nginx

Ein, high performance, Webserver und eine sehr gute und mächtige Alternative zu Apache die ebenfalls als reverse proxy und Loadbalancer dienen kann.

 

HP: http://nginx.org/

Dependencys: pcre-devel

 

Installation:
/usr/local/src # wget http://nginx.org/download/nginx-1.1.2.tar.gz
/usr/local/src # tar xzf nginx-1.1.2.tar.gz
/usr/local/src # cd nginx-1.1.2/
/usr/local/src/nginx-1.1.2 # ./configure –with-ipv6 –with-http_ssl_module –with-http_secure_link_module
/usr/local/src/nginx-1.1.2 # make && make install
/usr/local/src/nginx-1.1.2 # useradd -d /usr/local/nginx -u 666 -g www -s /bin/false nginx
/usr/local/src/nginx-1.1.2 # mkdir -p /usr/local/nginx/conf/ssl /usr/local/nginx/conf/vhosts

Als weitere nützliche Compile-Parameter (Module) seien die folgenden hervorgehoben:
–with-http_secure_link_module
This module computes and checks request URLs for a required security token.

–with-http_addition_module
This module adds contents of other locations before and after the current location’s content.

–with-http_geoip_module
This module creates ngx_http_geoip_module variables based on the IP-address of the client matched against the MaxMind GeoIP binary files.
Source: http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
Database: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

–with-http_realip_module
This module allows to change the client’s IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).
It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client’s IP.

–with-google_perftools_module
This module enables Google Performance Tools profiling for workers.

Weitere Module: http://wiki.nginx.org/Modules und http://wiki.nginx.org/3rdPartyModules

Einge 3dr party module die ich besonders hervorheben möchte sind: „Access Key“, „Auth PAM“, „AWS auth“, „Encrypted Session“, „HTTP Healthcheck“, „Supervisord“, „Upstream Fair Balancer“

Startscript:
/usr/local/src/nginx-1.1.2 # vim /etc/init.d/ngnix

#!/bin/sh

CONFIG=/usr/local/nginx/conf/nginx.conf
NGINX=/usr/local/nginx/sbin/nginx

case „$1“ in
start)
$NGINX -q -t -c $CONFIG && $NGINX -c $CONFIG &
stop)
$NGINX -s stop
;;
restart)
$0 stop && sleep 5 && $0 start
reload)
$NGINX -s reload
;;
*)
echo „Usage: $0 {start|stop|restart|reload}“
exit 1
;;
esac

/usr/local/src/nginx-1.1.2 # chmod +x /etc/init.d/ngnix

 

Konfiguration:
# vim /usr/local/nginx/conf/nginx.conf

user ngnix www;         # Unprivileged user
worker_processes  4;    # We have a quadcore CPU so we can use four worker

http {
        ssl_protocols                   SSLv3 TLSv1;    # SSLv3/TLSv1 only
        ssl_ciphers                     HIGH:!ADH:!MD5; # high-ciphers only
        ssl_session_cache               shared:SSL:10m; # Shared SSL-Session-Cache 40000 Sessions
        ssl_session_timeout             10m;
        ssl_prefer_server_ciphers       on;
        keepalive_timeout               70;
        gzip                            on;
        index                           index.html index.htm index.php;

        # Defaultserver; handling requests without Host:-Header
        server {
                listen          80  default_server;
                server_name     _;

                # nonstandard code 444 closes the connection without sending any headers back
                return          444;

                #server_name_in_redirect        off;
                #root                           /usr/local/var/www/default/htdocs
                #access_log                     logs/default.access.log main;
        }

        include conf/mime.types
        include conf/vhosts/*.conf

        server {
                listen          80;
                server_name     www.futzelnet.de;

                access_log      logs/futzelnet_access.log

                root            /usr/local/var/www/futzelnet/htdocs

                location /downloads/ {
                        # http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
                        secure_link_secret securepassphrase

                        # If the hash is incorrect then $secure_link has the value of the null string.
                        if ($secure_link = "") {
                                return 403;
                        }
                        # This needs to be here otherwise you'll get a 404.
                        rewrite ^ /downloads/$secure_link break;

                        # You may find https://www.nginx.com/resources/wiki/modules/secure_download/ interesting also. ;-)
                }

                location = /robots.txt {
                        # Don't log access and 404 of robots.txt
                        log_not_found off;
                        access_log off;
                }

                location ~ /\.ht {
                        # Don't show .ht (.htaccess/.htpasswd) files
                        deny  all;
                }
        }

        server {
                listen                  443;
                server_name             www.futzelnet.de;

                access_log              logs/futzelnet_access.log

                root            /usr/local/var/www/futzelnet/htdocs

                ssl                     on;
                # Certificates and keys are in /usr/local/nginx/conf/ssl
                ssl_certificate         ssl/www.futzelnet.de.crt;
                ssl_certificate_key     ssl/www.futzelnet.de.key;

        }


        # Loadbalanced services below
        upstream lb_serviced {
                server 127.0.0.1:80 max_fails=1 fail_timeout=2s;
                server 192.168.10.11:80 max_fails=3 fail_timeout=15s weight=5;
                server 192.168.10.12:80 max_fails=3 fail_timeout=15s weight=5;
                server 192.168.10.13:80 max_fails=3 fail_timeout=15s;
                server 192.168.10.14:80 max_fails=3 fail_timeout=15s;
                server 192.168.10.15:80 max_fails=3 fail_timeout=15s backup;
        }

        server {
                listen          127.0.0.1:80;
                server_name     *.futzelnet.de;

                access_log      logs/futzelnet_backend_access.log

                root            /usr/local/var/www/futzelnet/htdocs
        }

        server {
                listen          80;
                server_name     loadbalanced.futzelnet.de;

                access_log      logs/futzelnet_proxy_access.log

                location / {
                        proxy_pass      http://lb_serviced;
                }
        }
}


# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

 

Doku und Hilfe gibt es hier: http://wiki.nginx.org/NginxConfiguration

 

Fertig! 🙂