http_upstream_ip_hash_module

This module defines a set of servers that may be used in conjunction with the various proxy modules.

Previous Section
End of Section 5
Next Section