Nginx
# examples of Server
* http server
* ftp server
* smtp server
* dns server
* upperCase server (* return received ascii code converting into UpperCase *)
# History
* apache HTTP server 1995~
* IIS (microsft)
* google server
* iPlanet (old : sun java system web server)
* Zeus
* lighttpd
* Nginx (2009~, 3rd share(2011))
* ENS (2017~)
# Role of Server
1. data broadcasting
2. application execution
```
input -> dynamically -> output
old days : web server + CGI(Common Gateway Interface)
now : web server
future : web3 (ENS ... )
```
3. proxy processing
# Apache
* developped by `c++/c`
* LAMP(Linux + Apache + MySQL + Perl/PHP/(Python?))
* v1.3 --- multi thread ---->v2.0 (2000)
* task processing : multi processing
* parallerization : multi processing
# Nginx
* developped by `c`
* concurrent programming
* light
* 1.5~2.0x faster than Apache
* task processing : single processing
* parallerization : event driven
## Non-Blocking & No-Sync
## configuration
add below into
nginx.conf
```
http {
...
...
server {
location /{ root /var/www/html; }
location ~ /¥. { deny all; }
}
}
```
## CGI
not recommended on nginx
## SSI
```
```
this is SSI built in html
```
```
exec not supported on nginx
SSI -> javascript/on client : preferred
SSI example :
```
```
# SECURITY
```
$ htpasswd -c /path/to/htpasswd sduser
New password: input password
Re-type new password: input password
Adding password for user sduser
```
## Basic 認証
Apache Directory regulation
```
Order Allow,Deny
Allow from 192.168.0.0/24 127.0.0.1
Deny from All
AuthType Basic
AuthName "Secret Page"
AuthUserFile /etc/to/.htpasswd
Require valid-user
Satisfy Any
```
Nginx
```
location /secret_html {
root /path/to/secret_html
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Secret Page";
auth_basic_user_file /etc/to/.htpasswd;
satisfy any;
}
```
## Digest 認証
Apache
```
AuthType Digest
AuthName "Secret Pages"
AuthDigestDomain /secret_diges/
AuthUserFile /etc/to/.digest_pw
Require valid-user
```
Nginx
```
auth_digest_user_file /etc/to/.digest_pw
location /private{
auth_digest 'secret Pages'
}
```
@ Nginx
not supported : external DB 認証
# mod_rewrite
* mod_rewrite : Apache の黒魔術
## mod_rewrite
conditional http redirect configuration e.g.
```
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
RewriteCond %{HTTP:X-Forwarded-HTTPS} !^on$ [NC]
RewriteRule ^(.+)$ http://ghasshee.com/$1 [R]
```
## nginx alternatives
```
if ($request_method ~ '^(GET|HEAD)$') {
set $redirecthttps "tr";
}
if ($http_x_forwarded_http !~* 'on' ) {
set $redirecthttps "${redirecthttp}ue";
}
if ( $redirecthttps = "true" ) {
rewrite /(.+)$ https://ghasshee.com/$1 redirect;
}
```
# MODULE ADD
#Apache
you can add your dinamic module
```
sudo apxs -c -i your_module.c
```
@Nginx
you have to compile with --add-module option
```
tar zxf ngx_http_upstream_consistent_hash.tar.gz
tar zxf nginx-1.6.0.tar.gz
cd nginx-1.6.0
$ ./configure --with-http_stub_status_module ¥
--add-module="../ngx_http_upstream_consistent_hash"
$ make
```
#Reverse Proxy Server
==> Port:80 Nginx(proxy) Port:8080 ==> Apache(web)
@apache
httpd.conf
```
...
#Listen 12.34.56.78:80
#Listen 80
Listen 127.0.0.1:8080
...
```
@Nginx
/etc/nginx/nginx.conf
```
http{
...
## set cache dir
proxy_pass_path /var/cache/nginx/cache/ levels=1:2 keys_zone=cache_zone:40m inactive=7d max_size=100m;
## set temp_file dir
proxy_temp_path /var/cache/nginx/temp/;
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-available/*.conf; //comment-out
}
```
/etc/nginx/conf.d/proxy.conf
```
server {
#if #80 port access then moves
listen 80;
location / {
proxy_pass http://127.0.0.1:8080; ## 80 --pass--> local:8080
proxy_http_version 1.1; ## version of http at the pass
## pass header information with below
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_set_header X-Forwarded_Proto http;
## define the name of cache zone kept
proxy_cache cache_zone;
## Cache-Keeping-Time when Web Page returns 0
proxy_cache_valid 200 302 20m
## Cache-keeping-Time when Web Page returns ERROR
proxy_cache_valid 404 20m
}
}
```
# Nginx に引っ越し
# /etc/hosts
```
#/etc/hosts
203.0.113.16 web.nginx.example.com
```
@ curl , without `/etc/hosts`,
the code has the same action with the `/etc/hosts` alias
```
curl -v-H "Host: web.nginx.example.com" http://203.0.113.16/contents/article1
```
# server_name
in case
one nginx - several servers,
you have to designate `server_name`
```
Perfect Match : app.nginx.le.com
Wild Card : *.nginx.example.com
app.nginx.*
Regular Expression :
~^app\d*\,nginx\.example\.com$
```
# location
```
location /path/content {A} ## Longest Match
location = /path/content2 {B} ## Perfect Match
location ^~ /path/content3 {C} ## Longest Match (Priority)
location ~ /path/content[0-9] {D} ## Regular Expression Match
location ~* /path/content[0-9] {E} ## Regular Expression Match (no distinction between Big character & small character)
```
access e.g.
