5 things
you didn’t know
NGINX could do
Sarah Novotny
Nginx, Inc.
Many people know NGINX as an HTTP request and load
balancing server that powers many of the world's busiest
websites. But,...
What is NGINX?
Internet
N
Web Server
Serve content from disk
Application Server
FastCGI, uWSGI, Passenger…
Proxy
Caching, ...
146,000,000
Websites
NGINX Accelerates
Advanced Features
Bandwidth Management
Content-based Routing
Request Manipulation
Response Rewriting
Application Acce...
23%
Top 1 million websites
39%
Top 10,000 websites
Some things you might not know
Form
spamming
Compress
assets
Thread
exhaustion
Rewrite
content
Online
upgrades
Configure
f...
Compress data to reduce
bandwidth
• Reduce bandwidth requirements per client
– Content Compression reduces text and HTML
–...
HTTP gzip module
• Provides Gzip capabilities so that responses from
NGINX are compressed to reduce file size
• Directives...
Gzip example
Enable gzip
gzip on;
Apply gzip for text, html and
CSS
gzip_types text/plain text/html text/css;
Enable gzip ...
HTTP image filter
• Provides inline image manipulation to
transform images for optimal delivery
• Directives can be used i...
HTTP image filter example
location /img/ {
proxy_pass http://backend;
image_filter resize 150 100;
image_filter rotate 90;...
We talk about the ‘N second rule’:
– 10 seconds
(Jakob Nielsen, March 1997)
– 8 seconds
(Zona Research, June 2001)
– 4 sec...
Stop brute force retries
• Stop brute force password attacks
• Stop form spamming
– Use the NGINX limit request module
HTTP limit req module
• Allows granular control of request processing
rate
• Directives an be used in http, server and
loc...
HTTP limit req module
http {
limit_req_zone $binary_remote_addr zone=one:10m
rate=1r/s;
…
server {
…
location /search/ {
l...
Protect Apache from thread
exhaustion attacks
• Use NGINX in front of Apache
• Mitigates ‘slow loris’, ‘keep dead’ and ‘fr...
What is thread exhaustion?
http process
http process
http process
http process
http process
http process
http process
Clie...
How NGINX mitigates thread
exhaustion
N
Large numbers of clients,
with long-term keepalive connections
NGINX reduces conne...
Rewrite content inline
• Use the power of substitution to simplify updates
• Directives can be used in the http, server an...
HTTP sub filter example
location / {
sub_filter_once off;
sub_filter_types text/html;
sub_filter “__copyright_date__” “201...
Online Binary updates and
configuration changes
• Update either the configuration files or the
binary without losing any c...
Configuration file update
[root@localhost ~]# nginx -s reload
[root@localhost ~]#
Yep. It’s that simple
Binary Upgrade
[root@localhost ~]# cat /var/run/nginx.pid
1991
[root@localhost ~]# kill –USR2 1991
• Choose your method of...
Binary Upgrade
[root@localhost ~]# ps -ef |grep nginx
root 1991 1 0 08:06 ? 00:00:00 nginx: master
process /usr/sbin/nginx...
Binary Upgrade
[root@localhost ~]# kill –WINCH 1991
[root@localhost ~]# kill –QUIT 1991
• Verify things are working as exp...
nginx –V gives a nearly
complete configuration
script for compiling
Configure Flags
[root@localhost ~]# nginx -V
nginx version: nginx/1.5.7
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI suppor...
A/B testing
Internet
N
Content A
HTTP traffic
Content B
Split Clients Module
http {
split_clients "${remote_addr}AAA" $variant {
0.5% .A;
2.0% .B;
* "”;
}
server {
location / {
i...
Measurement
and analysis is left as
an exercise to the
reader
Include Directive
• Includes files
• Directives can be used in the any context
• Key directives
– include
HTTP include example
http {
include /etc/nginx/conf.d/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sit...
Manipulate proxy headers
• Mask content source (like assets in S3)
• Manage proxy behavior
• Inject your own headers (host...
Proxy Header Manipulation
• Allows perception management of content
delivery through headers
• Directives can be used in t...
Proxy hide header example
location / {
proxy_pass http://your_bucket.s3.amazonaws.com;
proxy_hide_header x-amz-id-2;
proxy...
Proxy set header example
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Re...
More resources
• Check out our blog on nginx.com
• Webinars: nginx.com/webinars
Try:
NGINX F/OSS (nginx.org)
NGINX Plus (n...
Thanks for your time!
@sarahnovotny
Evangelist, NGINX
Program Chair, OSCON
Upcoming SlideShare
Loading in...5
×

