Implementing Nginx as a web server and a reverse proxy (208.4)
Implementing Nginx as a web server and a reverse proxy (208.4)¶
Candidates should be able to install and configure a reverse proxy server, Nginx. Basic configuration of Nginx as a HTTP server is included.
Key Knowledge Areas¶
-
Nginx
-
Reverse Proxy
-
Basic Web Server
Terms and Utilities¶
-
/etc/nginx/
-
nginx
NGINX¶
nginx Nginx can be used as a webserver, an HTTP reverse proxy or as an
IMAP/POP3 proxy. It is pronounced as engine-x
. Nginx is performing so
well that large sites as Netflix, Wordpress and GitHub rely on Nginx. It
doesn't work using threads as most of the other webserver software does
but it's using an event driven (asynchronous) architecture. It has a
small footprint and performs very well under load with predictable usage
of resources. This predictable performance and small memory footprint
makes Nginx interesting in both small and large environments. Nginx is
distributed as Open Source software. There is also 'Nginx Plus', which
is the commercial edition. This book will focus on the Open Source
edition.
Reverse Proxy¶
A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate back-end server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
Common uses for a reverse proxy server include:
-
Load balancing -- A reverse proxy server can act as a "traffic cop," sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
-
Web acceleration -- Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.
-
Security and anonymity -- By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locater or URL regardless of the structure of your local area network.
Using Nginx as reverse HTTP proxy is not hard to configure. A very basic reverse proxy setup might look like this:
1 2 3 4 5 6 |
|
In this example all requests received by Nginx, depending on the
configuration of the server parameters in /etc/nginx/nginx.conf
, are
forwarded to an HTTP server running on localhost and listening on port
8000. The Nginx configuration file looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
|
The line starting with location ~ /\.ht
is added to prevent Nginx of
displaying the content of Apache's .htaccess files. The try_files
line is used to attempt to serve whatever page the visitor requests. If
nginx is unable, then the file is passed to the proxy.
Basic Web Server¶
The default location for the configuration file in Nginx is
/etc/nginx/nginx.conf
.
A basic Nginx configuration, able to serve html files, looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
|
For PHP support Nginx relies on a PHP fast-cgi spawner. Preferable is
php-fpm
which can be found at
http://php-fpm.org. It has some unique features
like adaptive process spawning and statistics and has the ability to
start workers with different uid/gid/chroot/environment and different
php.ini. The safe_mode can be replaced using this feature.
You can add the content below to nginx.conf
. A better practice is to
put the contents in a file and include this file into the main
configuration file of Nginx. Create a file, for example php.conf
and
include the next line at the end of the Nginx main configuration file:
1 |
|
The content of php.conf
:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
|