Home

Nginx: the High-Performance Web Server and Reverse Proxy

Issue 173

From Issue #173
September 2008

Sep 01, 2008  By Will Reese
 in
Having performance issues with your Web server? Maybe the Russians can help.
Static Web Server

Now that we covered the main configuration file, let's create a config file for a basic Web site. Before we begin, we need to disable the default site that Ubuntu created for us: 

# rm -f /etc/nginx/sites-enabled/default

Now, create a new configuration file called /etc/nginx/sites-available/basic with the following contents: 

server {
  listen  127.0.0.1:80;
  server_name  basic;
  access_log  /var/log/nginx/basic.access.log;
  error_log  /var/log/nginx/basic.error.log;
  location  / {
    root  /var/www/basic;
    index  index.html index.htm;
  }
}

Create the root directory and index.html file: 

# mkdir /var/www/basic
# cd /var/www/basic
# echo "Basic Web Site" > index.html

Enable the site and restart Nginx: 

# cd /etc/nginx/sites-enabled
# ln -s ../sites-available/basic . 
# /etc/init.d/nginx restart

If you open http://127.0.0.1/ in your browser, you should see a page with “Basic Web Site”. As you can see, it is very easy to create a new site using Nginx.

Let's go over the new configuration file we created. The server directive is used to define a new virtual server, and all of its settings are enclosed in braces. The listen directive indicates the IP and port on which this server will accept requests, and server_name sets the hostname for your virtual server. As I mentioned earlier, the access_log and error_log settings can be set on a per-site basis. It is usually a good idea to provide each site with its own set of log files.

Next is the location directive, which allows you to modify the settings for different parts of your site. In our case, we have only one location for the entire site. However, you can have multiple location directives, and you can use regular expressions to define them. We have two other directives inside our location block: root and index. The root directive is used to define the document root for this location. This means a request for /img/test.gif would look for the file /var/www/localhost/img/test.gif. Finally, the index directive tells Nginx what files to use as the default file for this location.

Static Web Server with SSL

Some Web sites, such as on-line stores, require secure communication (HTTPS) to protect credit-card transactions and customer information. Like Apache, Nginx supports HTTPS via an SSL module, and it's very easy to set up.

First, you need to generate an SSL certificate. The openssl command will ask you a bunch of questions, but you simply can press Enter for each one: 

# apt-get install openssl
# mkdir /etc/nginx/ssl
# cd /etc/nginx/ssl
# openssl req -new -x509 -nodes -out server.crt -keyout server.key

Create a new config file called /etc/nginx/sites-available/secure, which contains the following: 

server {
  listen   127.0.0.1:443;
  server_name  secure;
  access_log  /var/log/nginx/secure.access.log;
  error_log  /var/log/nginx/secure.error.log;
  ssl on;
  ssl_certificate /etc/nginx/ssl/server.crt;  
  ssl_certificate_key /etc/nginx/ssl/server.key;  
  location / {
    root   /var/www/secure;
    index  index.html index.htm;
  }
}

Create the root directory and index.html file: 

# mkdir /var/www/secure
# cd /var/www/secure
# echo "Secure Web Site" > index.html

Enable the site and restart Nginx: 

# cd /etc/nginx/sites-enabled
# ln -s ../sites-available/secure . 
# /etc/init.d/nginx restart

If you open https://127.0.0.1/ in your browser (note the https), you probably will get a warning about not being able to verify the certificate. That's because we are using a self-signed certificate for this example. Go ahead and tell your browser to accept the certificate, and you should see a page with “Secure Web Site”.

This config file is very similar to our previous config, but there are a few differences. First, notice that this new server is listening on port 443, which is the standard port for HTTPS. Second, we enabled the SSL module with the line ssl on;. If you compiled Nginx yourself instead of using the Ubuntu package, you need to make sure you specified --with-http_ssl_module when you ran ./configure; otherwise, the SSL module will not be available. Third, we used the ssl_certificate and ssl_certificate_key directives to point to the certificate and key we created earlier.

Virtual Hosting

In many cases, you will want to run multiple Web sites from a single server. This is called virtual hosting, and Nginx supports both IP- and name-based vhosts.

Let's create two virtual hosts: one.example.com and two.example.com. First, we need to add a line to our /etc/hosts file, so that one.example.com and two.example.com point to our server (normally you would do this using DNS): 

# echo "127.0.0.1 one.example.com two.example.com" >> /etc/hosts

Now, we need to create a configuration file for each site. First, create a file called /etc/nginx/sites-available/one with the following contents: 

server {
  listen   127.0.0.1:80;
  server_name  one.example.com;
  access_log  /var/log/nginx/one.access.log;
  error_log /var/log/nginx/one.error.log;
  location / {
    root   /var/www/one;
    index  index.html index.htm;
  }
}

Then, make a copy of that file called /etc/nginx/sites-available/two, and replace each occurrence of “one” with “two”: 

# cd /etc/nginx/sites-available
# cp one two
# sed -i "s/one/two/" two

Create the root directories and index.html files: 

# mkdir /var/www/{one,two}
# echo "Site 1" > /var/www/one/index.html
# echo "Site 2" > /var/www/two/index.html

Enable the sites and restart Nginx: 

# cd /etc/nginx/sites-enabled
# ln -s ../sites-available/one .
# ln -s ../sites-available/two .
# /etc/init.d/nginx restart

If you open http://one.example.com/ in your browser, you should see a page with “Site 1”. For http://two.example.com/, you should see “Site 2”.

We just created two name-based virtual hosts running on 127.0.0.1 by changing the server_name directive. For IP-based virtual hosts, simply change the listen directive to use a different IP for each site.

Now, go ahead and disable these two virtual hosts: 

# rm -f /etc/nginx/sites-enabled/one
# rm -f /etc/nginx/sites-enabled/two
# /etc/init.d/nginx restart

Don't forget to remove the line we added to /etc/hosts when you are done.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

nginx installation on windows

Anonymous's picture
Submitted by Anonymous on Sun, 02/28/2010 - 21:56.

http://magztitut.wordpress.com/2009/12/17/installing-nginx-php-on-wndows-server-2003-with-moodle-wordpress-virtual-host-configuration/

Centos SETUP

M.T.'s picture
Submitted by M.T. (not verified) on Thu, 09/17/2009 - 12:26.

Hello,
I wrote a small article for Redhat based OS. Here is the article: NGINX, PHP-CGI, SPAWN-FCI, FTP, VHOSTS, MYSQL | centos-fedora-redhat

Thanks

1001 Fonts's picture
Submitted by 1001 Fonts (not verified) on Tue, 09/01/2009 - 04:18.

This helped me set up a reverse proxy. All I need to figure out now is how to use the caching ability of the nginx proxy.

Excellent

Anonymous's picture
Submitted by Anonymous (not verified) on Mon, 05/18/2009 - 17:06.

Thanks to Igor Sysoev for creating this excellent piece of software and thanks to you Will for this excellent piece of article! :-)

Hands down

mBma's picture
Submitted by mBma (not verified) on Thu, 04/16/2009 - 14:03.

This is probably the best tutorial i've read ever!

huh?

Anonymous's picture
Submitted by Anonymous (not verified) on Thu, 02/19/2009 - 18:16.

apt-get rocks

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions