5 things you didn't know nginx could do
DESCRIPTION
NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.TRANSCRIPT
![Page 1: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/1.jpg)
5 thingsyou didn’t know NGINX could do
Sarah NovotnyNginx, Inc.
![Page 2: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/2.jpg)
Many people know NGINX as an HTTP request and load balancing server that powers many of the world's busiest websites. But, there are a lot of ancillary pieces that go into the software to make it a whole web application accelerator.
![Page 3: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/3.jpg)
What is NGINX?
InternetN
Web ServerServe content from disk
Application ServerFastCGI, uWSGI, Passenger…
ProxyCaching, Load Balancing… HTTP traffic
![Page 4: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/4.jpg)
143,000,000Websites
NGINX Accelerates
![Page 5: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/5.jpg)
Advanced Features
Bandwidth ManagementContent-based RoutingRequest ManipulationResponse RewritingApplication AccelerationSSL and SPDY termination
AuthenticationVideo DeliveryMail ProxyGeoLocationPerformance MonitoringHigh Availability
![Page 6: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/6.jpg)
22%Top 1 million websites
37%Top 1,000 websites
![Page 7: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/7.jpg)
Those 5 things -- 1. Compress assets for delivery2. Stop form spamming3. Protect Apache from thread exhaustion attacks4. Rewrite content inline5. Online updates
Bonus: determine a nearly complete command for the configure script
![Page 8: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/8.jpg)
1. Compress data to reduce bandwidth
• Reduce bandwidth requirements per client
– Content Compression reduces text and HTML– Image resampling reduces image sizes
![Page 9: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/9.jpg)
9
HTTP gzip module• Provides Gzip capabilities so that responses
from NGINX are compressed to reduce file size• Directives can be used in the http, server and
location contexts• Key directives
– gzip – gzip_types– gzip_proxied
© Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx,
Inc.
![Page 10: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/10.jpg)
10
Gzip example
© Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx,
Inc.
It is not advisable to enable gzip for binary content types such as images, word documents or videos
Enable gzipgzip on;
Apply gzip for text, html and CSSgzip_types text/plain text/html text/css;
Enable gzip compression for any proxied requestgzip_proxy any;
![Page 11: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/11.jpg)
11
HTTP image filter• Provides inline image manipulation to
transform images for optimal delivery• Directives can be used in the location
context• Key directives– image_filter size;– image_filter resize width height;– image_filter crop width height;
![Page 12: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/12.jpg)
12
HTTP image filter examplelocation /img/ { proxy_pass http://backend; image_filter resize 150 100; image_filter rotate 90; error_page 415 = /empty;}location = /empty { empty_gif;}
![Page 13: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/13.jpg)
We talk about the ‘N second rule’:
– 10 seconds(Jakob Nielsen, March 1997)
– 8 seconds(Zona Research, June 2001)
– 4 seconds (Jupiter Research, June 2006)
– 3 seconds (PhocusWright, March 2010)
![Page 14: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/14.jpg)
2. Stop brute force retries
• Stop brute force password attacks• Stop form spamming
– Use the NGINX limit request module
![Page 15: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/15.jpg)
HTTP limit req module• Allows granular control of request
processing rate• Directives an be used in http, server
and location contexts• Key directives– limit_req_zone– limit_req
![Page 16: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/16.jpg)
HTTP limit req modulehttp { limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; … server { … location /search/ { limit_req zone=one burst=5; }
}}
![Page 17: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/17.jpg)
3. Protect Apache from thread exhaustion attacks
• Use NGINX in front of Apache• Mitigates ‘slow loris’, ‘keep dead’ and
‘front page of hacker news’ attacks
![Page 18: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/18.jpg)
What is thread exhaustion?
http process
http process
http process
http process
http process
http process
http process
Client-side:
Multiple Connections
HTTP Keepalives
Server-side:
Limited concurrency
![Page 19: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/19.jpg)
How NGINX mitigates thread exhaustion
N
Large numbers of clients, with long-term keepalive connections
NGINX reduces connections to the minimum number necessary
![Page 20: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/20.jpg)
4. Rewrite content inline
• Use the power of substitution to simplify updates• Directives can be used in the http, server and
location contexts• Key directives
– sub_filter_once– sub_filter– sub_filter_types
![Page 21: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/21.jpg)
21
HTTP sub module example
location / {sub_filter_once off;sub_filter_types text/html;
sub_filter “__copyright_date__” “2014”; }
![Page 22: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/22.jpg)
5. Online Binary updates and configuration changes
• Update either the configuration files or the binary without losing any connections
![Page 23: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/23.jpg)
23
Configuration file update
[root@localhost ~]# nginx -s reload[root@localhost ~]#
![Page 24: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/24.jpg)
24
Yep. It’s that simple
![Page 25: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/25.jpg)
Binary update
• Choose your method of binary installation• Replace the binary
[root@localhost ~]# cat /var/run/nginx.pid1991[root@localhost ~]# kill –USR2 1991
![Page 26: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/26.jpg)
Binary update[root@localhost ~]# ps -ef |grep nginxroot 1991 1 0 08:06 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.confnginx 2974 1991 0 08:22 ? 00:00:00 nginx: worker process nginx 2975 1991 0 08:22 ? 00:00:00 nginx: worker process root 3123 2948 0 08:43 pts/0 00:00:00 grep nginxroot 3124 1991 0 08:43 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
![Page 27: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/27.jpg)
Binary update
[root@localhost ~]# kill –WINCH 1991
• Verify things are working as expected(you can still back out gracefully at this point)
[root@localhost ~]# kill –QUIT 1991
![Page 28: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/28.jpg)
Bonus:
nginx –V gives a nearly complete configuration script for compiling
![Page 29: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/29.jpg)
[root@localhost ~]# nginx -Vnginx version: nginx/1.5.7built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module--etc
![Page 30: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/30.jpg)
More resources
• Check out our blog on nginx.com• Webinars: nginx.com/webinars
Try NGINX F/OSS (nginx.org) or NGINX Plus (nginx.com)
![Page 31: 5 things you didn't know nginx could do](https://reader033.vdocuments.us/reader033/viewer/2022042814/554bcf41b4c905ac708b4917/html5/thumbnails/31.jpg)
Thanks for your time!
@sarahnovotnyEvangelist, NGINXProgram Chair, OSCON