nginx [engine x] is an HTTP-server and POP3/IMAP proxy. Under active development from year 2002 by Igor Sysoev. Working under Free BSD?, Linux, Solaris and OS X ppc.
Compile
CODE:
# replace .x with your version like .11 or .12
curl -O http://sysoev.ru/nginx/nginx-0.5.x.tar.gz
tar -xvzf nginx-0.5.x.tar.gz
cd nginx-0.5.x
./configure --sbin-path=/usr/local/sbin --with-http_ssl_module
make
sudo make installAdministrationBy default the PID of the master process is written in: /usr/local/nginx/logs/nginx.pid The management of the nginx is done by sending unix signals to that process. The similar signals are used for Apache processes management.
Signal Action
TERM, INT Terminate the server immediately
QUIT Stop the server
HUP Configuration changes, start new workers, graceful stop of old workers
USR1 Reopen log files
USR2 Upgrade the server executable
WINCH Graceful Stop (parent process advise the children to exit)
Tips and tricks
There are a lot of example config files (virtual hosts, load balancing etc.) on the nginx home page .
Virtual hosts
CODE:
http {
server {
listen 192.168.10.1;
listen 192.168.10.1:8000;
server_name one.example.com www.one.example.com;
...
}
server {
listen 192.168.10.1;
listen 192.168.10.2:8000;
listen 9000;
server_name two.example.com www.two.example.com;
...
}
server {
listen 9000;
server_name three.example.com www.three.example.com;
...
}
}301 redirect for www.example.com → example.comCODE:
server {
listen 80;
server_name example.com www.example.com;
if ($host != 'example.com' ) {
rewrite ^/(.*)$ http://example.com/$1 permanent;
proxy_set_header Host "example.com";
}
}Accelerated proxingCODE:
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# serve static files directly
location ~* ^.+.(jpg|jpeg|gif)$ {
root /spool/www;
access_log off;
expires 30d;
}Simple load balancingServers can listen on different ports. Have support for TCP and Unix sockets.
CODE:
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
}
server {
location / {
proxy_pass http://backend;
}
}Mongrel clusterFastCGI ruby listeners
SSL support
To not put too much load on the CPU, only one worker and using keep-alive is recommended.
CODE:
worker_processes 1;
http {
...
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
keepalive_timeout 70;
...
}URL rewriteCODE:
location /old_stuff/ {
rewrite ^/old_stuff/(.*)$ /new_stuff/$1 permanent;
}Regexp in the configCODE:
if ($http_user_agent ~ MSIE) {
rewrite ^(.*)$ /msie/$1 break;
}
if ($http_cookie ~* "id=([^;]+)(?:;|$)" ) {
set $id $1;
}
if ($request_method = POST ) {
return 405;
}
if (!-f $request_filename) {
break;
proxy_pass http://127.0.0.1;
}
if ($slow) {
limit_rate 10k;
}
if ($invalid_referer) {
return 403;
}Basic authenticationAllow access from intranet OR to authenticated clients. satisfy_any directive allow access if at least one of the checks is true
CODE:
location / {
satisfy_any on;
allow 192.168.1.0/24;
deny all;
auth_basic "closed site";
auth_basic_user_file conf/htpasswd;
}The file conf/htpasswd is with format:login1:password1
login2:password2:comment
.....
The Apache utility htpasswd can be used for creating that file. The passwords are encrypted with crypt(3) system function.
gzip compressed responses
.....
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml;
.....
Web DAV?
The webdav module is not included by default. Must be enabled during compilation with adding -–with-http_dav_module to the configure parameters.
CODE:
location / {
root /data/www;
client_body_temp_path /data/client_temp;
dav_methods PUT DELETE MKCOL;
create_full_put_path on;
dav_access group:rw all:r;
# Can change only from the intranet
limit_except GET {
allow 192.168.1.0/24;
deny all;
}
}dav_access directive define the rights for files and directories creation.Proxing POP3/IMAP
CODE:
imap {
#auth_http unix:/path/socket:/cgi-bin/auth;
auth_http localhost:9000/cgi-bin/auth;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
server {
listen 110;
protocol pop3;
proxy on;
}
server {
listen 143;
protocol imap;
proxy on;
}
}