Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.


NGINX Overview and Technical Aspects
Into The Box 2019
Introduction to NGINX and the Application Platform
Getting Started!
Examples
NGINX Controller / Demo (if time persists)
1
...
Introduction
“I wanted people to use it, so I
made it open source.”
- Igor Sysoev, NGINX creator and founder
450 million
Total sites running on NGINX and counting…
Source: Netcraft March 2018 Web Server Survey
56%
of the Top 100,000 most popular websites
Source: : W3Techs Web Technology Survey137
High Performance Webserver and Reverse Proxy
Web Server
#nginx #nginxconf8
Core NGINX (F/OSS)
HTTP2
JSON Logging
Stream Module (TCP… UDP)
Multi Datagram UDP Support
Thread Pools
...
Flawless Application Delivery for the Modern Web
Load Balancer Content Cache WebServer Monitoring &
Management
Security
Co...
About NGINX, Inc.
• Founded in 2011, NGINX Plus first released in
2013
• VC-backed by enterprise software industry
leaders...
Our Customers
NGINX
Application
Platform
A suite of technologies
to develop and deliver
digital experiences
that span from legacy,
monol...
Today’s App Infrastructure Is Complex
13
NGINX Simplifies, Cuts Costs up to 80%
14
#nginx #nginxconf15
• Static Content (Web Server)
• TCP/UDP Load Balancing (L4)
• HTTP Load Balancing (L7)
• Reverse Proxy...
Getting Started!
NGINX Installation: Debian/Ubuntu
deb http://nginx.org/packages/mainline/OS/ CODENAME nginx
deb-src http://nginx.org/packa...
NGINX Installation: CentOS/Red Hat
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basear...
NGINX Plus Installation
• Visit cs.nginx.com/repo_setup
• Select OS from drop down list
• Instructions similar to OSS inst...
Verifying Installation
$ nginx -v
nginx version: nginx/1.15.0
$ ps -ef | grep nginx
root 1088 1 0 19:59 ? 00:00:00 nginx: ...
Verifying Installation
server {
listen
<parameters>;
location <url> {
----------------
}
}
upstream {
-------------------
}
server {
listen
<para...
Key NGINX Commands
• nginx –h Display NGINX help menu
• nginx –t Check if NGINX configuration is ok
• nginx –s reload Chec...
Examples
Simple Virtual Server
server {
listen 80 default_server;
server_name www.example.com;
return 200 “Hello World!”;
}
• serve...
Basic Web Server Configuration
server {
listen 80 default_server;
server_name www.example.com;
location /web/ {
root /usr/...
Basic Load Balancing Configuration
upstream my_upstream {
server server1.example.com;
server server2.example.com;
least_ti...
Basic Reverse Proxy Configuration
server {
location ~ ^(.+.php)(.*)$ {
fastcgi_split_path_info ^(.+.php)(.*)$;
# fastcgi_p...
Basic Caching Configuration
proxy_cache_path /path/to/cache levels=1:2
keys_zone=my_cache:10m
max_size=10g
inactive=60m us...
Basic SSL Configuration
server {
listen 80 default_server;
server_name www.example.com;
return 301 https://
$server_name$r...
Multiplexing Multiple Sites on One IP
server {
listen 80 default_server;
server_name www.pizza.com;
# ...
}
server {
liste...
Layer 7 Request Routing
server {
# ...
location /service1 {
proxy_pass http://upstream1;
}
location /service2 {
proxy_pass...
Modifications to main nginx.conf
user nginx;
worker_processes auto;
# ...
http {
# ...
keepalive_timeout 300s;
keepalive_r...
HTTP/1.1 Keepalive to Upstreams
upstream my_upstream {
server server1.example.com;
keepalive 32;
}
server {
location / {
p...
SSL Session Caching
server {
listen 443 ssl default_server;
server_name www.example.com;
ssl_certificate cert.crt;
ssl_cer...
HTTP2 / gRPC Proxying with SSL Termination
server {
listen 443 ssl http2;
ssl_certificate server.crt;
ssl_certificate_key ...
d
Active Health Checks
upstream my_upstream {
zone my_upstream 64k;
server server1.example.com slow_start=30s;
}
server {
...
Sticky Cookie Session Persistence
upstream my_upstream {
server server1.example.com;
server server2.example.com;
sticky co...
NGINX Stub Status Module
server {
location /basic_status {
stub_status;
}
}
• Provides aggregated NGINX
statistics
• Acces...
NGINX Plus Extended Status
• Provides detailed NGINX Plus
statistics
• Over 40+ additional metrics
• JSON data output
• Mo...
NGINX Access Logs
192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-"
"Mozilla/5.0 (Macintosh; Int...
NGINX Controller
Application Delivery Module for NGINX Controller
43
MORE INFORMATION AT
NGINX.COM
Request on that page.
nginx.com/developer-license
Kevin Jones
kevin.jones@nginx.com
Thank you for coming!!!
nginx.com | @nginxinc
@kevinjonescreates
@kevinjonescreates
@web...
Upcoming SlideShare
Loading in …5
×

