KEMBAR78
NGINX: Basics & Best Practices - EMEA Broadcast | PPTX
NI
Uploaded byNGINX, Inc.
PPTX, PDF1,468 views

NGINX: Basics & Best Practices - EMEA Broadcast

This document provides an overview of installing and configuring the NGINX web server. It discusses installing NGINX from official repositories or from source on Linux systems like Ubuntu, Debian, CentOS and Red Hat. It also covers verifying the installation, basic configurations for web serving, reverse proxying, load balancing and caching. The document discusses modifications that can be made to the main nginx.conf file to improve performance and reliability. It also covers monitoring NGINX using status pages and logs, and summarizes key documentation resources.

Software
Related topics:
web-applicationsLoad Balancing Insights
In this document
Powered by AI

Introduction to NGINX as a web server, application gateway, and reverse proxy. Basic functionalities like caching and load balancing.

Detailed agenda for installing NGINX, including mainline vs stable version distinctions; specific installation steps for various OS like Debian, Ubuntu, and CentOS.

Basic configurations for setting up NGINX, covering server directives, SSL configurations, reverse proxy settings, load balancing, and caching.

Strategies to enhance performance including adjusting keepalive settings, SSL session caching, and configuring upstream health checks.

Details on NGINX's status modules, extended status metrics, access and error logging configurations, and overview of log files and settings.

Summary of NGINX deployment recommendations, documentation resources for further learning, and upcoming webinars.

