SlideShare a Scribd company logo

NGINX: Basics and Best Practices

Download as PPTX, PDF
N
NGINX, Inc.

On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices You’ve heard of NGINX and the benefits it can provide to your web application, but maybe you’re not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other, making things more challenging. In this webinar we’ll cover the basics of NGINX to help you effectively begin using it as part of your existing or new web app. This webinar covers how to: * Install NGINX and verify it's properly running * Create NGINX configurations for reverse proxy, load balancer, etc. * Improve performance using keepalives and other NGINX directives * Debug and troubleshoot using NGINX logs

Software
1 of 32
NGINX: Basics and Best Practices
Internet Web Server Serve content from disk Application Gateway FastCGI, uWSGI, Passenger… Reverse Proxy Caching, load balancing… HTTP Traffic NGINX Overview
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
MORE INFORMATION AT NGINX.COM NGINX Installation Options • Official NGINX repo • Mainline (recommended) – Actively developed; new minor releases made every 4-6 weeks with new features and enhancements. • Stable − Updated only when critical issues or security vulnerabilities need to be fixed. • OS vendor and other third-party repos • Not as frequently updated; Debian Jessie has NGINX 1.6.2 • Typically built off NGINX Stable branch
MORE INFORMATION AT NGINX.COM NGINX Mainline vs. Stable
MORE INFORMATION AT NGINX.COM NGINX Installation: Debian/Ubuntu deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx Create /etc/apt/sources.list.d/nginx.list with the following contents: • OS – ubuntu or debian depending on your distro • CODENAME – - With debian: wheezy, jessie, or stretch (7.0, 8.0, 9.0) - With ubuntu: precise, trusty, xenial, or yakkety (12.04, 14.04, 16.04, 16.10) $ wget http://nginx.org/keys/nginx_signing.key $ apt-key add nginx_signing.key $ apt-get update $ apt-get install –y nginx
MORE INFORMATION AT NGINX.COM NGINX Installation: CentOS/Red Hat [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 Create /etc/yum.repos.d/nginx.repo with the following contents: • OS – centos or rhel depending on your distro • OSRELEASE – 6 or 7 for 6.x or 7.x versions, respectively $ yum –y install nginx $ systemctl enable nginx $ systemctl start nginx $ firewall-cmd --zone=public --add-port=80/tcp –permanent $ firewall-cmd --reload
MORE INFORMATION AT NGINX.COM NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop-down list • Instructions similar to OSS installation • Mostly just using different repo and installing client certificate
MORE INFORMATION AT NGINX.COM Verifying Installation $ nginx -v nginx version: nginx/1.13.0 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
MORE INFORMATION AT NGINX.COM Verifying Installation
MORE INFORMATION AT NGINX.COM Key NGINX Commands • nginx –t Check if NGINX configuration is ok • nginx –s reload Gracefully reload NGINX processes • nginx –V Similar to –v, but with more detailed information • nginx –T Dump full NGINX configuration • nginx –h Display NGINX help menu • After config change, test and reload : nginx –t && nginx –s reload
MORE INFORMATION AT NGINX.COM NGINX Installation Misc • For more installation details, see http://nginx.org/en/linux_packages.html • List of all supported distros and CPUs • SUSE Linux installation instructions • For NGINX Plus, see https://cs.nginx.com/repo_setup • List of all supported distros and CPUs, including FreeBSD
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
MORE INFORMATION AT NGINX.COM Key Files and Directories • /etc/nginx/ − Parent directory for all NGINX configuration • /etc/nginx/nginx.conf − Top-level NGINX configuration, not modified often • /etc/nginx/conf.d/*.conf − Configuration for virtual servers and upstreams; for example, www.example.com.conf
MORE INFORMATION AT NGINX.COM Basic Web Server Configuration server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } } root specifies that: www.example.com maps to /usr/share/nginx/html/index.html www.example.com/i/file.txt maps to /usr/share/nginx/html/i/file.txt • server defines the context for a virtual server • listen specifies IP address/port that NGINX listens on; if no IP address (as here), NGINX binds to all IP addresses on system • default_server specifies to use this server if hostname is not known • server_name specifies hostname of virtual server
MORE INFORMATION AT NGINX.COM Basic SSL Configuration server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key location / { root /usr/share/nginx/html; index index.html index.htm; } } • Force all traffic to SSL • Good for SEO • Use Let’s Encrypt to get free SSL certificates
MORE INFORMATION AT NGINX.COM Basic Reverse Proxy Configuration server { location ~ [^/].php(/|$) { fastcgi_split_path_info ^(.+?.php)(/.*)$; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; } • Requires PHP FPM: apt-get install –y php7.0-fpm • Can also use PHP 5 • Similar directives available for SCGI and uwsgi • Additional PHP FPM configuration may be required
