The case for Nginx in front of application servers

As a rule of thumb, an application server should never face the Internet directly, unless of course Nginx (or OpenResty) is being used as such. This is not only for performance reasons, although this is not much of a concern anymore with modern runtimes such as Go or Node, but mostly for flexibility and security reasons. Here are some key points to consider: At this point, Nginx is a proven and battle-tested HTTP server This allows keeping the application as simple as possible: Nginx will handle logging, compression, SSL, and so on In case the application server goes down, Nginx will still serve a 50x page so visitors know that something is wrong Nginx has built-in load-balancing features, it also allows running several application servers on the same IP address Nginx has built-in caching features (with on-disk persistence) Nginx has rich rate-limiting features, which are especially useful for APIs Nginx helps protecting against some DoS attacks (such as low-bandwidth Application Layer attacks) Lastly, one aspect which tend to be forgotten these days is the importance of server logs....

December 13, 2014 · 2 min

Nginx and Server Side Includes

Server Side Includes are an interesting way to embed content dynamically into static files. It can be particularly useful to inject information about the visitor or to add headers, footers or any file containing data changing over time. Please note, however, that Nginx does not implement the full SSI specification yet. More information about what is currently supported can be found in the ngx_http_ssi_module documentation. To enable SSI, the following directive must be added in the http, server or location block:...

September 21, 2014 · 2 min

Compiling Nginx on Debian and Ubuntu

Most of the time, there is no need to compile Nginx manually as Debian and Ubuntu provide several packages being compiled with a different set of modules (for details, see: Nginx packages in Debian stable). However, when performing more specific testing tasks, I sometimes need an exact particular version and have to compile it manually. So here are the required steps to build Nginx with SSL and SPDY modules enabled....

September 13, 2014 · 1 min

Nginx on FreeBSD

The purprose of this article is mostly to show how easy it is to compile and run custom builds of Nginx on FreeBSD, including third party modules which will be automatically fetched and built. For a comprehensive list of compile time options and included modules for Debian and Ubuntu packages, check the following article: Nginx packages in Debian stable. Installing Nginx via pkg: pkg install nginx By default, Nginx is compiled with the following options:...

July 15, 2014 · 1 min

Log rotation directly within Nginx configuration file

Ever since I discovered PostgreSQL allowed to embed variables in log_filename allowing to split logs without using logrotate or cronolog, I’ve been wanting to do the same with Nginx. As it turns out, it’s not only possible but also pretty easy to achieve, since Nginx introduced the possibility to use variables in access_log directives (added in 0.7.4), and the $time_iso8601 variable providing time in ISO 8601 format (added in 0.9.6)....

May 4, 2014 · 2 min

Enabling and testing SPDY support on Nginx

Since Nginx now supports the SPDY protocol (ngx_http_spdy_module appeared in Nginx 1.3.15), I decided to enable it on statdns.net, an SSL only site. Indeed, SPDY requires the use of SSL/TLS and cannot operate under plain HTTP. Enabling SPDY is pretty straightforward, all we need to do is to add the spdy parameter in the listen directives: listen 443 ssl spdy; listen [::]:443 ipv6only=on ssl spdy; Header compression level is customizable using the spdy_headers_comp directive, for example:...

December 12, 2013 · 1 min

Playing with Nginx GeoIP and Substitution modules

In this tutorial, we will build a site displaying the visitor IP address and geolocation by leveraging the power of nginx GeoIP and Substitution modules. If you are using Debian stable, the default nginx package have these modules compiled-in. In case you are using backports, then installing either nginx-full or nginx-extras will do. We start by fetching and unpacking the GeoIP Country and City databases: mkdir -p /usr/share/GeoIP cd /usr/share/GeoIP wget http://geolite....

April 3, 2013 · 2 min

Nginx packages in Debian stable

The latest version of nginx packaged in Debian stable (Squeeze) is 0.7.67, which was released on June 15th 2010 and is thus very old. Starting with Wheezy (the next iteration of Debian stable), there will be several different nginx packages available: nginx-light, nginx-full, nginx-extras, as well as a nginx-naxsi package bundling the NAXSI Web Application Firewall. Each package is being compiled with a different set of modules (including third party ones)....

March 29, 2013 · 5 min

Serving precompressed content with Nginx and Zopfli

Zopfli is a new compression algorithm which has recently been opensourced by Google. Being deflate compatible, it can create compressed files which can then be unpacked using zlib, and thus served to web browsers without any modifications on client side. Zopfli is focused on output efficiency, not on runtime performance, making it impractical to use for doing on-the-fly compression. It shines at compressing static content, and I will show you how in this article using Ascii Codes website as an example....

March 11, 2013 · 3 min