nginx

Common configurations of nginx

By inRemark No Comments #nginx #Proxy

Nginx is a high-performance HTTP and reverse proxy server that can be used for load balancing, caching, rate limiting, and more. Below are some commonly used Nginx configurations.

Table of Contents

Static Resource Server

Below is a configuration example for serving static files with Nginx:

server {
    listen       80;
    server_name  www.example.com;

    # Static resource root directory
    root         /var/www/html;
    # Default index files
    index        index.html index.htm;

    # Main location block: directly serve the requested static file; if not found, return 404
    location / {
        try_files $uri $uri/ =404;
    }

    # For images, CSS, JavaScript and other static resources, set cache control
    location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 30d;
        add_header Cache-Control "public";
        try_files $uri $uri/ =404;
    }
}

Nginx SSL Configuration

server {
    # Listen on port 443 with SSL and HTTP/2 enabled
    listen 443 ssl http2;  
    # Server name
    server_name example.com;  

    # Paths to SSL certificate and private key
    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    # SSL session cache settings
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;

    # SSL protocols and cipher suites configuration
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # Enable OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    location / {
        # All requests are proxied to http://localhost:8080
        proxy_pass http://localhost:8080;  
        # Use HTTP/1.1 protocol
        proxy_http_version 1.1;  
        # Set Upgrade header for WebSocket support
        proxy_set_header Upgrade $http_upgrade; 
        # Set Connection header for WebSocket support 
        proxy_set_header Connection "upgrade";  
    }
}

Nginx Cache Configuration

# Define the cache path and parameters for proxy caching.
# proxy_cache_path /data/nginx/cache: the path where cached files are stored.
# levels=1:2: defines a two-level directory structure for caching.
# keys_zone=my_cache:10m: allocates a shared memory zone named "my_cache" with 10MB size to store cache keys and metadata.
# max_size=10g: sets the maximum cache size to 10GB.
# inactive=60m: defines the expiration time; if a cached file is not accessed within this period, it will be removed.
# use_temp_path=off: disables temporary file storage, meaning cache files are written directly to the specified path.
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;

server {
    listen 80;
    server_name www.example.com;
    location / {
        # Name of the proxy cache is "my_cache"
        proxy_cache my_cache;  
        # Responses with status 200 and 304 are cached for 12 hours
        proxy_cache_valid 200 304 12h;
        # Responses with status 301 and 302 are cached for 1 day
        proxy_cache_valid 301 302 1d; 
        # All other responses are cached for 1 minute
        proxy_cache_valid any 1m; 
        # Set the cache key format including the host, URI, and query string
        proxy_cache_key $host$uri$is_args$args; 
        # Specify the backend server address
        proxy_pass http://localhost:8080/; 
    }
}

Nginx Rate Limiting Configuration

# Define a new rate limiting zone "my_limit" with 10MB, limiting each client's request rate to 1 request per second.
# $binary_remote_addr represents the client's IP address.
limit_req_zone $binary_remote_addr zone=my_limit:10m rate=1r/s;

server {
    listen 80;
    server_name www.example.com;
    location / {
        # Proxy all HTTP requests to http://localhost:8080 and limit each client to 1 request per second,
        # allowing a burst of up to 5 requests without delay.
        limit_req zone=my_limit burst=5 nodelay; 
        proxy_pass http://localhost:8080;
    }
}

Reverse Proxy Server Configuration

Basic Reverse Proxy

Proxy all requests to a backend service:

server {  
    listen 80;  
    # Server block: handles requests when the Host header matches
    server_name www.example.com;  
    # Define a location block matching all URLs
    location / {
        # All requests in this location block are proxied to http://localhost:8080
        proxy_pass http://localhost:8080;  
    }
}

Reverse Proxy with Common Headers

server {
    listen 80;
    server_name example.com;

    # Enable gzip compression
    gzip on;
    # Set minimum file size for gzip compression (1KB)
    gzip_min_length 1024;  
    # Set gzip compression level (1-9, with 6 as a compromise)
    gzip_comp_level 6;  
    # Specify file types to be compressed
    gzip_types text/plain application/xml application/json application/javascript text/css;  
    # Enable Vary header to make compression conditional based on Accept-Encoding
    gzip_vary on;  

    location / {
        root /html;
    }

    # It is recommended to end the location with a slash.
    location /api/ {  
        # With trailing slash, the backend URI will not append the location string
        proxy_pass http://localhost:8080/; 
        # Set the Host header to the client's request host
        proxy_set_header Host $host; 
        # Set the X-Real-IP header to the client's IP address
        proxy_set_header X-Real-IP $remote_addr; 
        # Set the X-Forwarded-For header with the client and proxy IP addresses
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    }

    # Example:
    # Browser request: http://domain.com/api/test.do
    # Backend request: http://localhost:8080/test.do

    location /api2/ {  
        proxy_pass http://localhost:8080/api2/; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # If the backend URI requires the location path, explicit configuration is needed.
    # Browser request: http://domain.com/api2/test.do
    # Backend request: http://localhost:8080/api2/test.do
}

Reverse Proxy with WebSocket Support

server {
    listen 80;
    server_name example.com;

    location / {
        root /html;
    }

    location /api/ {
        proxy_pass http://localhost:8080/;
        # Use HTTP/1.1 protocol
        proxy_http_version 1.1; 
        # Set Upgrade header for WebSocket connections
        proxy_set_header Upgrade $http_upgrade;     
        # Set Connection header for WebSocket connections
        proxy_set_header Connection "upgrade";      
    }
}

Reverse Proxy with Load Balancing

http {
    upstream backend {
        # Uncomment ip_hash for session persistence if needed
        # ip_hash;
        server backend1.example.com;
        server backend2.example.com;
        server backend3.example.com;
    }

    server {
        listen 80;
        server_name example.com;

        location / {
            root /html;
        }

        location /api/ {
            # Uncomment if you need to limit client request body size (e.g., 20M)
            # client_max_body_size 20M; 
            proxy_pass http://backend;
        }
    }
}

By inRemark

Related Post

nginx

Nginx Introduction

inRemark
nginx

Nginx Cache Strategies

inRemark

Leave a Reply

You Missed

nginx

Nginx Introduction

nginx

Common configurations of nginx

nginx

Nginx Cache Strategies

uncategorized

Hello world!