MORE INFORMATION AT NGINX.COM Basic Load Balancing Configuration upstream my_upstream { server server1.example.com; server server2.example.com; least_conn; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } } • Default load balancing algorithm is Round Robin • least_conn selects server with fewest active connections • By default NGINX rewrites Host header to name and port of proxied server • proxy_set_header overrides and passes through original client Host header • least_time factors in connection count and server response time (available in NGINX Plus only)
MORE INFORMATION AT NGINX.COM Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_path defines the size, location on disk, and other parameters of the cache • proxy_cache enables caching for the local context
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
MORE INFORMATION AT NGINX.COM Modifications to Main nginx.conf user nginx; worker_processes auto; # ... http { # ... keepalive_timeout 300s; keepalive_requests 100000; } • Set in main nginx.conf file. • Default value for worker_processes varies by system and installation source. • auto means to create one worker process per core. This is recommended for most deployments. • keepalive_timeout controls how long to keep idle connections to clients open. Default: 75 seconds. • keeplive_requests sets the limit on requests by a single client connection before it’s closed. • keepalive_* can also be set per virtual server.
MORE INFORMATION AT NGINX.COM HTTP/1.1 Keepalive to Upstreams upstream my_upstream { server server1.example.com; keepalive 32; } server { location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://my_upstream; } } • keepalive enables TCP connection cache • By default NGINX uses HTTP/1.0 with Connection: Close • proxy_http_version upgrades connection to HTTP/1.1 • proxy_set_header enables keepalive by clearing Connection: Close HTTP header
MORE INFORMATION AT NGINX.COM SSL Session Caching and HTTP/2 server { listen 443 ssl http2 default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; } • Improves SSL/TLS performance • 1 MB session cache can store about 4,000 sessions • Cache shared across all NGINX workers • HTTP/2 improves performance • Note: HTTP/2 requires OpenSSL 1.0.2 to work properly
MORE INFORMATION AT NGINX.COM Improved Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_cache_lock on; proxy_cache_revalidate on; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_lock instructs NGINX to send only one request to the upstream when there are multiple cache misses for the same file • proxy_cache_revalidate instructs NGINX to use If-Modified-Since when refreshing cache
MORE INFORMATION AT NGINX.COM Load Balancing with Health Checks Configuration upstream my_upstream { zone my_upstream 64k; server server1.example.com slow_start=30s; server server2.example.com slow_start=30s; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } location @health { health_check mandatory; } } • Polls /health every 5 seconds • If response is not 2xx or 3xx, server is marked as failed • Traffic to recovered/new servers slowly ramps up traffic over 30 seconds • Many additional configurable parameters • Exclusive to NGINX Plus
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
MORE INFORMATION AT NGINX.COM NGINX Stub Status Module server { location /basic_status { stub_status; } } • Provides aggregated NGINX statistics • Restrict access so it’s not publicly visible $ curl http://www.example.com/basic_status Active connections: 1 server accepts handled requests 7 7 7 Reading: 0 Writing: 1 Waiting: 0
MORE INFORMATION AT NGINX.COM NGINX Plus Extended Status Module • Provides detailed NGINX Plus statistics • 40+ additional metrics • Monitoring GUI also available; see demo.nginx.com • Exclusive to NGINX Plus $ curl https://www.nginx.com/resource/conf/status.conf > /etc/nginx/conf.d/status.conf upstream my_upstream { zone my_upstream 64k; server server1.example.com; } server { status_zone my_virtual_server; location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } }
MORE INFORMATION AT NGINX.COM Key Logging Files and Directories • /var/log/nginx/access.log − Details about requests and responses • /var/log/nginx/error.log − Details about NGINX errors
MORE INFORMATION AT NGINX.COM NGINX Access Logs 192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:26 -0700] "GET /favicon.ico HTTP/1.1" 404 571 "http://fmemon-redhat.local/" “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:31 -0700] "GET /basic_status HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" • Enabled by default. Can be disabled with the access_log off directive. • By default lists client IP address, date, request , referrer, user agent, etc. Can add additional NGINX variables; see nginx.org/en/docs/varindex.html. • Log format configurable with the log_format directive
MORE INFORMATION AT NGINX.COM Summary • We recommend using the NGINX mainline branch for most deployments • Put all configuration in separate files in /etc/nginx/conf.d/ • Forcing all traffic to SSL improves security and improves search rankings • Keepalive connections improve performance by reusing TCP connections • SSL session caching and HTTP/2 improve SSL performance • NGINX status module and logging capability provide visibility Try NGINX Plus for free at nginx.com/free-trial-request
MORE INFORMATION AT NGINX.COM Upcoming Webinars • Delivering High Performance Websites with NGINX (June 7, 2017, 11:00 AM CEST) • Ask Me Anything about Microservices, Part 3 (June 14, 2017, 10:00 AM PDT) Register at nginx.com/webinars

