NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.
2. Many people know NGINX as an HTTP request and load
balancing server that powers many of the world's busiest
websites. But, there are a lot of ancillary pieces that go into
the software to make it a whole web application accelerator.
3. What is NGINX?
Internet
N
Web Server
Serve content from disk
Application Server
FastCGI, uWSGI, Passenger…
Proxy
Caching, Load Balancing… HTTP traffic
7. Those 5 things --
1. Compress assets for delivery
2. Stop form spamming
3. Protect Apache from thread exhaustion attacks
4. Rewrite content inline
5. Online updates
Bonus: determine a nearly complete command
for the configure script
8. 1. Compress data to reduce
bandwidth
• Reduce bandwidth requirements per client
– Content Compression reduces text and HTML
– Image resampling reduces image sizes
13. We talk about the ‘N second rule’:
– 10 seconds
(Jakob Nielsen, March 1997)
– 8 seconds
(Zona Research, June 2001)
– 4 seconds
(Jupiter Research, June 2006)
– 3 seconds
(PhocusWright, March 2010)
14. 2. Stop brute force retries
• Stop brute force password attacks
• Stop form spamming
– Use the NGINX limit request module
15. HTTP limit req module
• Allows granular control of request processing
rate
• Directives an be used in http, server and
location contexts
• Key directives
– limit_req_zone
– limit_req
17. 3. Protect Apache from thread
exhaustion attacks
• Use NGINX in front of Apache
• Mitigates ‘slow loris’, ‘keep dead’ and ‘front
page of hacker news’ attacks
18. What is thread exhaustion?
http process
http process
http process
http process
http process
http process
http process
Client-side:
Multiple
Connections
HTTP Keepalives
Server-side:
Limited
concurrency
19. How NGINX mitigates thread
exhaustion
N
Large numbers of clients,
with long-term keepalive connections
NGINX reduces connections
to the minimum number
necessary
20. 4. Rewrite content inline
• Use the power of substitution to simplify updates
• Directives can be used in the http, server and location
contexts
• Key directives
– sub_filter_once
– sub_filter
– sub_filter_types
21. HTTP sub module example
21
location / {
sub_filter_once off;
sub_filter_types text/html;
sub_filter “__copyright_date__” “2014”;
}
22. 5. Online Binary updates and
configuration changes
• Update either the configuration files or the
binary without losing any connections
27. Binary update
[root@localhost ~]# kill –WINCH 1991
• Verify things are working as expected
(you can still back out gracefully at this point)
[root@localhost ~]# kill –QUIT 1991
30. More resources
• Check out our blog on nginx.com
• Webinars: nginx.com/webinars
Try NGINX F/OSS (nginx.org) or NGINX Plus
(nginx.com)
31. Thanks for your time!
@sarahnovotny
Evangelist, NGINX
Program Chair, OSCON
Notas do Editor
Story starts with a single guy, Igor Sysoev
What was originally a tool for managing concurrency hos evolved into a Web Application Accelerator
Not because of vision but user driven innovation
Top 37%
These tend to be successful websites, generating revenue and featuring well in google search results
Size: outputs json about image
Rotate is also an option.
You can also crop
Story about int’l flight with metered transfer
sets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error 503 (Service Temporarily Unavailable). By default, the maximum burst size is equal to zero.
This can be granularly set up for specific portions of the site like /search or /registration or the like.
It’s all about concurrency…
It’s all about concurrency…
Sets a string to replace and a replacement string. The string to replace is matched ignoring the case. The replacement string can contain variables.
sub_filter_types is text/html by default