Downloaded 139 times
NGINX: Basics and Best Practices Liam Crilly Director of Product Management liam@nginx.com
Internet Web Server Serve content from disk Application Gateway FastCGI, uWSGI, Passenger… Reverse Proxy Caching, load balancing… HTTP Traffic NGINX Overview
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Logging and Monitoring
MORE INFORMATION AT NGINX.COM NGINX Installation Options • Official NGINX repo • Mainline (recommended) – Actively developed; new minor releases made every 4-6 weeks with new features and enhancements. • Stable − Updated only when critical issues or security vulnerabilities need to be fixed. • OS vendor and other third-party repos • Not as frequently updated; Debian Jessie has NGINX 1.6.2 (Sep- 2014) • Typically built off NGINX Stable branch
MORE INFORMATION AT NGINX.COM NGINX Mainline vs. Stable
MORE INFORMATION AT NGINX.COM NGINX Installation: Debian/Ubuntu deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx Create /etc/apt/sources.list.d/nginx.list with the following contents: • OS – ubuntu or debian depending on your distro • CODENAME – - With debian: wheezy, jessie, or stretch (7.0, 8.0, 9.0) - With ubuntu: precise, trusty, xenial, or yakkety (12.04, 14.04, 16.04, 16.10) # wget http://nginx.org/keys/nginx_signing.key # apt-key add nginx_signing.key # apt-get update # apt-get install nginx
MORE INFORMATION AT NGINX.COM NGINX Installation: CentOS/Red Hat [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 Create /etc/yum.repos.d/nginx.repo with the following contents: • OS – centos or rhel depending on your distro • OSRELEASE – 6 or 7 for 6.x or 7.x versions, respectively # yum install nginx # systemctl enable nginx # systemctl start nginx # firewall-cmd --zone=public --add-port=80/tcp –permanent # firewall-cmd --reload
MORE INFORMATION AT NGINX.COM NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop-down list • Instructions similar to OSS installation • Mostly just using different repo and installing client certificate
MORE INFORMATION AT NGINX.COM Verifying Installation $ nginx -v nginx version: nginx/1.13.3 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process … nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
MORE INFORMATION AT NGINX.COM Verifying Installation
MORE INFORMATION AT NGINX.COM Key NGINX Commands nginx -h Shows all command line options nginx -t Configuration syntax check nginx -T Displays full, concatenated configuration nginx -V Shows version and build details nginx –s reload Gracefully reload NGINX processes $ sudo nginx –t && sudo nginx –s reload nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
MORE INFORMATION AT NGINX.COM NGINX Installation Misc • For open source NGINX: • http://nginx.org/en/linux_packages.html (pre-built packages & modules) • http://nginx.org/en/download.html (sources) • For NGINX Plus: • https://www.nginx.com/products/technical-specs/ (OS and modules) • https://cs.nginx.com/repo_setup (installation instructions)
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and Logging
MORE INFORMATION AT NGINX.COM Key Files and Directories • /etc/nginx − Parent directory for all NGINX configuration • /etc/nginx/nginx.conf − Top-level NGINX configuration, not modified often • /etc/nginx/conf.d/default.conf − Configuration for “welcome to nginx” page • /etc/nginx/conf.d/*.conf − Configuration for virtual servers and upstreams; for example, www.example.com.conf
MORE INFORMATION AT NGINX.COM Basic Web Server Configuration server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } } Root location (/) specifies that: www.example.com/ maps to /usr/share/nginx/html/index.html (then index.htm) www.example.com/i/file.txt maps to /usr/share/nginx/html/i/file.txt • server defines the context for a virtual server • listen specifies IP address/port that NGINX listens on; if no IP address (as here), NGINX binds to all IP addresses on system • default_server specifies to use this server if hostname is not known • server_name specifies hostname of virtual server
MORE INFORMATION AT NGINX.COM Basic SSL Configuration server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; location / { root /usr/share/nginx/html; index index.html index.htm; } } • Force all traffic to SSL • Good for SEO • Use Let’s Encrypt to get free SSL certificates • Enable HTTP/2 with additional listen parameter (requires OpenSSL ≥1.0.2) server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; location / { root /usr/share/nginx/html; index index.html index.htm; } } $ openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:E CDHE-ECDSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-SHA384:ECDH…
MORE INFORMATION AT NGINX.COM Basic Reverse Proxy Configuration server { listen 80 default_server; location ~ [^/].php(/|$) { fastcgi_split_path_info ^(.+?.php)(/.*)$; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } • Requires PHP FPM: apt-get install –y php7.0-fpm • Can also use PHP 5 • Similar directives available for SCGI and uwsgi • Additional PHP FPM configuration may be required
MORE INFORMATION AT NGINX.COM Basic Load Balancing Configuration upstream my_upstream { server server1.example.com; server server2.example.com; least_conn; } server { location / { proxy_pass http://my_upstream; proxy_set_header Host $host; } } • Default load balancing algorithm is Round Robin • least_conn selects server with fewest active connections • By default NGINX rewrites Host header to name and port of proxied server • proxy_set_header overrides and passes through original client Host header • least_time factors in connection count and server response time (available in NGINX Plus only)
MORE INFORMATION AT NGINX.COM Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; #proxy_cache_valid 5m; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_path defines the disk layout, size and location, and other parameters of the cache • proxy_cache enables caching for this context • proxy_cache_valid for when upstream returns no Cache- Control header
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and Logging
