5 things you didn't know nginx could do
•Transferir como PPTX, PDF•
17 gostaram•8,930 visualizações
NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a 5 things you didn't know nginx could do
Semelhante a 5 things you didn't know nginx could do (20)
Mais de sarahnovotny
Mais de sarahnovotny (14)
Último
Último (20)
5 things you didn't know nginx could do
- 1. 5 things you didn’t know NGINX could do Sarah Novotny Nginx, Inc.
- 2. Many people know NGINX as an HTTP request and load balancing server that powers many of the world's busiest websites. But, there are a lot of ancillary pieces that go into the software to make it a whole web application accelerator.
- 3. What is NGINX? Internet N Web Server Serve content from disk Application Server FastCGI, uWSGI, Passenger… Proxy Caching, Load Balancing… HTTP traffic
- 5. Advanced Features Bandwidth Management Content-based Routing Request Manipulation Response Rewriting Application Acceleration SSL and SPDY termination Authentication Video Delivery Mail Proxy GeoLocation Performance Monitoring High Availability
- 6. 22% Top 1 million websites 37% Top 1,000 websites
- 7. Those 5 things -- 1. Compress assets for delivery 2. Stop form spamming 3. Protect Apache from thread exhaustion attacks 4. Rewrite content inline 5. Online updates Bonus: determine a nearly complete command for the configure script
- 8. 1. Compress data to reduce bandwidth • Reduce bandwidth requirements per client – Content Compression reduces text and HTML – Image resampling reduces image sizes
- 9. HTTP gzip module • Provides Gzip capabilities so that responses from NGINX are compressed to reduce file size • Directives can be used in the http, server and location contexts • Key directives – gzip – gzip_types – gzip_proxied © Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx, Inc. 9
- 10. Gzip example © Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx, Inc. 10 It is not advisable to enable gzip for binary content types such as images, word documents or videos Enable gzip gzip on; Apply gzip for text, html and CSS gzip_types text/plain text/html text/css; Enable gzip compression for any proxied request gzip_proxy any;
- 11. HTTP image filter • Provides inline image manipulation to transform images for optimal delivery • Directives can be used in the location context • Key directives – image_filter size; – image_filter resize width height; – image_filter crop width height; 11
- 12. HTTP image filter example 12 location /img/ { proxy_pass http://backend; image_filter resize 150 100; image_filter rotate 90; error_page 415 = /empty; } location = /empty { empty_gif; }
- 13. We talk about the ‘N second rule’: – 10 seconds (Jakob Nielsen, March 1997) – 8 seconds (Zona Research, June 2001) – 4 seconds (Jupiter Research, June 2006) – 3 seconds (PhocusWright, March 2010)
- 14. 2. Stop brute force retries • Stop brute force password attacks • Stop form spamming – Use the NGINX limit request module
- 15. HTTP limit req module • Allows granular control of request processing rate • Directives an be used in http, server and location contexts • Key directives – limit_req_zone – limit_req
- 16. HTTP limit req module http { limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; … server { … location /search/ { limit_req zone=one burst=5; } } }
- 17. 3. Protect Apache from thread exhaustion attacks • Use NGINX in front of Apache • Mitigates ‘slow loris’, ‘keep dead’ and ‘front page of hacker news’ attacks
- 18. What is thread exhaustion? http process http process http process http process http process http process http process Client-side: Multiple Connections HTTP Keepalives Server-side: Limited concurrency
- 19. How NGINX mitigates thread exhaustion N Large numbers of clients, with long-term keepalive connections NGINX reduces connections to the minimum number necessary
- 20. 4. Rewrite content inline • Use the power of substitution to simplify updates • Directives can be used in the http, server and location contexts • Key directives – sub_filter_once – sub_filter – sub_filter_types
- 21. HTTP sub module example 21 location / { sub_filter_once off; sub_filter_types text/html; sub_filter “__copyright_date__” “2014”; }
- 22. 5. Online Binary updates and configuration changes • Update either the configuration files or the binary without losing any connections
- 23. Configuration file update 23 [root@localhost ~]# nginx -s reload [root@localhost ~]#
- 24. 24 Yep. It’s that simple
- 25. Binary update • Choose your method of binary installation • Replace the binary [root@localhost ~]# cat /var/run/nginx.pid 1991 [root@localhost ~]# kill –USR2 1991
- 26. Binary update [root@localhost ~]# ps -ef |grep nginx root 1991 1 0 08:06 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 2974 1991 0 08:22 ? 00:00:00 nginx: worker process nginx 2975 1991 0 08:22 ? 00:00:00 nginx: worker process root 3123 2948 0 08:43 pts/0 00:00:00 grep nginx root 3124 1991 0 08:43 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
- 27. Binary update [root@localhost ~]# kill –WINCH 1991 • Verify things are working as expected (you can still back out gracefully at this point) [root@localhost ~]# kill –QUIT 1991
- 28. Bonus: nginx –V gives a nearly complete configuration script for compiling
- 29. [root@localhost ~]# nginx -V nginx version: nginx/1.5.7 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx/ --sbin- path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error- log-path=/var/log/nginx/error.log --http-log- path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid -- lock-path=/var/run/nginx.lock --http-client-body-temp- path=/var/cache/nginx/client_temp --http-proxy-temp- path=/var/cache/nginx/proxy_temp --http-fastcgi-temp- path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp- path=/var/cache/nginx/uwsgi_temp --http-scgi-temp- path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with- http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --etc
- 30. More resources • Check out our blog on nginx.com • Webinars: nginx.com/webinars Try NGINX F/OSS (nginx.org) or NGINX Plus (nginx.com)
- 31. Thanks for your time! @sarahnovotny Evangelist, NGINX Program Chair, OSCON
Notas do Editor
- Story starts with a single guy, Igor Sysoev What was originally a tool for managing concurrency hos evolved into a Web Application Accelerator Not because of vision but user driven innovation
- Top 37% These tend to be successful websites, generating revenue and featuring well in google search results
- Size: outputs json about image Rotate is also an option.
- You can also crop
- Story about int’l flight with metered transfer
- sets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error 503 (Service Temporarily Unavailable). By default, the maximum burst size is equal to zero.
- This can be granularly set up for specific portions of the site like /search or /registration or the like.
- It’s all about concurrency…
- It’s all about concurrency…
- Sets a string to replace and a replacement string. The string to replace is matched ignoring the case. The replacement string can contain variables. sub_filter_types is text/html by default
- You can also crop
- You can also crop
- You can also crop
- You can also crop
- You can also crop