Date post: | 25-Dec-2014 |
Category: |
Technology |
Upload: | edorian |
View: | 15,138 times |
Download: | 2 times |
NGINXTHE WEB SERVER YOU MIGHT ACTUALLY LIKE
ABOUT MESoftware EngineerPHP since 10 yearsCICleanCodeDevOpsTDDShippingBullet points
INSTEAD OF ME
LET'S GO
WHY ANOTHER WEBSERVER?
WHY NOT LIGHTTPD?
THE BASICSIntroMultiple Servers / DomainsStatic contentCachingSSLError pagesRewritesAuthLoad BalancingProxyPHP!Fancy PHP!
INTROsudo apt-get install nginx
/etc/nginx/nginx.conf/etc/nginx/conf.d/*.conf
NGINX CONF BASICS/etc/nginx/nginx.conf
user nginx;worker_processes 4;worker_cpu_affinity 0001 0010 0100 1000;
error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;
events { worker_connections 1024;}
NGINX CONF BASICS/etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream;
access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;}
SERVERS/etc/nginx/conf.d/mySite.conf/etc/nginx/sites-enabled/wallbash
server { server_name wallbash.com wallbash.de; listen 80; root /var/www/myApp/html/ // ...}
server { server_name _; listen 80; root /var/www/myOtherApp/html/}
STATIC CONTENT/etc/nginx/conf.d/anyConfig.conf
server { // ...
location / { }}
FANCY STATIC CONTENTInside Server Blocks
location ~ ̂\/(js|img|css|downloads)\/ {}
location ~ \.(js|css|png|gif|jpg|pdf)$ {}
CACHINGlocation ~ ̂\/(js|img|css)\/ { expires 14d;}
DENY ACCESS TO ALL .DOT-FILESInside Server Blocks
location ~ /\. { access_log off; log_not_found off; deny all;}
SSL
Or just
server { server_name _; listen 443; ssl on;}
server { listen 443 default_server ssl;}
SSL - CONFIGssl_certificate wildcard.crt;ssl_certificate_key wildcard.key;
ssl_session_timeout 5m;ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;ssl_ecdh_curve secp521r1;
ERROR PAGES
STARTUP BONUS:
error_page 500 501 502 503 504 /500.html;
location /500.html { internal;}
server { server_name *nextBigThing.io;
location /500 { return 500; }}
REWRITES
HTTPS ALL THE THINGS
OLDSCHOOL
server { server_name _; listen 80; rewrite ̂ https://$host$request_uri permanent;}
rewrite ̂/users/(.+)$ /show?user=$1? last;
AUTHlocation / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/myApp.htpasswd;}
LOAD BALANCINGupstream web_workers { server www1.example.com; server www2.example.com; server www3.example.com;}
LOAD BALANCING LEGACYupstream web_workers { ip_hash; server www1.example.com; server www2.example.com; server www3.example.com;}
PROXYlocation / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_cache zone;
//Default: proxy_cache_key $scheme$proxy_host$uri$is_args$args;}
PHP!
PHP-FPM!?!FastCGI Process Manager
PROCESS MANAGEMENT FOR THE MASSESThink: "supervisord"; But without caring
sudo apt-get install php5-fpm
/etc/php5/fpm/php-fpm.conf
// Don't restart the webserver, restart php :)sudo service php5-fpm restart
FPM-CONFIG[myApp]listen = 9000;listen.allowed_clients = 127.0.0.1
user = phpgroup = php
request_terminate_timeout = 10
request_slowlog_timeout = 1slowlog = /var/log/php-fpm/myApp-slow.log
FPM-CONFIG - PROCESS MANAGEMENTpm = dynamicpm.max_children = 50pm.start_servers = 5pm.min_spare_servers = 5pm.max_spare_servers = 35
NGINX + PHPlocation / { fastcgi_pass 127.0.01.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
APPLICATION SERVERS!location / { fastcgi_pass anontherServer:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
SCALING!location / { fastcgi_pass workers; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
upstream workers { server App1:9000; server App2:9000; server 192.168.10.3:9000;}
THANK YOU