MORE INFORMATION AT NGINX.COM Modifications to Main nginx.conf user nginx; worker_processes auto; # ... http { # ... keepalive_timeout 300s; keepalive_requests 100000; } • Set in main nginx.conf file. • Default value for worker_processes varies by system and installation source. • auto means to create one worker process per core. This is recommended for most deployments. • keepalive_timeout controls how long to keep idle connections to clients open (default: 75 seconds). • keeplive_requests limits the number of requests per connection before it’s closed (default: 100). • keepalive_* directives can be overridden per virtual server and per location.
MORE INFORMATION AT NGINX.COM HTTP/1.1 Keepalive to Upstreams upstream my_upstream { server server1.example.com; keepalive 32; } server { location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://my_upstream; } } • keepalive enables TCP connection cache and sets max idle connections per worker (does not limit the number of upstream connections). • By default NGINX uses HTTP/1.0 with Connection: Close • proxy_http_version upgrades connection to HTTP/1.1 • proxy_set_header enables keepalive by clearing Connection: Close HTTP header
MORE INFORMATION AT NGINX.COM SSL Session Caching server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; } • Improves SSL/TLS performance • 1 MB session cache can store about 4,000 sessions • Cache shared across all NGINX workers
MORE INFORMATION AT NGINX.COM Improved Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error updating; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_revalidate instructs NGINX to use If-Modified-Since when refreshing cache • proxy_cache_background_update instructs NGINX to revalidate asynchronously, without delaying the client • proxy_cache_use_stale instructs NGINX to send expired cache entries under certain circumstances and will honor Stale-while-revalidate and Stale-if-error parameters
MORE INFORMATION AT NGINX.COM Load Balancing with Health Checks Configuration upstream my_upstream { zone my_upstream 64k; server server1.example.com slow_start=30s; server server2.example.com slow_start=30s; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; health_check uri=/health mandatory; } } • Polls /health every 5 seconds • If response is not 2xx or 3xx, server is marked as failed • Traffic to recovered/new servers slowly ramps up traffic over 30 seconds • Many additional configurable parameters • Exclusive to NGINX Plus
MORE INFORMATION AT NGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and logging
MORE INFORMATION AT NGINX.COM NGINX Stub Status Module server { location /basic_status { stub_status; } } • Provides aggregated NGINX statistics • Restrict access so it’s not publicly visible $ curl http://www.example.com/basic_status Active connections: 1 server accepts handled requests 7 7 7 Reading: 0 Writing: 1 Waiting: 0
MORE INFORMATION AT NGINX.COM NGINX Plus Extended Status Module • Provides detailed NGINX Plus statistics • Over 40 additional metrics • Monitoring GUI also available; see demo.nginx.com • Exclusive to NGINX Plus upstream my_upstream { server server1.example.com; zone my_upstream 64k; } server { status_zone my_virtual_server; location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } } $ curl https://www.nginx.com/resource/conf/status.conf > /etc/nginx/conf.d/status.conf
MORE INFORMATION AT NGINX.COM ● Over 40 additional metrics compared to open source NGINX ● Per virtual server and per backend server statistics ● JSON output to export to your favorite monitoring tool "nginx_build": "nginx-plus-r12-p2", "nginx_version": "1.11.10", "pid": 98240, "ppid": 50622, "processes": { "respawned": 0 }, "requests": { "current": 1, "total": 9915307 }, "server_zones": { "hg.nginx.org": { "discarded": 9150, "processing": 0, "received": 146131844, "requests": 597471, "responses": { "1xx": 0, "2xx": 561986, "3xx": 12839, "4xx": 7081, "5xx": 6415, "total": 588321 }, "sent": 14036626711 }, NGINX Plus Dashboard
MORE INFORMATION AT NGINX.COM NGINX Access Logs 192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:26 -0700] "GET /favicon.ico HTTP/1.1" 404 571 "http://fmemon-redhat.local/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:31 -0700] "GET /basic_status HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" • Enabled by default. Can be disabled with the access_log off directive. • By default lists client IP address, date, request , referrer, user agent, etc. Can add additional NGINX variables, e.g. timing; see nginx.org/en/docs/varindex.html. • Log format configurable with the log_format directive
MORE INFORMATION AT NGINX.COM Default Log Files • /var/log/nginx/access.log − Details about requests and responses • /var/log/nginx/error.log − Details about NGINX errors log_format simple escape=json '{"timestamp":"$time_iso8601","client":"$remote_addr","uri":"$uri","status":"$status"}'; server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } access_log /var/log/nginx/example.log simple; error_log /var/log/nginx/example_error.log debug; }
MORE INFORMATION AT NGINX.COM Summary • We recommend using the NGINX mainline branch for most deployments • Put all configuration in separate files in /etc/nginx/conf.d • Forcing all traffic to SSL improves security and improves search rankings • Use keepalive connections improve performance by reusing TCP connections • SSL session caching and HTTP/2 improve SSL performance • NGINX status module and logging capability provide visibility Try NGINX Plus for free at nginx.com/free-trial-request
MORE INFORMATION AT NGINX.COM Documentation Resources • Admin Guide and Tutorials http://docs.nginx.com/ • Module and directive reference http://www.nginx.org/en/docs • Shortcut to specific directive documentation http://nginx.org/r/directive_name • Technical blogs and how-to guides https://www.nginx.com/blog/
Q&A
MORE INFORMATION AT NGINX.COM Upcoming Webinars • Rate Limiting with NGINX and NGINX Plus (July 26, 2017, 10:00 AM PDT) • Introduction to (Micro)Service Meshes – O’Reilly Webinar (July 27, 2017, 11:00 AM CEST ) • Performance Tuning and Benchmarking Best Practices (August 23, 11:00 AM CEST) Register at nginx.com/webinars