of

ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 1 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 2 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 3 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 4 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 5 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 6 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 7 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 8 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 9 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 10 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 11 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 12 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 13 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 14 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 15 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 16 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 17 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 18 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 19 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 20 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 21 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 22 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 23 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 24 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 25 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 26 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 27 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 28 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 29 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 30 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 31 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 32 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 33 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 34 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 35 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 36 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 37 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 38 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 39 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 40 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 41 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 42 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 43 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 44 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 45 ITB2019 NGINX Overview and Technical Aspects - Kevin Jones Slide 46
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

ITB2019 NGINX Overview and Technical Aspects - Kevin Jones

Download to read offline

I will be giving a brief overview of the history of NGINX along with an overview of the features and functionality in the project as it stands today. I will give some real use case of example of how NGINX can be used to solve problems and eliminate complexity within infrastructure. I will then dive into the future of the modern web and how NGINX is monitoring and leveraging industry changes to enhance the product for individuals and companies in the industry.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

ITB2019 NGINX Overview and Technical Aspects - Kevin Jones

  1. 1. 
 NGINX Overview and Technical Aspects Into The Box 2019
  2. 2. Introduction to NGINX and the Application Platform Getting Started! Examples NGINX Controller / Demo (if time persists) 1 2 3 4 Agenda Q&A5
  3. 3. Introduction
  4. 4. “I wanted people to use it, so I made it open source.” - Igor Sysoev, NGINX creator and founder
  5. 5. 450 million Total sites running on NGINX and counting… Source: Netcraft March 2018 Web Server Survey
  6. 6. 56% of the Top 100,000 most popular websites Source: : W3Techs Web Technology Survey137
  7. 7. High Performance Webserver and Reverse Proxy Web Server
  8. 8. #nginx #nginxconf8 Core NGINX (F/OSS) HTTP2 JSON Logging Stream Module (TCP… UDP) Multi Datagram UDP Support Thread Pools Dynamic Modules JavaScript Module for NGINX ECC Certificate Support Linux Enhancements The Developmental Pillars Continued commitment to Community and Enterprise… NGINX Plus All of Core Plus: DNS SRV Record Support JWT Support (Auth) ModSecurity 3.0 WAF Application Health Checks High Availability Support Configuration Sync Dynamic Reconfiguration (API) Key Value Store (API) Live Activity Monitoring (API) Cache Management (API)
  9. 9. Flawless Application Delivery for the Modern Web Load Balancer Content Cache WebServer Monitoring & Management Security Controls
  10. 10. About NGINX, Inc. • Founded in 2011, NGINX Plus first released in 2013 • VC-backed by enterprise software industry leaders • Offices in SF, London, Cork, Japan, Singapore, Sydney, and Moscow • 1,600+ commercial customers • 200+ employees
  11. 11. Our Customers
  12. 12. NGINX Application Platform A suite of technologies to develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps.
  13. 13. Today’s App Infrastructure Is Complex 13
  14. 14. NGINX Simplifies, Cuts Costs up to 80% 14
  15. 15. #nginx #nginxconf15 • Static Content (Web Server) • TCP/UDP Load Balancing (L4) • HTTP Load Balancing (L7) • Reverse Proxy (Advanced L7 Routing) • Security Controls • Media Delivery (VOD and Live Streaming) • HTTP Content Caching • Modularity (Extendable via Modules, Scripting) Complete Application Delivery Platform
  16. 16. Getting Started!
