Nginx

Jump to: navigation, search
  • Nginx icon.png Nginx
    nginx
  • nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server
  • Developer:
    Igor Sysoev and Nginx, Inc.
  • License:
    2-Clause BSD License
  • Website:
    Please add website...

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 22.36% busiest sites in November 2021. Here are some of the success stories: Dropbox, Netflix, Wordpress.com, FastMail.FM.

Features

Basic HTTP server features

  • Serving static and index files, autoindexing; open file descriptor cache;
  • Accelerated reverse proxying with caching; load balancing and fault tolerance;
  • Accelerated support with caching of FastCGI, uwsgi, SCGI, and memcached servers; load balancing and fault tolerance;
  • Modular architecture. Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, and image transformation filter. Multiple SSI inclusions within a single page can be processed in parallel if they are handled by proxied or FastCGI/uwsgi/SCGI servers;
  • SSL and TLS SNI support;
  • Support for HTTP/2 with weighted and dependency-based prioritization.

Other HTTP server features

  • Name-based and IP-based virtual servers;
  • Keep-alive and pipelined connections support;
  • Access log formats, buffered log writing, fast log rotation, and syslog logging;
  • 3xx-5xx error codes redirection;
  • The rewrite module: URI changing using regular expressions;
  • Executing different functions depending on the client address;
  • Access control based on client IP address, by password (HTTP Basic authentication) and by the result of subrequest;
  • Validation of HTTP referer;
  • The PUT, DELETE, MKCOL, COPY, and MOVE methods;
  • FLV and MP4 streaming;
  • Response rate limiting;
  • Limiting the number of simultaneous connections or requests coming from one address;
  • IP-based geolocation;
  • A/B testing;
  • Request mirroring;
  • Embedded Perl;
  • njs scripting language.

Mail proxy server features

  • User redirection to IMAP or POP3 server using an external HTTP authentication server;
  • User authentication using an external HTTP authentication server and connection redirection to an internal SMTP server;
  • Authentication methods:
  • POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5;
  • IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5;
  • SMTP: AUTH LOGIN/PLAIN/CRAM-MD5;
  • SSL support;
  • STARTTLS and STLS support.

TCP/UDP proxy server features

  • Generic proxying of TCP and UDP;
  • SSL and TLS SNI support for TCP;
  • Load balancing and fault tolerance;
  • Access control based on client address;
  • Executing different functions depending on the client address;
  • Limiting the number of simultaneous connections coming from one address;
  • Access log formats, buffered log writing, fast log rotation, and syslog logging;
  • IP-based geolocation;
  • A/B testing;
  • njs scripting language.

Installation

user $ sudo zypper install nginx

Service management

Nginx service is managed by Systemd. To start Nginx, run:

sudo systemctl start nginx

To auto-start Nginx on system booting, run:

sudo systemctl enable nginx

If you changed Nginx configuration, remember to run:

sudo systemctl restart nginx

Configuration

openSUSE has provided a default configuration that works just fine. However, you need to create your own website configuration.

Configure a static website

Under /etc/nginx/vhosts.d/ directory, you can create website config files as many as you want. Usually one file per site, and it can be named as your-domain.conf.

Configure a proxy to Node.js/Go app

Node.js and Go apps can serve HTTP connections by themselves. However, when we deal with SSL, load balancing, micro-services, etc., Nginx gives you a easier and more flexible solution. With Nginx, you don't need to care how your app will be deployed when coding.

Single instance

server {
    listen 80; # IPv4
    listen [::]:80; # IPv6

    server_name  example.com;

    location / {
        proxy_pass http://127.0.0.1:3000; # URL to the Node.js app
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }
}

Load balancing

Here are many reasons to use load balancing for large websites. Nginx makes load balancing easy:

upstream backend {
    server 192.168.1.1:3333; # URL your Node.js app instance
    server 192.168.1.2:3333; # URL your Node.js app instance
    server 192.168.1.3:3333; # URL your Node.js app instance
    server 192.168.1.4:3333; # URL your Node.js app instance
    server 192.168.1.5:3333; # URL your Node.js app instance
    server 192.168.1.6:3333; # URL your Node.js app instance
    server 192.168.1.7:3333; # URL your Node.js app instance
    server 192.168.1.8:3333; # URL your Node.js app instance
}

server {
    listen 80; # IPv4
    listen [::]:80; # IPv6

    server_name  example.com;

    location / {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }
}

Micro services

If you have a really powerful server and want to run multiple micro services on it, Nginx allows to split requests to different apps.

server {
    listen 80; # IPv4
    listen [::]:80; # IPv6

    server_name  example.com;

    location /blog {
        proxy_pass http://127.0.0.1:3000; # URL to the Node.js app
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }

    location /forum {
        proxy_pass http://127.0.0.1:4000; # URL to the other Node.js app
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }
}

Troubleshooting

The following issues have solutions.

Problem 1

Explain solutions or give SDB article links.

Problem 2

Explain solutions or give SDB article links.

Known issues

The following issues don't have solutions yet.

Problem 1

Describe the issue and give Bugzilla ticket URL if possible.

Problem 2

Describe the issue and give Bugzilla ticket URL if possible.

Internal links

External links