More Related Content

PPTX
Nginx
byDhrubaji Mandal ♛
 
PPTX
Introduction to NGINX web server
byMd Waresul Islam
 
PDF
Nginx Essential
byGong Haibing
 
PDF
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
ODP
Introduction to Nginx
byKnoldus Inc.
 
PPTX
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
byAmit Aggarwal
 
PPTX
High Availability Content Caching with NGINX
byNGINX, Inc.
 
PPTX
Learn nginx in 90mins
byLarry Cai
 
Nginx
byDhrubaji Mandal ♛
 
Introduction to NGINX web server
byMd Waresul Islam
 
Nginx Essential
byGong Haibing
 
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
Introduction to Nginx
byKnoldus Inc.
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
byAmit Aggarwal
 
High Availability Content Caching with NGINX
byNGINX, Inc.
 
Learn nginx in 90mins
byLarry Cai
 

What's hot

PPTX
Nginx
byGeeta Vinnakota
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
PPTX
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
PPTX
5 things you didn't know nginx could do
bysarahnovotny
 
PDF
Nginx dhruba mandal
byDhrubaji Mandal ♛
 
PPTX
NGINX Installation and Tuning
byNGINX, Inc.
 
PPTX
Load Balancing and Scaling with NGINX
byNGINX, Inc.
 
PDF
NGINX ADC: Basics and Best Practices
byNGINX, Inc.
 
PDF
Introduction to Kubernetes RBAC
byKublr
 
PPTX
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
PPTX
Jenkins
byLhouceine OUHAMZA
 
PDF
An Introduction of Node Package Manager (NPM)
byiFour Technolab Pvt. Ltd.
 
PDF
Getting Started with Kubernetes
byVMware Tanzu
 
PDF
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
byJi-Woong Choi
 
PPTX
Introduction to helm
byJeeva Chelladhurai
 
PDF
Introduction to GitHub Actions
byBo-Yi Wu
 
PDF
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
PDF
IT Automation with Ansible
byRayed Alrashed
 
PDF
Monitoring Kubernetes with Prometheus
byGrafana Labs
 
PPTX
HTTP2 and gRPC
byGuo Jing
 
Nginx
byGeeta Vinnakota
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
5 things you didn't know nginx could do
bysarahnovotny
 
Nginx dhruba mandal
byDhrubaji Mandal ♛
 
NGINX Installation and Tuning
byNGINX, Inc.
 
Load Balancing and Scaling with NGINX
byNGINX, Inc.
 
NGINX ADC: Basics and Best Practices
byNGINX, Inc.
 
Introduction to Kubernetes RBAC
byKublr
 
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
Jenkins
byLhouceine OUHAMZA
 
An Introduction of Node Package Manager (NPM)
byiFour Technolab Pvt. Ltd.
 
Getting Started with Kubernetes
byVMware Tanzu
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
byJi-Woong Choi
 
Introduction to helm
byJeeva Chelladhurai
 
Introduction to GitHub Actions
byBo-Yi Wu
 
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
IT Automation with Ansible
byRayed Alrashed
 
Monitoring Kubernetes with Prometheus
byGrafana Labs
 
HTTP2 and gRPC
byGuo Jing
 

Similar to NGINX: Basics & Best Practices - EMEA Broadcast

PDF
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
byOrtus Solutions, Corp
 
PDF
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 
PPTX
NGINX 101 - now with more Docker
bysarahnovotny
 
PPTX
NGINX 101 - now with more Docker
bySarah Novotny
 
PDF
How to Get Started With NGINX
byNGINX, Inc.
 
PPTX
NGINX: Back to Basics – APCJ
byNGINX, Inc.
 
PPTX
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
KEY
Nginx - Tips and Tricks.
byHarish S
 
PDF
Best Practices for Getting Started with NGINX Open Source
byNGINX, Inc.
 
PDF
NginX - good practices, tips and advanced techniques
byClaudio Borges
 
PPTX
5 things you didn't know nginx could do velocity
bysarahnovotny
 
PDF
Стажировка 2015. Разработка. Занятие 5. Использование nginx
by7bits
 
PPTX
What's New in NGINX Plus R7?
byNGINX, Inc.
 
PDF
Using NGINX as an Effective and Highly Available Content Cache
byKevin Jones
 
PDF
Install nginx on ubuntu 21.04 server
byLinuxConcept
 
PPTX
NGINX Basics and Best Practices Workshop
byNGINX, Inc.
 
PDF
What is Nginx and Why You Should to Use it with Wordpress Hosting
byWPSFO Meetup Group
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes
byNGINX, Inc.
 
PDF
Nginx
byShaopeng He
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
byOrtus Solutions, Corp
 
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 
NGINX 101 - now with more Docker
bysarahnovotny
 
NGINX 101 - now with more Docker
bySarah Novotny
 
How to Get Started With NGINX
byNGINX, Inc.
 
NGINX: Back to Basics – APCJ
byNGINX, Inc.
 
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
Nginx - Tips and Tricks.
byHarish S
 
Best Practices for Getting Started with NGINX Open Source
byNGINX, Inc.
 