```
/path/content2 -> B
/path/content9 -> D
/path/CONTENT4 -> E
/path/content30 -> C
/path/content -> A
/path/content_x -> A
```
# e.g. location
/etc/nginx/nginx.conf
```
server {
...
location = / {
root /var/www/html;
index index.html
}
location /pub {
location \.(git|png|jpg)$ { ## if (picturefile)
root /var/www/content; ## directly connect .
}
location /pub { ## else
proxy_pass http://127.0.0.1:5000 ## reverse proxy
}
}
location /css {
location \.css$ {
root /var/www/css;
}
location /css {
deny all;
}
}
location / {
root /var/www/html;
}
}
```
# Mime Types
mime types (Content Type)
```
E-mailに文字以外のデータを含めるのに、
データ形式を識別するためのコードの体系。
転じて、
HTTPなどでもデータの種類を表すコードとして利用
「type/subtype」の形式で記述され、
例えば
プレーンテキストは「text/plain」、
HTML文書は「text/html」、
JPEG画像は「image/jpeg」
typeに指定できるものには
text(文字)、image(画像)、video(動画)、audio(音声)、
application(アプリケーション固有)、
message(メールメッセージ)、multipart(複数形式が混在)など
RFCなどに登録されていない非公式なsubtypeは接頭辞「x-」を付け、
「application/x-lzh」
また、企業などが自社固有のデータ形式を使う場合は接頭辞「vnd.」を付け、
「application/vnd.ms-word」
データ形式が不明あるいは任意のバイナリ形式の場合は
「application/octet-stream」
```
# e.g. broadcast `.pub` file as `text/plain`
```
server {
...
include mime.types;
types {
text/plain pub;
}
default_type application/octet-stream;
}
```
# e.g.under `/download` dir ,
# broadcast all as binary
```
server {
...
location /download/ {
types {}
default_type application/octet-stream;
}
}
```
# enable gzip
```
server {
...
gzip on;
gzip_types text/plain text/css text/xml appliction/javascript;
gzip_min_length 1000; ##no-zip less than 1000 bytes
}
```
# check gzip is valid
```
$ curl -v -s -H "Accept-Encoding: gzip" -H "Host: web.nginx.example.com" http://203.0.113.16/ > /dev/null
...
>Accept-Encoding: gzip ## request for making gzip valid
...
>Content-Encoding: gzip ## response that gzip is valid
...
```
# Reverse Proxy
definition
`X-Forwarded-For` : Client's IP address
`X-Forwarded-Host` : Hostname which Client has.
`X-Forwaded-Server` : Hostname of Proxy Server
```
server {
...
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwaded-Server $host;
proxy_set_header Host $host;
}
```
remove unneeded header
```
server {
...
proxy_hide_header X-Cache;
proxy_hide_header X-Cache-Lookup;
proxy_hide_header Warning;
proxy_hide_header Via;
}
```
## moving from Apache to Nginx
```
$ nginx -t ## check if configuration is valid
$ service httpd stop ; service nginx start
```
# open another port and broadcast Apache & Nginx at the same time
1. open only 8080 for nginx
```
server {
# listen 80;
listen 8080;
}
```
2. check
3. open both 80 & 8080 for nginx
4. stop Apache
5.
```
$ service nginx reload ## or $ nginx -s reload
```
# After moving
## reflect confiuration
```
$ nginx -s reload
$ service nginx reload
$ service nginx restart
$ service nginx stop && service nginx start
```
## LOG rotaion
```
nginx -s reopen ## reopen with another log file
```
nginx 公式rpmには
`/var/log/nginx/*.log` をlogrotateする設定が
`/etc/logrotate.d/nginx`がある
## 重要な指標
* Network Traffic (inbound/outbound) [Mbps]
* CPU use ratio (user/system/iowait/...) [%]
* Memory use ratio (used/buffer/cache/avail/swap) [%]
* Load Average
# [`http_stub_status ` module](http://wiki.nginx.org/HttpStubStatusModule)
stub_status output
```
$ curl -s http://localhost/___nginx_status
```
configuration enabling stub_status
```
server {
...
location / ___nginx_status {
stub_status on;
## permit only local network access
# allow 10.0.0.0/8;
allow 127.0.0.1;
deny all;
}
}
```
# LOG Format
edit LogFormat as you want