Chintan Boghara

Mastering NGINX: A Comprehensive Guide to Installation, Configuration, and Optimization

Unlock the Full Potential of NGINX for Web Serving, Reverse Proxying, Load Balancing, and More

Chintan Boghara's photo
Chintan Boghara
·

4 min read

Mastering NGINX: A Comprehensive Guide to Installation, Configuration, and Optimization

Table of contents

Introduction to NGINX

NGINX is a high-performance HTTP server, reverse proxy, and IMAP/POP3 proxy server. It's known for its speed, stability, and low resource use.

Key Use Cases:

  • Web server

  • Reverse proxy

  • Load balancing

  • HTTP caching

  • Media streaming

Installation of NGINX

On Ubuntu/Debian:

sudo apt update
sudo apt install nginx

On CentOS/RHEL:

sudo yum install epel-release
sudo yum install nginx

Start and Enable NGINX:

sudo systemctl start nginx
sudo systemctl enable nginx

NGINX Basic Configuration

NGINX’s configuration file is located at /etc/nginx/nginx.conf. It consists of the following basic components:

  • Main Context: Global configurations.

  • Events Context: Defines how NGINX handles connections.

  • HTTP Context: Contains settings for web server functionalities.

  • Server Blocks: Equivalent to Apache’s Virtual Hosts.

  • Location Blocks: Define how requests should be processed.

Understanding Configuration Syntax

Here's a simple configuration snippet:

http {
    server {
        listen 80;
        server_name example.com;

        location / {
            root /var/www/html;
            index index.html;
        }
    }
}

  • listen 80: Listen on port 80 (HTTP).

  • server_name: Domain name.

  • location /: Define rules for handling requests to /.

  • root: Root directory for the website.

  • index: Default file to serve.

Server Blocks (Virtual Hosts)

Server blocks allow NGINX to handle multiple domains.

Example:

server {
    listen 80;
    server_name site1.com;

    root /var/www/site1;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

server {
    listen 80;
    server_name site2.com;

    root /var/www/site2;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Reverse Proxy Configuration

A reverse proxy forwards client requests to another server.

Example:

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://backend_server;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Load Balancing

NGINX supports several load balancing methods:

  • Round Robin (default)

  • Least Connections

  • IP Hash

Example:

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
}

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://backend;
    }
}

Caching

NGINX can cache static and dynamic content to improve performance.

Basic caching configuration:

proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=my_cache:10m max_size=10g;
server {
    location / {
        proxy_cache my_cache;
        proxy_pass http://backend;
        add_header X-Cache-Status $upstream_cache_status;
    }
}

Security Best Practices

  • Restrict Access: Use IP whitelisting/blacklisting.

  • Rate Limiting: Prevent DDoS attacks.

      limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
  server {
      location / {
          limit_req zone=mylimit burst=20;
      }
  }

  • SSL/TLS Configuration: Secure your server with HTTPS.

      server {
      listen 443 ssl;
      server_name example.com;

      ssl_certificate /path/to/cert.pem;
      ssl_certificate_key /path/to/key.pem;

      location / {
          root /var/www/html;
          index index.html;
      }
  }

Monitoring and Logging

  • Access Logs: /var/log/nginx/access.log

  • Error Logs: /var/log/nginx/error.log

Modify logging configuration:

http {
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log warn;
}

Advanced Topics

  • NGINX Modules: Extend functionalities with dynamic modules.

  • HTTP/2 Support: Improve performance with multiplexing and header compression.

      listen 443 ssl http2;

  • WebSocket Proxying: Support real-time applications.

      location /ws/ {
      proxy_pass http://backend;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
  }

Performance Tuning

  • Worker Processes: Adjust based on the number of CPU cores.

      worker_processes auto;

  • Connection Handling: Optimize for high concurrency.

      events {
      worker_connections 1024;
  }

Troubleshooting

  • Test Configuration: Check for syntax errors.

      sudo nginx -t

  • Reload Configuration: Apply changes without downtime.

      sudo systemctl reload nginx

Reference

  1. NGINX Official Documentation
    https://nginx.org/en/docs/
    The official NGINX documentation, providing comprehensive details on installation, configuration, and advanced features.

  2. NGINX Installation Guide
    https://nginx.org/en/linux_packages.html
    A guide for installing NGINX on various Linux distributions, including Ubuntu, Debian, CentOS, and RHEL.

  3. NGINX Configuration Guide
    https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/
    Detailed information on managing NGINX configuration files, including contexts, server blocks, and directives.

  4. NGINX Load Balancing Configuration
    https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/
    A guide on configuring load balancing with NGINX, covering various methods such as round robin, least connections, and IP hash.

  5. NGINX Security Best Practices
    https://docs.nginx.com/nginx/admin-guide/security-controls/
    Best practices for securing NGINX, including rate limiting, IP access control, SSL/TLS configuration, and more.

DevopsCloudDevSecOpsSREPlatform Engineering nginx