5 things you didn't know nginx could do velocity

1,339

Published on

NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we’ll cover several things that most developers or administrators could implement to further delight their end users.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,339
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • Story starts with a single guy, Igor Sysoev
    What was originally a tool for managing concurrency hos evolved into a Web Application Accelerator
    Not because of vision but user driven innovation
  • Top 37%

    These tend to be successful websites, generating revenue and featuring well in google search results
  • Top 37%

    These tend to be successful websites, generating revenue and featuring well in google search results

  • Size: outputs json about image

    Rotate is also an option.
  • You can also crop
  • Story about int’l flight with metered transfer
  • sets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error 503 (Service Temporarily Unavailable). By default, the maximum burst size is equal to zero.
  • This can be granularly set up for specific portions of the site like /search or /registration or the like.
  • It’s all about concurrency…
  • It’s all about concurrency…
  • Sets a string to replace and a replacement string. The string to replace is matched ignoring the case. The replacement string can contain variables.


    Google Tags

    sub_filter_types is text/html by default


    Gottchas --- compressed content

    3rd party module that does regex and fixed string

    Nginx_substitutitions_filter
  • You can also crop
  • You can also crop
  • You can also crop
  • You can also crop
  • You can also crop
  • value of the original string is hashed using MurmurHash2
  • By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-...” from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the proxy_pass_header directive can be used.
  • X-Accel-Expires”, “Expires”, “Cache-Control”, and “Set-Cookie” set the parameters of response caching;
    “X-Accel-Redirect” performs an internal redirect to the specified URI;
    “X-Accel-Limit-Rate” sets the rate limit for transmission of a response to a client;
    “X-Accel-Buffering” enables or disables buffering of a response;
    “X-Accel-Charset” sets the desired charset of a response.
  • Transcript of "5 things you didn't know nginx could do velocity"