Recommended

Introduction to Nginx
Introduction to NginxIntroduction to Nginx
Introduction to Nginx
Knoldus Inc.
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
NGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
NGINX, Inc.
 
Nginx dhruba mandal
Nginx dhruba mandalNginx dhruba mandal
Nginx dhruba mandal
Dhrubaji Mandal ♛
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
 
Nginx
NginxNginx
Nginx
Geeta Vinnakota
 
Introduction to NGINX web server
Introduction to NGINX web serverIntroduction to NGINX web server
Introduction to NGINX web server
Md Waresul Islam
 
Nginx
NginxNginx
Nginx
Dhrubaji Mandal ♛
 

Recommended

Introduction to Nginx
Introduction to NginxIntroduction to Nginx
Introduction to Nginx
Knoldus Inc.
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
NGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
NGINX, Inc.
 
Nginx dhruba mandal
Nginx dhruba mandalNginx dhruba mandal
Nginx dhruba mandal
Dhrubaji Mandal ♛
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
 
Nginx
NginxNginx
Nginx
Geeta Vinnakota
 
Introduction to NGINX web server
Introduction to NGINX web serverIntroduction to NGINX web server
Introduction to NGINX web server
Md Waresul Islam
 
Nginx
NginxNginx
Nginx
Dhrubaji Mandal ♛
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Amit Aggarwal
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx Essential
Gong Haibing
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
Larry Cai
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
Gena Mykhailiuta
 
HAProxy
HAProxy HAProxy
HAProxy
Arindam Nayak
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
Khizer Naeem
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
Swapnil Jain
 
Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2
Chartbeat
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - Introduction
Stephane Manciot
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & Grafana
YoungHeon (Roy) Kim
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
NGINX, Inc.
 
NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance Caching
NGINX, Inc.
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
George Shuklin
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
Krishna-Kumar
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
Robert Reiz
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
Knoldus Inc.
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
NGINX, Inc.
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
NGINX, Inc.
 

