Cesar Chew at 17:31, 24 November 2014

2014-11-24T17:31:01Z

New page

{{Cat|Nginx}}

<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="true" font="Trebuchet MS" >
;title: Nginx advanced configuration
;author: Bernard Szlachta (NobleProg Ltd)
</slideshow>

=== Overview ⌘===
* So far we have only configured virtual hosts
* Less commonly, you may need to configure global server options
* /etc/nginx/nginx.conf

=== nginx architecture: Master Process ⌘===
* Reads configurations
* Handles sockets
* Opens log files
* Accepts signals (eg, to re-read configuration)

=== nginx architecture: Worker process ⌘===
* Single thread
* Runs in an event loop
* Handles incoming connections

=== Tuning worker processes ⌘===
* Rule of thumb: number of worker processes should be the same as number of cores
* If much time is spent blocked on io (see vmstat), worker processes should be increased further

=== Worker connections ⌘===
* Number of concurrent connections available can be calculated:
worker_processes * max_connections = max clients
* Default value is 1024; if necessary, typically can be raised with only positive effects. 4096 sensible

=== Logging ⌘===
* Logging can be set per vhost or globally
* Log formats are defined in nginx.conf under http

log_format vhost '$host $remote_addr - $remote_user [$time_local]'
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

=== Rate limiting/DoS mitigation ⌘===
* DoS - denial of service
* Often takes the form of simply flooding the server with requests, hoping to saturate CPU resources and/or bandwidth
* nginx has a number of features to mitigate such an attack

=== Limiting concurrent connections ⌘===
* nginx has a limit on the number of concurrent connections
* We can prevent a single IP from tying up too many
* NB - it is normal for a web browser to create up to 8 concurrent connections

limit_zone one $binary_remote_addr 10m;
server {
location / {
limit_conn one 8;
}
}

=== Preventing repeated connections from the same IP ⌘===
;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

server {
location /search/ {
limit_req zone=one burst=5
}
}
* allows a user no more than 1 request per second on average, with bursts up to 5

=== Limiting bandwidth usage ⌘===

* By default, nginx will send as fast as it can
* nginx has a range of options for tuning this

=== Limiting bandwidth usage - streaming ⌘===
* When streaming video/audio from a server, generally you want to give the client a reasonable buffer, then maintain this buffer
* Can be achieved with an initial fast connection, then rate limiting after
=== Streaming bandwidth limit example ⌘===
;
location /streamfiles {
limit_conn connections 1;
limit_rate_after 16m;
limit_rate 512k;
}

* Limit each user to a single connection to files under this path
* Allow them to download the first 16MB at maximum speed
* After that, limit to 512KB (kiloBYTES, not kilobits) per second

=== Media streaming ⌘===

* nginx has support for pseudo-streaming for mp4 and flv files
* Client can seek to a specific location in the file
location /flash-videos {
flv;
}
location /mp4-videos {
mp4;
}

Nginx advanced configuration - Revision history

Cesar Chew at 17:31, 24 November 2014