Nginx
11 Apr 2017 • Leave Comments- Nginx Installation
- Nginx Overview
- Control Signal
- Configuration Tips
- if else
- Number of Connections
- Catch-all Virtual Server
Nginx Installation
~ # dnf install nginx
~ # systemctl enable nginx
~ # systemctl status nginx
Nginx Overview
- Starter
- Nginx has one master process and several worker processes.
- The main purpose of master process is to read and evaluate configurations, maintain worker processes, manage TCP connections etc.
- Worker processes serve client requests. The number of worker processes can be configured and is subject to system resources like number of CPU cores, storage size of HDDs, load pattern etc.
- Nginx employs event-based model and OS-dependent mechanisms to efficiently distribute requests among worker processes.
Control Signal
Test configuration:
~ # nginx -t
Start Nginx:
~ # nginx -p </path/to/prefix>
We can control Nginx with the nginx -s <signal>
option:
- reload - reloading Nginx configuration
- reopen - log file rotation
- quit - gracefully shutdown Nginx. Stop only all current requests are served.
- stop - fast shutdown.
We can also control Nginx by sending signal to the master process directly. For example, kill -HUP <master-pid>
is an equivalent of nginx -s reload
. By the way, systemctl reload nginx
is just a wrapper of nginx -s reload
.
Configuration Tips
Do not Repeat Yourself.
- Set directives at their broadest applicable context.
-
Modular configuration. Different configuration files or directories can be integrated into nginx.conf by the include directive.
Here is the common list of configuration modules.
- sites-available
- sites-enabled - symbolic links to sites-available
- default.d
- modules.d
- conf.d
- stream.d
if else
Nginx if does not support logical AND or OR, so we have to add a particular if directive for each condition. For logical OR, that is enough. But for logical AND, we also set a variable and then concatenate different flags from those if directives. Then, a last if directive is used to check the variable value, as below.
if ($request_uri = /) {
set $con root;
}
if ($host ~* example.com) {
set $con "${con}+example.com";
}
if ($http_cookie !~* "auth_token") {
set $con "${con}+no_auth_token";
}
if ($con = "root+example.com+no_auth_token") {
return 403;
}
Number of Connections
By default, a single worker process allows 1024 connections simutaneously. We can litmit the number by:
events {
worker_connections 50;
}
Catch-all Virtual Server
# catch-all 'default_server' vhosts
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
# Use "$host" instead of "$server_name" unless you have special needs.
#return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
}
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
# Let's Encrypt will start offer wildcard certs beginning 2018
ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
return 404;
}
error_page 404 /40x.html;
location = /40x.html {
internal;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
internal;
}
}
- All HTTP requests are redirected (301) to HTTPS.
- Trigger 404 code, telling end users that the request is not expected.
- Attention to
server_name: _;
. It is not a must.