More Related Content

What's hot

What's hot (20)

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx Essential
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
HAProxy
HAProxy HAProxy
HAProxy
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2
 
Ansible - Introduction
Ansible - IntroductionAnsible - Introduction
Ansible - Introduction
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & Grafana
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
 
NGINX High-performance Caching
NGINX High-performance CachingNGINX High-performance Caching
NGINX High-performance Caching
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 

Similar to NGINX: Basics and Best Practices

NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
NGINX, Inc.
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
NGINX, Inc.
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?
NGINX, Inc.
 
What’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEAWhat’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEA
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
tuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdftuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdf
trihang02122018
 

Similar to NGINX: Basics and Best Practices (20)

NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?
 
What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
 
What’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEAWhat’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEA
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
 
tuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdftuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdf
 
5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do velocity5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do velocity
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPC
 
NGINX Plus R20 Webinar
NGINX Plus R20 WebinarNGINX Plus R20 Webinar
NGINX Plus R20 Webinar
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
 
What's New in NGINX Plus R7?
What's New in NGINX Plus R7?What's New in NGINX Plus R7?
What's New in NGINX Plus R7?
 

More from NGINX, Inc.

Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 

More from NGINX, Inc. (20)

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
 

Recently uploaded

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 

Recently uploaded (20)

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 

NGINX: Basics and Best Practices

  • 2. Internet Web Server Serve content from disk Application Gateway FastCGI, uWSGI, Passenger… Reverse Proxy Caching, load balancing… HTTP Traffic NGINX Overview
  • 3. MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
  • 4. MORE INFORMATION AT NGINX.COM NGINX Installation Options • Official NGINX repo • Mainline (recommended) – Actively developed; new minor releases made every 4-6 weeks with new features and enhancements. • Stable − Updated only when critical issues or security vulnerabilities need to be fixed. • OS vendor and other third-party repos • Not as frequently updated; Debian Jessie has NGINX 1.6.2 • Typically built off NGINX Stable branch
  • 5. MORE INFORMATION AT NGINX.COM NGINX Mainline vs. Stable
  • 6. MORE INFORMATION AT NGINX.COM NGINX Installation: Debian/Ubuntu deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx Create /etc/apt/sources.list.d/nginx.list with the following contents: • OS – ubuntu or debian depending on your distro • CODENAME – - With debian: wheezy, jessie, or stretch (7.0, 8.0, 9.0) - With ubuntu: precise, trusty, xenial, or yakkety (12.04, 14.04, 16.04, 16.10) $ wget http://nginx.org/keys/nginx_signing.key $ apt-key add nginx_signing.key $ apt-get update $ apt-get install –y nginx
  • 7. MORE INFORMATION AT NGINX.COM NGINX Installation: CentOS/Red Hat [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 Create /etc/yum.repos.d/nginx.repo with the following contents: • OS – centos or rhel depending on your distro • OSRELEASE – 6 or 7 for 6.x or 7.x versions, respectively $ yum –y install nginx $ systemctl enable nginx $ systemctl start nginx $ firewall-cmd --zone=public --add-port=80/tcp –permanent $ firewall-cmd --reload
  • 8. MORE INFORMATION AT NGINX.COM NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop-down list • Instructions similar to OSS installation • Mostly just using different repo and installing client certificate
  • 9. MORE INFORMATION AT NGINX.COM Verifying Installation $ nginx -v nginx version: nginx/1.13.0 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
  • 10. MORE INFORMATION AT NGINX.COM Verifying Installation