NginX - good practices, tips and advanced techniques
byClaudio Borges
 
5 things you didn't know nginx could do velocity
bysarahnovotny
 
Стажировка 2015. Разработка. Занятие 5. Использование nginx
by7bits
 
What's New in NGINX Plus R7?
byNGINX, Inc.
 
Using NGINX as an Effective and Highly Available Content Cache
byKevin Jones
 
Install nginx on ubuntu 21.04 server
byLinuxConcept
 
NGINX Basics and Best Practices Workshop
byNGINX, Inc.
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
byWPSFO Meetup Group
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes
byNGINX, Inc.
 
Nginx
byShaopeng He
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PDF
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 

Recently uploaded

PPSX
Domain Centered Architecture for complex business domains
byRob Vens
 
PPTX
Systems Programming Lecture Compute.pptx
byAdekunle25
 
PPT
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
DOCX
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
PDF
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
PPT
Lexical and Syntax Analysis top down parsers
bymjmansoori54
 
PDF
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
DOCX
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
PDF
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
PDF
Scraping Amazon Prime Watchlist Data for Viewing Patterns.pdf
byyashpatric
 
PPT
preliminaries, concepts of programming languages
bymjmansoori54
 
PDF
VADY Data Analytics Solutions – Effortless AI-Powered Decision-Making for Eve...
byNewFangledVision
 
PDF
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
PDF
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
PDF
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
PPTX
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
PDF
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
PDF
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
PPTX
AI-Powered Intelligent Agents for Fraud Detection
byleolucus1995
 
PDF
The Rise of AI Agents: Powering the Next Industrial Era
byMaxim Salnikov
 
Domain Centered Architecture for complex business domains
byRob Vens
 
Systems Programming Lecture Compute.pptx
byAdekunle25
 
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
Lexical and Syntax Analysis top down parsers
bymjmansoori54
 
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
Scraping Amazon Prime Watchlist Data for Viewing Patterns.pdf
byyashpatric
 
preliminaries, concepts of programming languages
bymjmansoori54
 
VADY Data Analytics Solutions – Effortless AI-Powered Decision-Making for Eve...
byNewFangledVision
 
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
AI-Powered Intelligent Agents for Fraud Detection
byleolucus1995
 
