NGINX Basics

Nginx is a web-server, caching server, reverse proxy, and load balancer, among other things. It is a config-based utility which offers a declarative way of setting up such services quickly.

It can be installed using:

sudo apt install -y nginx

Directory Structure

Here’s what a typical nginx directory structure looks like:

/etc/nginx/             # Main config directory
├── nginx.conf          # Main config file
├── sites-available/    # Virtual host configs (inactive)
├── sites-enabled/      # Active virtual hosts (symlinks)
├── conf.d/             # Additional configs
└── snippets/           # Reusable config parts

/var/www/               # Web root (HTML files)
/var/log/nginx/         # Logs (access & error logs)

/usr/sbin/nginx         # Nginx executable
/usr/share/nginx/       # Default static files & modules

Signals

Signals can be used to control the Nginx processes (master & worker processes) gracefully rather than directly interacting using Linux utilities.

nginx -s SIGNAL

1. stop — fast shutdown
2. quit — graceful shutdown
3. reload — reloads the configuration file
4. reopen — reopening the log files

Web Server

HTTP Server Context

server {
    location /images/ {
        root /data;
    }

    location / {
        proxy_pass http://www.example.com;
    }
}

Location Priority

1. Test the URI against all prefix strings.
2. The = (equals sign) modifier defines an exact match of the URI and a prefix string. If the exact match is found, the search stops.
3. If the ^~ (caret-tilde) modifier prepends the longest matching prefix string, the regular expressions are not checked.
4. Store the longest matching prefix string.
5. Test the URI against regular expressions.
6. Stop processing when the first matching regular expression is found and use the corresponding location.
7. If no regular expression matches, use the location corresponding to the stored prefix string.

Variables

There are a number of predefined variables, such as the core HTTP variables, and you can define custom variables using the set, map, and geo directives. Most variables are computed at runtime and contain information related to a specific request. For example, $remote_addr contains the client IP address, and $uri holds the current URI value. Other variables are $hostname.

Example:

location / {
    index index.$geo.html index.htm index.html;
}

Index Files.

location / {
   index index.$geo.html index.html;
}

Return Status Codes

location /permanently/moved/url {
    return 301 http://www.example.com/moved/here;
}

Autogenerated Listing

location /images/ {
    autoindex on;
}

Increase Connection Queue Size

1. Run the command:

   sudo sysctl -w net.core.somaxconn=4096

2. Use a text editor to add the following line to /etc/sysctl.conf:

   net.core.somaxconn = 4096

Increase the backlog for the listen command:

server {
    listen 80 backlog=4096;
    # ...
}

Add SSL

worker_processes auto;

http {
     ssl_session_cache   shared:SSL:10m;
     ssl_session_timeout 10m;

    server {
        listen              443 ssl;
        server_name         www.example.com;
        keepalive_timeout   70;

        ssl_certificate     www.example.com.crt;
        ssl_certificate_key www.example.com.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        root /data;
        location / {
        
        }
        }
}

Reverse Proxy

To Prevent $host from being changed:

location /some/path/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://localhost:8000;
}

Use proxy_bind to use a particular network interface:

location /some/path/ {
    proxy_bind 127.0.0.2;
    }

Compression

Enable Compression:

gzip on;

To Decompress automatically for unsupported clients:

gunzip on;

Caching Server

http {
    # ...
    proxy_cache_path /data/nginx/cache keys_zone=mycache:10m;
    server {
        proxy_cache mycache;
        location / {
            proxy_pass http://localhost:8000;
        }
    }
}

Use the following to customize key generation for caching:

proxy_cache_key "$host$request_uri$cookie_user";

Minimum number of requests to a key before it’s cached:

proxy_cache_min_uses 5;

proxy_cache_methods GET HEAD POST;

To limit how long cached responses with specific status codes are considered valid, include the proxy_cache_valid directive:

proxy_cache_valid 200 302 10m;
proxy_cache_valid 404      1m;

Full Cache Server Configuration:

http {
    # ...
    proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=mycache:10m purger=on;

    map $request_method $purge_method {
        PURGE 1;
        default 0;
    }

    server {
        listen      80;
        server_name www.example.com;

        location / {
            proxy_pass        https://localhost:8002;
            proxy_cache       mycache;
            proxy_cache_purge $purge_method;
        }
    }

    geo $purge_allowed {
       default         0;
       10.0.0.1        1;
       192.168.0.0/24  1;
    }

    map $request_method $purge_method {
       PURGE   $purge_allowed;
       default 0;
    }
}

Load Balancer

http {
    upstream backend {
        # load-balancing algorithms:
        
        least_conn;
        ip_hash;
        hash $request_uri consistent; # user-defined hash
        
        round_robin; # default
        
        server backend1.example.com weight=5; # higher the better.
        server backend2.example.com max_conns=10 max_fails=3 fail_timeout=30s; 
        server backend2.example.com down; 
        server 192.0.0.1 backup; # back only used when all down.
        
        queue 100 timeout=70; # request queue.
    }

    server {
        location / {
            proxy_pass http://backend;
        }
    }
}