  • 11. MORE INFORMATION AT NGINX.COM Key NGINX Commands • nginx –t Check if NGINX configuration is ok • nginx –s reload Gracefully reload NGINX processes • nginx –V Similar to –v, but with more detailed information • nginx –T Dump full NGINX configuration • nginx –h Display NGINX help menu • After config change, test and reload : nginx –t && nginx –s reload
  • 12. MORE INFORMATION AT NGINX.COM NGINX Installation Misc • For more installation details, see http://nginx.org/en/linux_packages.html • List of all supported distros and CPUs • SUSE Linux installation instructions • For NGINX Plus, see https://cs.nginx.com/repo_setup • List of all supported distros and CPUs, including FreeBSD
  • 13. MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
  • 14. MORE INFORMATION AT NGINX.COM Key Files and Directories • /etc/nginx/ − Parent directory for all NGINX configuration • /etc/nginx/nginx.conf − Top-level NGINX configuration, not modified often • /etc/nginx/conf.d/*.conf − Configuration for virtual servers and upstreams; for example, www.example.com.conf
  • 15. MORE INFORMATION AT NGINX.COM Basic Web Server Configuration server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } } root specifies that: www.example.com maps to /usr/share/nginx/html/index.html www.example.com/i/file.txt maps to /usr/share/nginx/html/i/file.txt • server defines the context for a virtual server • listen specifies IP address/port that NGINX listens on; if no IP address (as here), NGINX binds to all IP addresses on system • default_server specifies to use this server if hostname is not known • server_name specifies hostname of virtual server
  • 16. MORE INFORMATION AT NGINX.COM Basic SSL Configuration server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key location / { root /usr/share/nginx/html; index index.html index.htm; } } • Force all traffic to SSL • Good for SEO • Use Let’s Encrypt to get free SSL certificates
  • 17. MORE INFORMATION AT NGINX.COM Basic Reverse Proxy Configuration server { location ~ [^/].php(/|$) { fastcgi_split_path_info ^(.+?.php)(/.*)$; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; } • Requires PHP FPM: apt-get install –y php7.0-fpm • Can also use PHP 5 • Similar directives available for SCGI and uwsgi • Additional PHP FPM configuration may be required
  • 18. MORE INFORMATION AT NGINX.COM Basic Load Balancing Configuration upstream my_upstream { server server1.example.com; server server2.example.com; least_conn; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } } • Default load balancing algorithm is Round Robin • least_conn selects server with fewest active connections • By default NGINX rewrites Host header to name and port of proxied server • proxy_set_header overrides and passes through original client Host header • least_time factors in connection count and server response time (available in NGINX Plus only)
  • 19. MORE INFORMATION AT NGINX.COM Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_path defines the size, location on disk, and other parameters of the cache • proxy_cache enables caching for the local context
  • 20. MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
  • 21. MORE INFORMATION AT NGINX.COM Modifications to Main nginx.conf user nginx; worker_processes auto; # ... http { # ... keepalive_timeout 300s; keepalive_requests 100000; } • Set in main nginx.conf file. • Default value for worker_processes varies by system and installation source. • auto means to create one worker process per core. This is recommended for most deployments. • keepalive_timeout controls how long to keep idle connections to clients open. Default: 75 seconds. • keeplive_requests sets the limit on requests by a single client connection before it’s closed. • keepalive_* can also be set per virtual server.
  • 22. MORE INFORMATION AT NGINX.COM HTTP/1.1 Keepalive to Upstreams upstream my_upstream { server server1.example.com; keepalive 32; } server { location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://my_upstream; } } • keepalive enables TCP connection cache • By default NGINX uses HTTP/1.0 with Connection: Close • proxy_http_version upgrades connection to HTTP/1.1 • proxy_set_header enables keepalive by clearing Connection: Close HTTP header
  • 23. MORE INFORMATION AT NGINX.COM SSL Session Caching and HTTP/2 server { listen 443 ssl http2 default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; } • Improves SSL/TLS performance • 1 MB session cache can store about 4,000 sessions • Cache shared across all NGINX workers • HTTP/2 improves performance • Note: HTTP/2 requires OpenSSL 1.0.2 to work properly
