Book Image

Mastering NGINX - Second Edition

By : Dimitri Aivaliotis
Book Image

Mastering NGINX - Second Edition

By: Dimitri Aivaliotis

Overview of this book

NGINX is a high-performance HTTP server and mail proxy designed to use very few system resources. But despite its power it is often a challenge to properly configure NGINX to meet your expectations. Mastering Nginx is the solution – an insider’s guide that will clarify the murky waters of NGINX’s configuration. Tune NGINX for various situations, improve your NGINX experience with some of the more obscure configuration directives, and discover how to design and personalize a configuration to match your needs. To begin with, quickly brush up on installing and setting up the NGINX server on the OS and its integration with third-party modules. From here, move on to explain NGINX's mail proxy module and its authentication, and reverse proxy to solve scaling issues. Then see how to integrate NGINX with your applications to perform tasks. The latter part of the book focuses on working through techniques to solve common web issues and the know-hows using NGINX modules. Finally, we will also explore different configurations that will help you troubleshoot NGINX server and assist with performance tuning.
Table of Contents (20 chapters)
Mastering NGINX - Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Directive Reference
Persisting Solaris Network Tunings
Index

Enabling various modules


Besides the http and mail modules, there are a number of other modules included in the NGINX distribution. These modules are not activated by default, but may be enabled by setting the appropriate configuration option:

--with-<module-name>_module

Table – HTTP module configure options

Option

Explanation

--with-http_ssl_module

If you need to encrypt web traffic, you will need this option to be able to use URLs beginning with https. (Requires the OpenSSL library.)

--with-http_realip_module

If your NGINX is behind an L7 load balancer or other device that passes the client's IP address in an HTTP header, you will need to enable this module. For use in situations where multiple clients appear to come from one IP address.

--with-http_addition_module

This module works as an output filter, enabling you to add content of a different location before or after that of the location itself.

--with-http_xslt_module

This module will handle transformations of XML responses, based on one or more XSLT stylesheets. (Requires the libxml2 and libxslt libraries.)

--with-http_image_filter_module

This module is able to act as a filter on images, processing them before handing them over to the client. (Requires the libgd library.)

--with-http_geoip_module

With this module, you are able to set various variables to use in configuration blocks to make decisions based on the geographic location found for a client's IP address. (Requires the MaxMind GeoIP library and the corresponding precompiled database files.)

--with-http_sub_module

This module implements a substitution filter, replacing one string in the response with another. (A word of caution: using this module implicitly disables the caching of headers.)

--with-http_dav_module

Enabling this module will activate the configuration directives for using WebDAV. Note that this module should only be enabled on a need-to-use basis, as it could present security problems if configured incorrectly.

--with-http_flv_module

If you need to be able to stream Flash video files, this module will provide pseudo-streaming.

--with-http_mp4_module

This module supports pseudo-streaming for H.264/AAC files.

--with-http_gzip_static_module

Use this module if you would like to support sending pre-compressed versions of static files when the resource is called without the .gz ending.

--with-http_gunzip_module

This module will decompress pre-compressed content for clients that do not support gzip encoding.

--with-http_random_index_module

If you would like to serve an index file chosen at random from the files in a directory, then this module needs to be enabled.

--with-http_secure_link_module

This module provides a mechanism to hash a link to a URL, so that only those with the proper password would be able to calculate the link.

--with-http_stub_status_module

Enabling this module will help you gather statistics from NGINX itself. The output can be graphed using RRDtool or something similar.

As you can see, these are all modules that build upon the http module, providing extra functionality. Enabling the modules at compile time should not affect runtime performance at all. Using the modules later in the configuration is where performance may be impacted.

I would therefore recommend the following configure options for a web accelerator/proxy:

$ ./configure --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --with-http_stub_status_module --with-openssl=${BUILD_DIR}/openssl-1.0.1p

And the following for a web server:

$ ./configure --with-http_stub_status_module

The difference lies in where NGINX will be faced with clients. The web acceleration role takes care of terminating SSL requests as well as dealing with proxied clients and making decisions based on where a client came from. The web server role only needs to provide default file serving capability.

I would recommend always enabling the stub_status module, as it provides a means of gathering metrics on how your NGINX is performing.

Disabling unused modules

There are also a number of http modules that are normally activated, but may be disabled by setting the appropriate configuration option --without-<module-name>_module. If you have no use for these modules in your configuration, you can safely disable them.

Table – Disable configure options

Option

Explanation

--without-http_charset_module

The charset module is responsible for setting the Content-Type response header, as well as converting from one charset to another.

--without-http_gzip_module

The gzip module works as an output filter, compressing content as it's delivered to the client.

--without-http_ssi_module

This module is a filter that processes Server Side Includes. If the Perl module is enabled, an additional SSI command (perl) is available.

--without-http_userid_module

The userid module enables NGINX to set cookies that can be used for client identification. The variables $uid_set and $uid_got can then be logged for user tracking.

--without-http_access_module

The access module controls access to a location based on IP address.

--without-http_auth_basic_module

This module limits access via HTTP Basic Authentication.

--without-http_autoindex_module

The autoindex module enables NGINX to generate a directory listing for directories that have no index file.

--without-http_geo_module

This module enables you to set up configuration variables based on a client's IP address and then take action on the value of those variables.

--without-http_map_module

The map module enables you to map one variable to another.

--without-http_split_clients_module

This module creates variables that can be used for A/B testing.

--without-http_referer_module

This module enables NGINX to block requests based on the Referer HTTP header.

--without-http_rewrite_module

The rewrite module allows you to change URIs based on various conditions.

--without-http_proxy_module

The proxy module allows NGINX to pass requests onto another server or group of servers.

--without-http_fastcgi_module

The FastCGI module enables NGINX to pass requests to a FastCGI server.

--without-http_uwsgi_module

This module enables NGINX to pass requests to a uWSGI server.

--without-http_scgi_module

The SCGI module enables NGINX to pass requests to an SCGI server.

--without-http_memcached_module

This module enables NGINX to interact with a memcached server, placing responses to queries into a variable.

--without-http_limit_conn_module

This module enables NGINX to set connection limits based on certain keys, usually an IP address.

--without-http_limit_req_module

With this module, NGINX can limit the request rate per key.

--without-http_empty_gif_module

The empty GIF module produces a 1 x 1-pixel in-memory transparent GIF.

--without-http_browser_module

The browser module allows for configurations based on the User-Agent HTTP request header. Variables are set based on the version found in this header.

--without-http_upstream_ip_hash_module

This module defines a set of servers that may be used in conjunction with the various proxy modules.