The Rise of AI Agents: Powering the Next Industrial Era
byMaxim Salnikov
 

NGINX: Basics & Best Practices - EMEA Broadcast

  • 1.
    NGINX: Basics and BestPractices Liam Crilly Director of Product Management liam@nginx.com
  • 2.
    Internet Web Server Serve contentfrom disk Application Gateway FastCGI, uWSGI, Passenger… Reverse Proxy Caching, load balancing… HTTP Traffic NGINX Overview
  • 3.
    MORE INFORMATION ATNGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Logging and Monitoring
  • 4.
    MORE INFORMATION ATNGINX.COM NGINX Installation Options • Official NGINX repo • Mainline (recommended) – Actively developed; new minor releases made every 4-6 weeks with new features and enhancements. • Stable − Updated only when critical issues or security vulnerabilities need to be fixed. • OS vendor and other third-party repos • Not as frequently updated; Debian Jessie has NGINX 1.6.2 (Sep- 2014) • Typically built off NGINX Stable branch
  • 5.
    MORE INFORMATION ATNGINX.COM NGINX Mainline vs. Stable
  • 6.
    MORE INFORMATION ATNGINX.COM NGINX Installation: Debian/Ubuntu deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx Create /etc/apt/sources.list.d/nginx.list with the following contents: • OS – ubuntu or debian depending on your distro • CODENAME – - With debian: wheezy, jessie, or stretch (7.0, 8.0, 9.0) - With ubuntu: precise, trusty, xenial, or yakkety (12.04, 14.04, 16.04, 16.10) # wget http://nginx.org/keys/nginx_signing.key # apt-key add nginx_signing.key # apt-get update # apt-get install nginx
  • 7.
    MORE INFORMATION ATNGINX.COM NGINX Installation: CentOS/Red Hat [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 Create /etc/yum.repos.d/nginx.repo with the following contents: • OS – centos or rhel depending on your distro • OSRELEASE – 6 or 7 for 6.x or 7.x versions, respectively # yum install nginx # systemctl enable nginx # systemctl start nginx # firewall-cmd --zone=public --add-port=80/tcp –permanent # firewall-cmd --reload
  • 8.
    MORE INFORMATION ATNGINX.COM NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop-down list • Instructions similar to OSS installation • Mostly just using different repo and installing client certificate
  • 9.
    MORE INFORMATION ATNGINX.COM Verifying Installation $ nginx -v nginx version: nginx/1.13.3 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process … nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
  • 10.
    MORE INFORMATION ATNGINX.COM Verifying Installation
  • 11.
    MORE INFORMATION ATNGINX.COM Key NGINX Commands nginx -h Shows all command line options nginx -t Configuration syntax check nginx -T Displays full, concatenated configuration nginx -V Shows version and build details nginx –s reload Gracefully reload NGINX processes $ sudo nginx –t && sudo nginx –s reload nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
  • 12.
    MORE INFORMATION ATNGINX.COM NGINX Installation Misc • For open source NGINX: • http://nginx.org/en/linux_packages.html (pre-built packages & modules) • http://nginx.org/en/download.html (sources) • For NGINX Plus: • https://www.nginx.com/products/technical-specs/ (OS and modules) • https://cs.nginx.com/repo_setup (installation instructions)
  • 13.
    MORE INFORMATION ATNGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and Logging
  • 14.
    MORE INFORMATION ATNGINX.COM Key Files and Directories • /etc/nginx − Parent directory for all NGINX configuration • /etc/nginx/nginx.conf − Top-level NGINX configuration, not modified often • /etc/nginx/conf.d/default.conf − Configuration for “welcome to nginx” page • /etc/nginx/conf.d/*.conf − Configuration for virtual servers and upstreams; for example, www.example.com.conf
  • 15.
    MORE INFORMATION ATNGINX.COM Basic Web Server Configuration server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } } Root location (/) specifies that: www.example.com/ maps to /usr/share/nginx/html/index.html (then index.htm) www.example.com/i/file.txt maps to /usr/share/nginx/html/i/file.txt • server defines the context for a virtual server • listen specifies IP address/port that NGINX listens on; if no IP address (as here), NGINX binds to all IP addresses on system • default_server specifies to use this server if hostname is not known • server_name specifies hostname of virtual server
  • 16.
    MORE INFORMATION ATNGINX.COM Basic SSL Configuration server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; location / { root /usr/share/nginx/html; index index.html index.htm; } } • Force all traffic to SSL • Good for SEO • Use Let’s Encrypt to get free SSL certificates • Enable HTTP/2 with additional listen parameter (requires OpenSSL ≥1.0.2) server { listen 80 default_server; server_name www.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; location / { root /usr/share/nginx/html; index index.html index.htm; } } $ openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:E CDHE-ECDSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-SHA384:ECDH…
  • 17.
    MORE INFORMATION ATNGINX.COM Basic Reverse Proxy Configuration server { listen 80 default_server; location ~ [^/].php(/|$) { fastcgi_split_path_info ^(.+?.php)(/.*)$; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } • Requires PHP FPM: apt-get install –y php7.0-fpm • Can also use PHP 5 • Similar directives available for SCGI and uwsgi • Additional PHP FPM configuration may be required
  • 18.
    MORE INFORMATION ATNGINX.COM Basic Load Balancing Configuration upstream my_upstream { server server1.example.com; server server2.example.com; least_conn; } server { location / { proxy_pass http://my_upstream; proxy_set_header Host $host; } } • Default load balancing algorithm is Round Robin • least_conn selects server with fewest active connections • By default NGINX rewrites Host header to name and port of proxied server • proxy_set_header overrides and passes through original client Host header • least_time factors in connection count and server response time (available in NGINX Plus only)
  • 19.
    MORE INFORMATION ATNGINX.COM Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; #proxy_cache_valid 5m; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_path defines the disk layout, size and location, and other parameters of the cache • proxy_cache enables caching for this context • proxy_cache_valid for when upstream returns no Cache- Control header
  • 20.
    MORE INFORMATION ATNGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and Logging
  • 21.