  • 24. MORE INFORMATION AT NGINX.COM Improved Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_cache_lock on; proxy_cache_revalidate on; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_lock instructs NGINX to send only one request to the upstream when there are multiple cache misses for the same file • proxy_cache_revalidate instructs NGINX to use If-Modified-Since when refreshing cache
  • 25. MORE INFORMATION AT NGINX.COM Load Balancing with Health Checks Configuration upstream my_upstream { zone my_upstream 64k; server server1.example.com slow_start=30s; server server2.example.com slow_start=30s; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } location @health { health_check mandatory; } } • Polls /health every 5 seconds • If response is not 2xx or 3xx, server is marked as failed • Traffic to recovered/new servers slowly ramps up traffic over 30 seconds • Many additional configurable parameters • Exclusive to NGINX Plus
  • 26. MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Debugging and Troubleshooting
  • 27. MORE INFORMATION AT NGINX.COM NGINX Stub Status Module server { location /basic_status { stub_status; } } • Provides aggregated NGINX statistics • Restrict access so it’s not publicly visible $ curl http://www.example.com/basic_status Active connections: 1 server accepts handled requests 7 7 7 Reading: 0 Writing: 1 Waiting: 0
  • 28. MORE INFORMATION AT NGINX.COM NGINX Plus Extended Status Module • Provides detailed NGINX Plus statistics • 40+ additional metrics • Monitoring GUI also available; see demo.nginx.com • Exclusive to NGINX Plus $ curl https://www.nginx.com/resource/conf/status.conf > /etc/nginx/conf.d/status.conf upstream my_upstream { zone my_upstream 64k; server server1.example.com; } server { status_zone my_virtual_server; location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } }
  • 29. MORE INFORMATION AT NGINX.COM Key Logging Files and Directories • /var/log/nginx/access.log − Details about requests and responses • /var/log/nginx/error.log − Details about NGINX errors
  • 30. MORE INFORMATION AT NGINX.COM NGINX Access Logs 192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:26 -0700] "GET /favicon.ico HTTP/1.1" 404 571 "http://fmemon-redhat.local/" “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:31 -0700] "GET /basic_status HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" • Enabled by default. Can be disabled with the access_log off directive. • By default lists client IP address, date, request , referrer, user agent, etc. Can add additional NGINX variables; see nginx.org/en/docs/varindex.html. • Log format configurable with the log_format directive
  • 31. MORE INFORMATION AT NGINX.COM Summary • We recommend using the NGINX mainline branch for most deployments • Put all configuration in separate files in /etc/nginx/conf.d/ • Forcing all traffic to SSL improves security and improves search rankings • Keepalive connections improve performance by reusing TCP connections • SSL session caching and HTTP/2 improve SSL performance • NGINX status module and logging capability provide visibility Try NGINX Plus for free at nginx.com/free-trial-request
  • 32. MORE INFORMATION AT NGINX.COM Upcoming Webinars • Delivering High Performance Websites with NGINX (June 7, 2017, 11:00 AM CEST) • Ask Me Anything about Microservices, Part 3 (June 14, 2017, 10:00 AM PDT) Register at nginx.com/webinars

Editor's Notes

  1. NGINX Plus gives you all the tools you need to deliver your application reliably. Web Server NGINX is a fully featured web server that can directly serve static content. NGINX Plus can scale to handle hundreds of thousands of clients simultaneously, and serve hundreds of thousands of content resources per second. Application Gateway NGINX handles all HTTP traffic, and forwards requests in a smooth, controlled manner to PHP, Ruby, Java, and other application types, using FastCGI, uWSGI, and Linux sockets. Reverse Proxy NGINX is a reverse proxy that you can put in front of your applications. NGINX can cache both static and dynamic content to improve overall performance, as well as load balance traffic enabling you to scale-out.
  2. - We will
  3. - We will
  4. - We will
  5. - We will
  6. - We will
  7. - We will
  8. - We will
  9. - We will
  10. - We will
  11. - We recommend configuration to be put into conf.d directory, not sites-enabled or sites-available
  12. Very basic configuration that listens on port 80
  13. - We will
  14. - We will
  15. - We recommend configuration to be put into conf.d directory, not sites-enabled or sites-available