  17. 17. NGINX Installation: Debian/Ubuntu deb http://nginx.org/packages/mainline/OS/ CODENAME nginx deb-src http://nginx.org/packages/mainline/OS/ CODENAME nginx Create /etc/apt/sources.list.d/nginx.list with the following contents: • OS – ubuntu or debian depending on your distro • CODENAME: - jessie or stretch for debian - trusty, xenial, artful, or bionic for ubuntu $ wget http://nginx.org/keys/nginx_signing.key $ apt-key add nginx_signing.key $ apt-get update $ apt-get install –y nginx $ /etc/init.d/nginx start
  18. 18. NGINX Installation: CentOS/Red Hat [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/ gpgcheck=0 enabled=1 Create /etc/yum.repos.d/nginx.repo with the following contents: • OS -- rhel or centos depending on your distro • OSRELEASE -- 6 or 7 for 6.x or 7.x versions, respectively $ yum –y install nginx $ systemctl enable nginx $ systemctl start nginx $ firewall-cmd --permanent --zone=public --add-port=80/tcp $ firewall-cmd --reload
  19. 19. NGINX Plus Installation • Visit cs.nginx.com/repo_setup • Select OS from drop down list • Instructions similar to OSS installation • Mostly just using a different repo and installing client certificate
  20. 20. Verifying Installation $ nginx -v nginx version: nginx/1.15.0 $ ps -ef | grep nginx root 1088 1 0 19:59 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/ nginx.conf nginx 1092 1088 0 19:59 ? 00:00:00 nginx: worker process
  21. 21. Verifying Installation
  22. 22. server { listen <parameters>; location <url> { ---------------- } } upstream { ------------------- } server { listen <parameters>; location <url> { ---------------- } } upstream { ------------------- } Key NGINX Files and Directories /etc/nginx/ ------------------------ -- ------------------------ -- http { ---------------------- include conf.d/ *.conf; } Global settings 
 (tunings, logs, etc) HTTP block nginx.conf virtualserver1.conf server { listen <parameters>; location <url> { ---------------- } } upstream { ------------------- } /etc/nginx/conf.d/ /var/log/nginx/ error.log access.log Important operational messages Record of each request (configurable) Listen for requests Rules to handle each request Optional: proxy to upstreams
  23. 23. Key NGINX Commands • nginx –h Display NGINX help menu • nginx –t Check if NGINX configuration is ok • nginx –s reload Check config is ok and gracefully reload NGINX processes • nginx –V Similar to –v, but with more detailed information • nginx –T Dump full NGINX configuration
  24. 24. Examples
  25. 25. Simple Virtual Server server { listen 80 default_server; server_name www.example.com; return 200 “Hello World!”; } • server defines the context for a virtual server • listen specifies IP/port NGINX should listen on. No IP means bind to all IPs on system • server_name specifies hostname of virtual server • return tells NGINX to respond directly to the request.
  26. 26. Basic Web Server Configuration server { listen 80 default_server; server_name www.example.com; location /web/ { root /usr/share/nginx/html; index index.html index.htm; } } • index: www.example.com -> /usr/share/nginx/html/index.html • root: www.example.com/i/file.txt -> /usr/share/nginx/html/i/file.txt • alias: www.example.com/i/file.txt -> /usr/share/nginx/html/file.txt • root specifies directory where files are stored • index defines files that will be used as an index
  27. 27. Basic Load Balancing Configuration upstream my_upstream { server server1.example.com; server server2.example.com; least_time; } server { location / { proxy_set_header Host $host; proxy_pass http://my_upstream; } } • upstream defines the load balancing pool • Default load balancing algorithm is round robin. Others available: • least_conn selects server with least amount of active connections • least_time factors in connection count and server response time. Available in NGINX Plus only. • proxy_pass links virtual server to upstream • By default NGINX rewrites Host header to name and port of proxied server. proxy_set_header overrides and passes through original client Host header.
  28. 28. Basic Reverse Proxy Configuration server { location ~ ^(.+.php)(.*)$ { fastcgi_split_path_info ^(.+.php)(.*)$; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } • Requires PHP FPM: apt-get install –y php7.0- fpm • Can also use PHP 5 • Similar directives available for uWSGI and SCGI. • Additional PHP FPM configuration may be required
  29. 29. Basic Caching Configuration proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { location / { proxy_cache my_cache; proxy_set_header Host $host; proxy_pass http://my_upstream; } } • proxy_cache_path defines the parameters of the cache. • keys_zone defines the size of memory to store cache keys in. A 1 MB zone can store data for about 8,000 keys. • max_size sets upper limit of cache size. Optional. • inactive defines how long an object can stay in cache without being accessed. Default is 10 m. • proxy_cache enables caching for the context it is in
  30. 30. Basic SSL Configuration server { listen 80 default_server; server_name www.example.com; return 301 https:// $server_name$request_uri; } server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt; ssl_certificate_key cert.key; location / { root /usr/share/nginx/html; index index.html index.htm; } } • Force all traffic to SSL is good for security and SEO • Use Let’s Encrypt to get free SSL certificates, see: nginx.com/ blog/using-free-ssltls- certificates-from-lets- encrypt-with-nginx
  31. 31. Multiplexing Multiple Sites on One IP server { listen 80 default_server; server_name www.pizza.com; # ... } server { listen 80; server_name www.tacos.com; # ... } server { listen 80; server_name www.sushi.com; # ... } • NGINX can multiplex a single IP/ port using the Host: header. • default_server defines the virtual server to use if Host header is empty. It is best practice to have a default_server.