    MORE INFORMATION ATNGINX.COM Modifications to Main nginx.conf user nginx; worker_processes auto; # ... http { # ... keepalive_timeout 300s; keepalive_requests 100000; } • Set in main nginx.conf file. • Default value for worker_processes varies by system and installation source. • auto means to create one worker process per core. This is recommended for most deployments. • keepalive_timeout controls how long to keep idle connections to clients open (default: 75 seconds). • keeplive_requests limits the number of requests per connection before it’s closed (default: 100). • keepalive_* directives can be overridden per virtual server and per location.
  • 22.
    MORE INFORMATION ATNGINX.COM HTTP/1.1 Keepalive to Upstreams upstream my_upstream { server server1.example.com; keepalive 32; } server { location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://my_upstream; } } • keepalive enables TCP connection cache and sets max idle connections per worker (does not limit the number of upstream connections). • By default NGINX uses HTTP/1.0 with Connection: Close • proxy_http_version upgrades connection to HTTP/1.1 • proxy_set_header enables keepalive by clearing Connection: Close HTTP header
  • 23.
    MORE INFORMATION ATNGINX.COM SSL Session Caching server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt ssl_certificate_key cert.key ssl_ciphers HIGH; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; } • Improves SSL/TLS performance • 1 MB session cache can store about 4,000 sessions • Cache shared across all NGINX workers
  • 24.
    MORE INFORMATION ATNGINX.COM Improved Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error updating; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_revalidate instructs NGINX to use If-Modified-Since when refreshing cache • proxy_cache_background_update instructs NGINX to revalidate asynchronously, without delaying the client • proxy_cache_use_stale instructs NGINX to send expired cache entries under certain circumstances and will honor Stale-while-revalidate and Stale-if-error parameters
  • 25.
    MORE INFORMATION ATNGINX.COM Load Balancing with Health Checks Configuration upstream my_upstream { zone my_upstream 64k; server server1.example.com slow_start=30s; server server2.example.com slow_start=30s; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; health_check uri=/health mandatory; } } • Polls /health every 5 seconds • If response is not 2xx or 3xx, server is marked as failed • Traffic to recovered/new servers slowly ramps up traffic over 30 seconds • Many additional configurable parameters • Exclusive to NGINX Plus
  • 26.
    MORE INFORMATION ATNGINX.COM Agenda • Installing NGINX and NGINX Plus • Basic Configurations • Improving Performance and Reliability • Monitoring and logging
  • 27.
    MORE INFORMATION ATNGINX.COM NGINX Stub Status Module server { location /basic_status { stub_status; } } • Provides aggregated NGINX statistics • Restrict access so it’s not publicly visible $ curl http://www.example.com/basic_status Active connections: 1 server accepts handled requests 7 7 7 Reading: 0 Writing: 1 Waiting: 0
  • 28.
    MORE INFORMATION ATNGINX.COM NGINX Plus Extended Status Module • Provides detailed NGINX Plus statistics • Over 40 additional metrics • Monitoring GUI also available; see demo.nginx.com • Exclusive to NGINX Plus upstream my_upstream { server server1.example.com; zone my_upstream 64k; } server { status_zone my_virtual_server; location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } } $ curl https://www.nginx.com/resource/conf/status.conf > /etc/nginx/conf.d/status.conf
  • 29.
    MORE INFORMATION ATNGINX.COM ● Over 40 additional metrics compared to open source NGINX ● Per virtual server and per backend server statistics ● JSON output to export to your favorite monitoring tool "nginx_build": "nginx-plus-r12-p2", "nginx_version": "1.11.10", "pid": 98240, "ppid": 50622, "processes": { "respawned": 0 }, "requests": { "current": 1, "total": 9915307 }, "server_zones": { "hg.nginx.org": { "discarded": 9150, "processing": 0, "received": 146131844, "requests": 597471, "responses": { "1xx": 0, "2xx": 561986, "3xx": 12839, "4xx": 7081, "5xx": 6415, "total": 588321 }, "sent": 14036626711 }, NGINX Plus Dashboard
  • 30.
    MORE INFORMATION ATNGINX.COM NGINX Access Logs 192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:26 -0700] "GET /favicon.ico HTTP/1.1" 404 571 "http://fmemon-redhat.local/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:31 -0700] "GET /basic_status HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" • Enabled by default. Can be disabled with the access_log off directive. • By default lists client IP address, date, request , referrer, user agent, etc. Can add additional NGINX variables, e.g. timing; see nginx.org/en/docs/varindex.html. • Log format configurable with the log_format directive
  • 31.
    MORE INFORMATION ATNGINX.COM Default Log Files • /var/log/nginx/access.log − Details about requests and responses • /var/log/nginx/error.log − Details about NGINX errors log_format simple escape=json '{"timestamp":"$time_iso8601","client":"$remote_addr","uri":"$uri","status":"$status"}'; server { listen 80 default_server; server_name www.example.com; location / { root /usr/share/nginx/html; index index.html index.htm; } access_log /var/log/nginx/example.log simple; error_log /var/log/nginx/example_error.log debug; }
  • 32.
    MORE INFORMATION ATNGINX.COM Summary • We recommend using the NGINX mainline branch for most deployments • Put all configuration in separate files in /etc/nginx/conf.d • Forcing all traffic to SSL improves security and improves search rankings • Use keepalive connections improve performance by reusing TCP connections • SSL session caching and HTTP/2 improve SSL performance • NGINX status module and logging capability provide visibility Try NGINX Plus for free at nginx.com/free-trial-request
  • 33.
    MORE INFORMATION ATNGINX.COM Documentation Resources • Admin Guide and Tutorials http://docs.nginx.com/ • Module and directive reference http://www.nginx.org/en/docs • Shortcut to specific directive documentation http://nginx.org/r/directive_name • Technical blogs and how-to guides https://www.nginx.com/blog/
  • 34.
  • 35.
    MORE INFORMATION ATNGINX.COM Upcoming Webinars • Rate Limiting with NGINX and NGINX Plus (July 26, 2017, 10:00 AM PDT) • Introduction to (Micro)Service Meshes – O’Reilly Webinar (July 27, 2017, 11:00 AM CEST ) • Performance Tuning and Benchmarking Best Practices (August 23, 11:00 AM CEST) Register at nginx.com/webinars

