- Midnight Visions Workshop - http://www.midnight-visions.de -
nginx
Posted By Sven On September 20, 2011 @ 8:00 In *nix,Productivity | Comments Disabled
Ein, high performance, Webserver und eine sehr gute und mächtige Alternative zu Apache die ebenfalls als reverse proxy und Loadbalancer dienen kann.
HP: http://nginx.org/
Dependencys: pcre-devel
Installation:
/usr/local/src # wget http://nginx.org/download/nginx-1.1.2.tar.gz
/usr/local/src # tar xzf nginx-1.1.2.tar.gz
/usr/local/src # cd nginx-1.1.2/
/usr/local/src/nginx-1.1.2 # ./configure –with-ipv6 –with-http_ssl_module –with-http_secure_link_module
/usr/local/src/nginx-1.1.2 # make && make install
/usr/local/src/nginx-1.1.2 # useradd -d /usr/local/nginx -u 666 -g www -s /bin/false nginx
/usr/local/src/nginx-1.1.2 # mkdir -p /usr/local/nginx/conf/ssl /usr/local/nginx/conf/vhosts
Als weitere nützliche Compile-Parameter (Module) seien die folgenden hervorgehoben:
–with-http_secure_link_module
This module computes and checks request URLs for a required security token.
–with-http_addition_module
This module adds contents of other locations before and after the current location’s content.
–with-http_geoip_module
This module creates ngx_http_geoip_module variables based on the IP-address of the client matched against the MaxMind GeoIP binary files.
Source: http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
Database: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
–with-http_realip_module
This module allows to change the client’s IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).
It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client’s IP.
–with-google_perftools_module
This module enables Google Performance Tools profiling for workers.
Weitere Module: http://wiki.nginx.org/Modules [1] und http://wiki.nginx.org/3rdPartyModules [2]
Einge 3dr party module die ich besonders hervorheben möchte sind: “Access Key”, “Auth PAM”, “AWS auth”, “Encrypted Session”, “HTTP Healthcheck”, “Supervisord”, “Upstream Fair Balancer”
Startscript:
/usr/local/src/nginx-1.1.2 # vim /etc/init.d/ngnix
—
#!/bin/sh
CONFIG=/usr/local/nginx/conf/nginx.conf
NGINX=/usr/local/nginx/sbin/nginx
case “$1″ in
start)
$NGINX -q -t -c $CONFIG && $NGINX -c $CONFIG &
stop)
$NGINX -s stop
;;
restart)
$0 stop && sleep 5 && $0 start
reload)
$NGINX -s reload
;;
*)
echo “Usage: $0 {start|stop|restart|reload}”
exit 1
;;
esac
—
/usr/local/src/nginx-1.1.2 # chmod +x /etc/init.d/ngnix
Konfiguration:
# vim /usr/local/nginx/conf/nginx.conf
—
user ngnix www; # Unprivileged user
worker_processes 4; # We have a quadcore CPU so we can use four worker
http {
ssl_protocols SSLv3 TLSv1; # SSLv3/TLSv1 only
ssl_ciphers HIGH:!ADH:!MD5; # high-ciphers only
ssl_session_cache shared:SSL:10m; # Shared SSL-Session-Cache 40000 Sessions
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
gzip on;
index index.html index.htm index.php;
# Defaultserver; handling requests without Host:-Header
server {
listen 80 default_server;
server_name _;
# nonstandard code 444 closes the connection without sending any headers back
return 444;
#server_name_in_redirect off;
#root /usr/local/var/www/default/htdocs
#access_log logs/default.access.log main;
}
include conf/mime.types
include conf/vhosts/*.conf
server {
listen 80;
server_name www.futzelnet.de;
access_log logs/futzelnet_access.log
root /usr/local/var/www/futzelnet/htdocs
location /downloads/ {
# http://wiki.nginx.org/HttpSecureLinkModule
secure_link_secret securepassphrase
# If the hash is incorrect then $secure_link has the value of the null string.
if ($secure_link = "") {
return 403;
}
# This needs to be here otherwise you'll get a 404.
rewrite ^ /downloads/$secure_link break;
# You may find http://wiki.nginx.org/HttpSecureDownload interesting also. ;-)
}
location = /robots.txt {
# Don't log access and 404 of robots.txt
log_not_found off;
access_log off;
}
location ~ /\.ht {
# Don't show .ht (.htaccess/.htpasswd) files
deny all;
}
}
server {
listen 443;
server_name www.futzelnet.de;
access_log logs/futzelnet_access.log
root /usr/local/var/www/futzelnet/htdocs
ssl on;
# Certificates and keys are in /usr/local/nginx/conf/ssl
ssl_certificate ssl/www.futzelnet.de.crt;
ssl_certificate_key ssl/www.futzelnet.de.key;
}
# Loadbalanced services below
upstream lb_serviced {
server 127.0.0.1:80 max_fails=1 fail_timeout=2s;
server 192.168.10.11:80 max_fails=3 fail_timeout=15s weight=5;
server 192.168.10.12:80 max_fails=3 fail_timeout=15s weight=5;
server 192.168.10.13:80 max_fails=3 fail_timeout=15s;
server 192.168.10.14:80 max_fails=3 fail_timeout=15s;
server 192.168.10.15:80 max_fails=3 fail_timeout=15s backup;
}
server {
listen 127.0.0.1:80;
server_name *.futzelnet.de;
access_log logs/futzelnet_backend_access.log
root /usr/local/var/www/futzelnet/htdocs
}
server {
listen 80;
server_name loadbalanced.futzelnet.de;
access_log logs/futzelnet_proxy_access.log
location / {
proxy_pass http://lb_serviced;
}
}
}
—
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Doku und Hilfe gibt es hier: http://wiki.nginx.org/NginxConfiguration [3]
Fertig! :-)
Article printed from Midnight Visions Workshop: http://www.midnight-visions.de
URL to article: http://www.midnight-visions.de/nginx/
URLs in this post:
[1] http://wiki.nginx.org/Modules: http://wiki.nginx.org/Modules
[2] http://wiki.nginx.org/3rdPartyModules: http://wiki.nginx.org/3rdPartyModules
[3] http://wiki.nginx.org/NginxConfiguration: http://wiki.nginx.org/NginxConfiguration
Click here to print.