  32. 32. Layer 7 Request Routing server { # ... location /service1 { proxy_pass http://upstream1; } location /service2 { proxy_pass http://upstream2; } location /service3 { proxy_pass http://upstream3; } } • location blocks are used to do Layer 7 routing based on URL • Regex matching can also be used in location blocks
  33. 33. Modifications to main nginx.conf user nginx; worker_processes auto; # ... http { # ... keepalive_timeout 300s; keepalive_requests 100000; } • Set in main nginx.conf file • Default value for worker_processes varies on system and installation source • auto means to create one worker process per core. This is recommended for most deployments. • keepalive_timeout controls how long to keep idle connections to clients open. Default: 75s • keeplive_requests Max requests on a single client connection before its closed • keepalive_* can also be set per virtual server
  34. 34. HTTP/1.1 Keepalive to Upstreams upstream my_upstream { server server1.example.com; keepalive 32; } server { location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://my_upstream; } } • keepalive enables TCP connection cache • By default NGINX uses HTTP/1.0 with Connection: Close • proxy_http_version upgrades connection to HTTP/1.1 • proxy_set_header enables keepalive by clearing Connection: Close HTTP header
  35. 35. SSL Session Caching server { listen 443 ssl default_server; server_name www.example.com; ssl_certificate cert.crt; ssl_certificate_key cert.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; } • Improves SSL/TLS performance • 1 MB session cache can store about 4,000 sessions • Cache shared across all NGINX workers
  36. 36. HTTP2 / gRPC Proxying with SSL Termination server { listen 443 ssl http2; ssl_certificate server.crt; ssl_certificate_key server.key;      location / {         grpc_pass grpc://localhost: 50051;     } } • Configure SSL and HTTP/2 as usual • Go sample application needs to modified to point to NGINX IP Address and port.
  37. 37. d Active Health Checks upstream my_upstream { zone my_upstream 64k; server server1.example.com slow_start=30s; } server { # ... location /health { internal; health_check interval=5s uri=/test.php match=statusok; proxy_set_header HOST www.example.com; proxy_pass http://my_upstream; } match statusok { # Used for /test.php health check status 200; header Content-Type = text/html; body ~ "Server[0-9]+ is alive"; } • Polls /test.php every 5 seconds • If response is not 200, server marked as failed • If response body does not contain “ServerN is alive”, server marked as failed • Recovered/new servers will slowly ramp up traffic over 30 seconds • Exclusive to NGINX Plus
  38. 38. Sticky Cookie Session Persistence upstream my_upstream { server server1.example.com; server server2.example.com; sticky cookie name expires=1h domain=.example.com path=/; } • NGINX will insert a cookie using the specified name • expires defines how long the cookie is valid for. The default is for the cookie to expire at the end of the browser session. • domain specifies the domain the cookie is valid for. If not specified, domain field of cookie is left blank • path specifies the path the cookie is set for. If not specified, path field of cookie is left blank • Exclusive to NGINX Plus
  39. 39. NGINX Stub Status Module server { location /basic_status { stub_status; } } • Provides aggregated NGINX statistics • Access should be locked down so its not publically visible $ curl http://www.example.com/basic_status Active connections: 1 server accepts handled requests 7 7 7 Reading: 0 Writing: 1 Waiting: 0
  40. 40. NGINX Plus Extended Status • Provides detailed NGINX Plus statistics • Over 40+ additional metrics • JSON data output • Monitoring GUI also available, see demo.nginx.com • Exclusive to NGINX Plus server { listen 8080; location /api { api write=on; # Limit access to the API allow 10.0.0.0/8; deny all; } location = /dashboard.html { root /usr/share/nginx/html; }
  41. 41. NGINX Access Logs 192.168.179.1 - - [15/May/2017:16:36:25 -0700] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:26 -0700] "GET /favicon.ico HTTP/1.1" 404 571 "http://fmemon-redhat.local/" “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" 192.168.179.1 - - [15/May/2017:16:36:31 -0700] "GET /basic_status HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-" • Enabled by default, can be shut off by adding “access_log off” to improve performance • By default lists client IP, date, request , referrer, user agent, etc. Can add additional NGINX variables, see nginx.org/en/docs/varindex.html • Log format configurable with the log_format directive
  42. 42. NGINX Controller
  43. 43. Application Delivery Module for NGINX Controller 43
  44. 44. MORE INFORMATION AT NGINX.COM
  45. 45. Request on that page. nginx.com/developer-license
  46. 46. Kevin Jones kevin.jones@nginx.com Thank you for coming!!! nginx.com | @nginxinc @kevinjonescreates @kevinjonescreates @webopsx /kevin-jones-19b17b47

I will be giving a brief overview of the history of NGINX along with an overview of the features and functionality in the project as it stands today. I will give some real use case of example of how NGINX can be used to solve problems and eliminate complexity within infrastructure. I will then dive into the future of the modern web and how NGINX is monitoring and leveraging industry changes to enhance the product for individuals and companies in the industry.

Views

Total views

335

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

10

Shares

0

Comments

0

Likes

0

×