    1. 1. 5 things you didn’t know NGINX could do Sarah Novotny Nginx, Inc.
    2. 2. Many people know NGINX as an HTTP request and load balancing server that powers many of the world's busiest websites. But, there are a lot of ancillary pieces that go into the software to make it a whole web application accelerator.
    3. 3. What is NGINX? Internet N Web Server Serve content from disk Application Server FastCGI, uWSGI, Passenger… Proxy Caching, Load Balancing… HTTP traffic
    4. 4. 146,000,000 Websites NGINX Accelerates
    5. 5. Advanced Features Bandwidth Management Content-based Routing Request Manipulation Response Rewriting Application Acceleration SSL and SPDY termination Authentication Video Delivery Mail Proxy GeoLocation Performance Monitoring High Availability
    6. 6. 23% Top 1 million websites 39% Top 10,000 websites
    7. 7. Some things you might not know Form spamming Compress assets Thread exhaustion Rewrite content Online upgrades Configure flags A/B testing Include directive Manipulate proxy headers
    8. 8. Compress data to reduce bandwidth • Reduce bandwidth requirements per client – Content Compression reduces text and HTML – Image resampling reduces image sizes
    9. 9. HTTP gzip module • Provides Gzip capabilities so that responses from NGINX are compressed to reduce file size • Directives can be used in the http, server and location contexts • Key directives – gzip – gzip_types – gzip_proxied
    10. 10. Gzip example Enable gzip gzip on; Apply gzip for text, html and CSS gzip_types text/plain text/html text/css; Enable gzip compression for any proxied request gzip_proxy any; It is not advisable to enable gzip for binary content types such as images, word documents or videos
    11. 11. HTTP image filter • Provides inline image manipulation to transform images for optimal delivery • Directives can be used in the location context • Key directives – image_filter size; – image_filter resize width height; – image_filter crop width height;
    12. 12. HTTP image filter example location /img/ { proxy_pass http://backend; image_filter resize 150 100; image_filter rotate 90; error_page 415 = /empty; } location = /empty { empty_gif; }
    13. 13. We talk about the ‘N second rule’: – 10 seconds (Jakob Nielsen, March 1997) – 8 seconds (Zona Research, June 2001) – 4 seconds (Jupiter Research, June 2006) – 3 seconds (PhocusWright, March 2010)
    14. 14. Stop brute force retries • Stop brute force password attacks • Stop form spamming – Use the NGINX limit request module
    15. 15. HTTP limit req module • Allows granular control of request processing rate • Directives an be used in http, server and location contexts • Key directives – limit_req_zone – limit_req
    16. 16. HTTP limit req module http { limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; … server { … location /search/ { limit_req zone=one burst=5; } } }
    17. 17. Protect Apache from thread exhaustion attacks • Use NGINX in front of Apache • Mitigates ‘slow loris’, ‘keep dead’ and ‘front page of hacker news’ attacks
    18. 18. What is thread exhaustion? http process http process http process http process http process http process http process Client-side: Multiple Connections HTTP Keepalives Server-side: Limited concurrency
    19. 19. How NGINX mitigates thread exhaustion N Large numbers of clients, with long-term keepalive connections NGINX reduces connections to the minimum number necessary
    20. 20. Rewrite content inline • Use the power of substitution to simplify updates • Directives can be used in the http, server and location contexts • Key directives – sub_filter_once – sub_filter – sub_filter_types
    21. 21. HTTP sub filter example location / { sub_filter_once off; sub_filter_types text/html; sub_filter “__copyright_date__” “2014”; }
    22. 22. Online Binary updates and configuration changes • Update either the configuration files or the binary without losing any connections
    23. 23. Configuration file update [root@localhost ~]# nginx -s reload [root@localhost ~]#
    24. 24. Yep. It’s that simple
    25. 25. Binary Upgrade [root@localhost ~]# cat /var/run/nginx.pid 1991 [root@localhost ~]# kill –USR2 1991 • Choose your method of binary installation • Replace the binary
    26. 26. Binary Upgrade [root@localhost ~]# ps -ef |grep nginx root 1991 1 0 08:06 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 2974 1991 0 08:22 ? 00:00:00 nginx: worker process nginx 2975 1991 0 08:22 ? 00:00:00 nginx: worker process root 3123 2948 0 08:43 pts/0 00:00:00 grep nginx root 3124 1991 0 08:43 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
    27. 27. Binary Upgrade [root@localhost ~]# kill –WINCH 1991 [root@localhost ~]# kill –QUIT 1991 • Verify things are working as expected (you can still back out gracefully at this point)
    28. 28. nginx –V gives a nearly complete configuration script for compiling Configure Flags
    29. 29. [root@localhost ~]# nginx -V nginx version: nginx/1.5.7 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx/ --sbin- path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error- log-path=/var/log/nginx/error.log --http-log- path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid -- lock-path=/var/run/nginx.lock --http-client-body-temp- path=/var/cache/nginx/client_temp --http-proxy-temp- path=/var/cache/nginx/proxy_temp --http-fastcgi-temp- path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp- path=/var/cache/nginx/uwsgi_temp --http-scgi-temp- path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with- http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --etc
    30. 30. A/B testing Internet N Content A HTTP traffic Content B
    31. 31. Split Clients Module http { split_clients "${remote_addr}AAA" $variant { 0.5% .A; 2.0% .B; * "”; } server { location / { index index${variant}.html;
    32. 32. Measurement and analysis is left as an exercise to the reader
    33. 33. Include Directive • Includes files • Directives can be used in the any context • Key directives – include
    34. 34. HTTP include example http { include /etc/nginx/conf.d/mime.types; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
    35. 35. Manipulate proxy headers • Mask content source (like assets in S3) • Manage proxy behavior • Inject your own headers (host header or x- forward-for etc)
    36. 36. Proxy Header Manipulation • Allows perception management of content delivery through headers • Directives can be used in the http, server and location contexts • Key directives – proxy_hide_header – proxy_set_header – proxy_ignore_header
    37. 37. Proxy hide header example location / { proxy_pass http://your_bucket.s3.amazonaws.com; proxy_hide_header x-amz-id-2; proxy_hide_header x-amz-meta-s3fox-filesize; proxy_hide_header x-amz-request-id; proxy_hide_header x-amz-meta-s3fox-modifiedtime; ... }
    38. 38. Proxy set header example location / { proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; ... }
    39. 39. More resources • Check out our blog on nginx.com • Webinars: nginx.com/webinars Try: NGINX F/OSS (nginx.org) NGINX Plus (nginx.com)
    40. 40. Thanks for your time! @sarahnovotny Evangelist, NGINX Program Chair, OSCON
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×