Editor's Notes

  • #3 You have all heard of NGINX, and maybe you have used it But NGINX is extremely versatile so I want to start by outlining the three most common use cases 1. Reverse Proxy That sits between the clients and the back-end website or application This provides a reliable endpoint for clients and makes life easier for the back-end: improving overall performance Providing high availability And enabling you to scale-out the back-end In addition, NGINX can cache both static and dynamic content to improve overall performance. 2. Web Server NGINX is a fully featured web server that can directly serve static content. NGINX can scale to handle hundreds of thousands of clients simultaneously, and serve hundreds of thousands of content resources per second. 3. Application Gateway NGINX handles all HTTP traffic, and forwards requests in a smooth, controlled manner to PHP, Ruby, Java, and other application types, using FastCGI, uWSGI, and Linux sockets. Together, NGINX gives you all the tools you need to deliver your application securely and reliably.
  • #4 Configuration examples for: Web server SSL termination Application reverse proxy Load balancing Content caching
  • #5 NGINX is open source and of course sources are available Not going to cover that here I strongly recommend you use one of our our pre-built packages 2 branches Mainline == not a development branch – full QA process, updated every 6 weeks Stable == the same but updated annually Ubuntu does better - 16.04 LTS == 1.10.3 (Jan-2017)
  • #6 Odd and even numbering Stable = annual snapshot of mainline – once a year is the most recent build No different to mainline except it doesn’t receive new features and only gets major bug fixes Follow the bottom line
  • #7 Note that these command run as root (or with sudo)
  • #9 I will also mention NGINX Plus, our commercial software With support and additional functionality
  • #10 If you don’t see nginx running then possible contention for port 80, especially if you already have with Apache installed
  • #11 To wherever you installed NGINX
  • #12 “Build details” include OpenSSL version, static modules After config change: -t && -s FOR VISIBILITY OF ERRORS Reloads are completely seamless
  • #13 To wrap up on installation… OSS – other CPU architectures Compiling from source is possible but outside the scope of this webinar
  • #15 - Some recommended tweaks to nginx.conf - We recommend configuration to be put into conf.d directory, not sites-enabled or sites-available
  • #16 Very basic configuration that listens on port 80 server_name for when you have multiple virtual servers on this instance
  • #17 OpenSSL 1.0.2 available in Ubuntu 16 Debian 9 (Stretch)
  • #18 Location tilde (~) indicates regexp fastcgi_split_path_info populates the FastCGI environment variables SCRIPT_FILENAME and PATH_INFO Search our blog for wordpress configuration and tuning
  • #19 proxy_pass -- Put an underscore in your upstream name to distinguish it from a FQDN
  • #20 By default, NGINX will honour the cache-control headers provided by the upstream. If none then use proxy_cache_valid to specify how long responses should be cached for.
  • #21 - We will
  • #23 Significant performance improvements keepalive number does not limit the number of upstream connections
  • #25 Lots of options for caching Going to focus on some new functionality here
  • #26 This one is only available with NGINX Plus
  • #27 - We will
  • #30 Significant effort went into enhancing the extended status API and Dashboard NGINX Plus provides rich metrics to measure performance, health and activity. These inform configuration, sizing and troubleshooting activities.
  • #31 The NGNIX uses the COMBINED LOG FORMAT by default – also used by Apache
  • #34 The slash-r (/r) redirect is a reward for making it to the end of the webinar / INSIDER TIP