Nginx advanced configuration
Jump to navigation
Jump to search
Overview ⌘
- So far we have only configured virtual hosts
- Less commonly, you may need to configure global server options
- /etc/nginx/nginx.conf
nginx architecture: Master Process ⌘
- Reads configurations
- Handles sockets
- Opens log files
- Accepts signals (eg, to re-read configuration)
nginx architecture: Worker process ⌘
- Single thread
- Runs in an event loop
- Handles incoming connections
Tuning worker processes ⌘
- Rule of thumb: number of worker processes should be the same as number of cores
- If much time is spent blocked on io (see vmstat), worker processes should be increased further
Worker connections ⌘
- Number of concurrent connections available can be calculated:
worker_processes * max_connections = max clients
- Default value is 1024; if necessary, typically can be raised with only positive effects. 4096 sensible
Logging ⌘
- Logging can be set per vhost or globally
- Log formats are defined in nginx.conf under http
log_format vhost '$host $remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"';
Rate limiting/DoS mitigation ⌘
- DoS - denial of service
- Often takes the form of simply flooding the server with requests, hoping to saturate CPU resources and/or bandwidth
- nginx has a number of features to mitigate such an attack
Limiting concurrent connections ⌘
- nginx has a limit on the number of concurrent connections
- We can prevent a single IP from tying up too many
- NB - it is normal for a web browser to create up to 8 concurrent connections
limit_zone one $binary_remote_addr 10m; server { location / { limit_conn one 8; } }
Preventing repeated connections from the same IP ⌘
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server { location /search/ { limit_req zone=one burst=5 } }
- allows a user no more than 1 request per second on average, with bursts up to 5
Limiting bandwidth usage ⌘
- By default, nginx will send as fast as it can
- nginx has a range of options for tuning this
Limiting bandwidth usage - streaming ⌘
- When streaming video/audio from a server, generally you want to give the client a reasonable buffer, then maintain this buffer
- Can be achieved with an initial fast connection, then rate limiting after
Streaming bandwidth limit example ⌘
location /streamfiles { limit_conn connections 1; limit_rate_after 16m; limit_rate 512k; }
- Limit each user to a single connection to files under this path
- Allow them to download the first 16MB at maximum speed
- After that, limit to 512KB (kiloBYTES, not kilobits) per second
Media streaming ⌘
- nginx has support for pseudo-streaming for mp4 and flv files
- Client can seek to a specific location in the file
location /flash-videos { flv; } location /mp4-videos { mp4; }