background preloader

Nginx Secure SSL Web Server

Home RSS Search April 07, 2014 with HTTP, HTTPS SSL and Reverse Proxy Examples Nginx is a secure, fast and efficient web server. Nginx ("engine x") is a high-performance HTTP server and reverse proxy server. Security methodology behind our configuration In the following example we are going to setup some web servers to serve out web pages to explain the basics. The security mindset of the configuration is very paranoid. Our goal is to setup a fast serving and CPU/disk efficient web server, but most importantly a _very secure_ web server. Below you will find a few different example nginx.conf configuration files in scrollable windows. You are welcome to copy and paste the following working examples. Option 1: Nginx http web server for static files This is a basic webserver running on port 80 (http) serving out web pages. Option 2: Nginx serving only SSL and redirecting http to https This example configuration is for a webserver that serves out SSL (https) traffic only. make clean; .

Optimising NginX, Node.JS and networking for heavy workloads | GoSquared Engineering Used in conjunction, NginX and Node.JS are the perfect partnership for high-throughput web applications. They’re both built using event-driven design principles and are able to scale to levels far beyond the classic C10K limitations afflicting standard web servers such as Apache. Out-of-the-box configuration will get you pretty far, but when you need to start serving upwards of thousands of requests per second on commodity hardware, there’s some extra tweaking you must perform to squeeze every ounce of performance out of your servers. This article assumes you’re using NginX’s HttpProxyModule to proxy your traffic to one or more upstream node.js servers. Tuning the network Meticulous configuration of Nginx and Node.js would be futile without first understanding and optimising the transport mechanism over which traffic data is sent. Your system imposes a variety of thresholds and limits on TCP traffic, dictated by its kernel parameter configuration. Higlighting a few of the important ones…

Nginx Support Enables Massive Web Application Scaling Your web applications need to scale, especially during demanding traffic events. Nginx is a high-performance web server and reverse proxy that can help you do that. Today, we are extending our Managed Cloud Fanatical Support to include the installation, troubleshooting, patching and performance tuning of Nginx. Specifics of what is supported can be found in the Knowledge Center article about Cloud Servers with Managed Service Level – Spheres of Support . At its heart, Nginx is a web server, a very fast web server! There are three common use-cases where Nginx really stands out, and your Managed Cloud Support Team can help implement for you: As a reverse proxy / cache in front of Apache As a reverse proxy /cache in front of an Application Server or Framework As a replacement for Apache and mod_php Nginx as a Reverse Proxy / Cache In Front of Apache As a Reverse Proxy /Cache in Front of an Application Server or Framework Nginx as a Replacement for Apache and mod_php Next Steps

Install and Configure PHP-FPM on Nginx - Codestance PHP-FPM (FastCGI Process Manager) is an alternative FastCGI implementation with some additional features useful for websites of any size, especially high-load websites. It makes it particularly easy to run PHP on Nginx. Included features – from original website : - Adaptive process spawning - Basic statistics - Advanced process management with graceful stop/start - Ability to start workers with different uid/gid/chroot/environment and different php.ini - Stdout & stderr logging - Emergency restart in case of accidental opcode cache destruction - Accelerated upload support - Support for a “slowlog” - Enhancements to FastCGI, such as fastcgi_finish_request() – a special function to finish request & flush all data while continuing to do something time-consuming ..and much more.. Notice : PHP-FPM is not designed with virtual hosting in mind (large amounts of pools) however it can be adapted for any usage model. Let’s start with installation (Ubuntu/Debian) : Happy hacking!

Part 1: Lessons learned tuning TCP and Nginx in EC2 « Chartbeat Engineering Blog Our average traffic at Chartbeat has grown about 33% over the last year and depending on news events, we can see our traffic jump 33% or more in a single day. Recently we’ve begun investigating ways we can improve performance for handling this traffic through our systems. We set out and collected additional metrics from our systems and we were able to reduce TCP retry timeouts, reduce CPU usage across our front end machines by about 20%, and improve our average response time from 175ms to 30ms. History First, a brief overview of our architecture. In 2009 when the company was first starting out, we used round robin DNS to load balance the traffic for Cons of the setup While Dyn’s service has been great over the last 3 years, they unfortunately have no control over the problems that exist within DNS itself. DNS requests being distributed evenly does not mean we will see traffic get evenly distributed across our servers. Why didn’t you just use an ELB?

Nginx Performance Tuning: How to do it Nginx is a well known web server, and is adopted by many major players in the industry. The main reason for its fast adoption was that its so fast compared to other web servers (like Apache). Basically nginx was made to solve a problem that is known as c10k. It performs much better than any other web server's in the market out of the box for many. In this article we will see how you can modify your nginx configuration to give it a boost or say performance tune nginx. We will get inside the configuration part a little later, coz there are quite a few concepts that needs to be understood first. C10k refers to the method of optimizing network connections so that it can handle connections in the range of ten thousand simultaneously. Read: What is c10k Problem Apache works in a blocking I/O model. Apache works by using a dedicated thread per client with blocking I/O. Related: Process administration in Linux Nginx uses a single threaded non-blocking I/O mechnism to serve requests.

Tuning nginx worker_process to obtain 100k hits per min Tuning Nginx for Best Performance - Dakini's Bliss Created on 22 April 2012 Chloe Hits: 13719 This article is part 2 of a series about building a high-performance web cluster powerful enough to handle 3 million requests per second . Generally, a properly tuned Nginx server on Linux can handle 500,000 - 600,000 requests per second. It's important to know that everything listed here was used in a testing environment, and that you might actually want very different settings for your production servers. Install the Nginx package from the EPEL repository. yum -y install nginx Back up the original config, and start hacking away at a config of your own. cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig vim /etc/nginx/nginx.conf Start up Nginx and set it to start on boot. service nginx start chkconfig nginx on Now point Tsung at this server and let it go. [root@loadnode1 ~] vim ~/.tsung/tsung.xml <server host=" YOURWEBSERVER " port="80" type="tcp"/> tsung start Hit ctrl+C after you're satisfied with the test results, otherwise it'll run for hours.