Ein, high performance, Webserver und eine sehr gute und mächtige Alternative zu Apache die ebenfalls als reverse proxy und Loadbalancer dienen kann.



Dependencys: pcre-devel


/usr/local/src # wget
/usr/local/src # tar xzf nginx-1.1.2.tar.gz
/usr/local/src # cd nginx-1.1.2/
/usr/local/src/nginx-1.1.2 # ./configure –with-ipv6 –with-http_ssl_module –with-http_secure_link_module
/usr/local/src/nginx-1.1.2 # make && make install
/usr/local/src/nginx-1.1.2 # useradd -d /usr/local/nginx -u 666 -g www -s /bin/false nginx
/usr/local/src/nginx-1.1.2 # mkdir -p /usr/local/nginx/conf/ssl /usr/local/nginx/conf/vhosts

Als weitere nützliche Compile-Parameter (Module) seien die folgenden hervorgehoben:
This module computes and checks request URLs for a required security token.

This module adds contents of other locations before and after the current location’s content.

This module creates ngx_http_geoip_module variables based on the IP-address of the client matched against the MaxMind GeoIP binary files.

This module allows to change the client’s IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).
It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client’s IP.

This module enables Google Performance Tools profiling for workers.

Weitere Module: und

Einge 3dr party module die ich besonders hervorheben möchte sind: „Access Key“, „Auth PAM“, „AWS auth“, „Encrypted Session“, „HTTP Healthcheck“, „Supervisord“, „Upstream Fair Balancer“

/usr/local/src/nginx-1.1.2 # vim /etc/init.d/ngnix



case „$1“ in
$NGINX -q -t -c $CONFIG && $NGINX -c $CONFIG &
$NGINX -s stop
$0 stop && sleep 5 && $0 start
$NGINX -s reload
echo „Usage: $0 {start|stop|restart|reload}“
exit 1

/usr/local/src/nginx-1.1.2 # chmod +x /etc/init.d/ngnix


# vim /usr/local/nginx/conf/nginx.conf

user ngnix www;         # Unprivileged user
worker_processes  4;    # We have a quadcore CPU so we can use four worker

http {
        ssl_protocols                   SSLv3 TLSv1;    # SSLv3/TLSv1 only
        ssl_ciphers                     HIGH:!ADH:!MD5; # high-ciphers only
        ssl_session_cache               shared:SSL:10m; # Shared SSL-Session-Cache 40000 Sessions
        ssl_session_timeout             10m;
        ssl_prefer_server_ciphers       on;
        keepalive_timeout               70;
        gzip                            on;
        index                           index.html index.htm index.php;

        # Defaultserver; handling requests without Host:-Header
        server {
                listen          80  default_server;
                server_name     _;

                # nonstandard code 444 closes the connection without sending any headers back
                return          444;

                #server_name_in_redirect        off;
                #root                           /usr/local/var/www/default/htdocs
                #access_log                     logs/default.access.log main;

        include conf/mime.types
        include conf/vhosts/*.conf

        server {
                listen          80;

                access_log      logs/futzelnet_access.log

                root            /usr/local/var/www/futzelnet/htdocs

                location /downloads/ {
                        secure_link_secret securepassphrase

                        # If the hash is incorrect then $secure_link has the value of the null string.
                        if ($secure_link = "") {
                                return 403;
                        # This needs to be here otherwise you'll get a 404.
                        rewrite ^ /downloads/$secure_link break;

                        # You may find interesting also. ;-)

                location = /robots.txt {
                        # Don't log access and 404 of robots.txt
                        log_not_found off;
                        access_log off;

                location ~ /\.ht {
                        # Don't show .ht (.htaccess/.htpasswd) files
                        deny  all;

        server {
                listen                  443;
                server_name   ;

                access_log              logs/futzelnet_access.log

                root            /usr/local/var/www/futzelnet/htdocs

                ssl                     on;
                # Certificates and keys are in /usr/local/nginx/conf/ssl
                ssl_certificate         ssl/;
                ssl_certificate_key     ssl/;


        # Loadbalanced services below
        upstream lb_serviced {
                server max_fails=1 fail_timeout=2s;
                server max_fails=3 fail_timeout=15s weight=5;
                server max_fails=3 fail_timeout=15s weight=5;
                server max_fails=3 fail_timeout=15s;
                server max_fails=3 fail_timeout=15s;
                server max_fails=3 fail_timeout=15s backup;

        server {
                server_name     *;

                access_log      logs/futzelnet_backend_access.log

                root            /usr/local/var/www/futzelnet/htdocs

        server {
                listen          80;

                access_log      logs/futzelnet_proxy_access.log

                location / {
                        proxy_pass      http://lb_serviced;

# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful


Doku und Hilfe gibt es hier:


Fertig! 🙂