Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
5 things
you didn’t know
NGINX could do
Sarah Novotny
Nginx, Inc.
Many people know NGINX as an HTTP request and load
balancing server that powers many of the world's busiest
websites. But,...
What is NGINX?
Internet
N
Web Server
Serve content from disk
Application Server
FastCGI, uWSGI, Passenger…
Proxy
Caching, ...
143,000,000
Websites
NGINX Accelerates
Advanced Features
Bandwidth Management
Content-based Routing
Request Manipulation
Response Rewriting
Application Acce...
22%
Top 1 million websites
37%
Top 1,000 websites
Those 5 things --
1. Compress assets for delivery
2. Stop form spamming
3. Protect Apache from thread exhaustion attacks
4...
1. Compress data to reduce
bandwidth
• Reduce bandwidth requirements per client
– Content Compression reduces text and HTM...
HTTP gzip module
• Provides Gzip capabilities so that responses from
NGINX are compressed to reduce file size
• Directives...
Gzip example
© Copyright 2014 by ServiceRocket, Inc. |
All Rights Reserved | Prepared for Nginx,
Inc.
10
It is not
advisab...
HTTP image filter
• Provides inline image manipulation to
transform images for optimal delivery
• Directives can be used i...
HTTP image filter example
12
location /img/ {
proxy_pass http://backend;
image_filter resize 150 100;
image_filter rotate ...
We talk about the ‘N second rule’:
– 10 seconds
(Jakob Nielsen, March 1997)
– 8 seconds
(Zona Research, June 2001)
– 4 sec...
2. Stop brute force retries
• Stop brute force password attacks
• Stop form spamming
– Use the NGINX limit request module
HTTP limit req module
• Allows granular control of request processing
rate
• Directives an be used in http, server and
loc...
HTTP limit req module
http {
limit_req_zone $binary_remote_addr zone=one:10m
rate=1r/s;
…
server {
…
location /search/ {
l...
3. Protect Apache from thread
exhaustion attacks
• Use NGINX in front of Apache
• Mitigates ‘slow loris’, ‘keep dead’ and ...
What is thread exhaustion?
http process
http process
http process
http process
http process
http process
http process
Clie...
How NGINX mitigates thread
exhaustion
N
Large numbers of clients,
with long-term keepalive connections
NGINX reduces conne...
4. Rewrite content inline
• Use the power of substitution to simplify updates
• Directives can be used in the http, server...
HTTP sub module example
21
location / {
sub_filter_once off;
sub_filter_types text/html;
sub_filter “__copyright_date__” “...
5. Online Binary updates and
configuration changes
• Update either the configuration files or the
binary without losing an...
Configuration file update
23
[root@localhost ~]# nginx -s reload
[root@localhost ~]#
24
Yep. It’s that simple
Binary update
• Choose your method of binary installation
• Replace the binary
[root@localhost ~]# cat /var/run/nginx.pid
...
Binary update
[root@localhost ~]# ps -ef |grep nginx
root 1991 1 0 08:06 ? 00:00:00 nginx: master
process /usr/sbin/nginx ...
Binary update
[root@localhost ~]# kill –WINCH 1991
• Verify things are working as expected
(you can still back out gracefu...
Bonus:
nginx –V gives a nearly
complete configuration
script for compiling
[root@localhost ~]# nginx -V
nginx version: nginx/1.5.7
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI suppor...
More resources
• Check out our blog on nginx.com
• Webinars: nginx.com/webinars
Try NGINX F/OSS (nginx.org) or NGINX Plus
...
Thanks for your time!
@sarahnovotny
Evangelist, NGINX
Program Chair, OSCON
Upcoming SlideShare
Loading in …5
×

of

5 things you didn't know nginx could do Slide 1 5 things you didn't know nginx could do Slide 2 5 things you didn't know nginx could do Slide 3 5 things you didn't know nginx could do Slide 4 5 things you didn't know nginx could do Slide 5 5 things you didn't know nginx could do Slide 6 5 things you didn't know nginx could do Slide 7 5 things you didn't know nginx could do Slide 8 5 things you didn't know nginx could do Slide 9 5 things you didn't know nginx could do Slide 10 5 things you didn't know nginx could do Slide 11 5 things you didn't know nginx could do Slide 12 5 things you didn't know nginx could do Slide 13 5 things you didn't know nginx could do Slide 14 5 things you didn't know nginx could do Slide 15 5 things you didn't know nginx could do Slide 16 5 things you didn't know nginx could do Slide 17 5 things you didn't know nginx could do Slide 18 5 things you didn't know nginx could do Slide 19 5 things you didn't know nginx could do Slide 20 5 things you didn't know nginx could do Slide 21 5 things you didn't know nginx could do Slide 22 5 things you didn't know nginx could do Slide 23 5 things you didn't know nginx could do Slide 24 5 things you didn't know nginx could do Slide 25 5 things you didn't know nginx could do Slide 26 5 things you didn't know nginx could do Slide 27 5 things you didn't know nginx could do Slide 28 5 things you didn't know nginx could do Slide 29 5 things you didn't know nginx could do Slide 30 5 things you didn't know nginx could do Slide 31
Upcoming SlideShare
5 things you didn't know nginx could do velocity
Next
Download to read offline and view in fullscreen.

16 Likes

Share

Download to read offline

5 things you didn't know nginx could do

Download to read offline

NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

5 things you didn't know nginx could do

  1. 1. 5 things you didn’t know NGINX could do Sarah Novotny Nginx, Inc.
  2. 2. Many people know NGINX as an HTTP request and load balancing server that powers many of the world's busiest websites. But, there are a lot of ancillary pieces that go into the software to make it a whole web application accelerator.
  3. 3. What is NGINX? Internet N Web Server Serve content from disk Application Server FastCGI, uWSGI, Passenger… Proxy Caching, Load Balancing… HTTP traffic
  4. 4. 143,000,000 Websites NGINX Accelerates
  5. 5. Advanced Features Bandwidth Management Content-based Routing Request Manipulation Response Rewriting Application Acceleration SSL and SPDY termination Authentication Video Delivery Mail Proxy GeoLocation Performance Monitoring High Availability
  6. 6. 22% Top 1 million websites 37% Top 1,000 websites
  7. 7. Those 5 things -- 1. Compress assets for delivery 2. Stop form spamming 3. Protect Apache from thread exhaustion attacks 4. Rewrite content inline 5. Online updates Bonus: determine a nearly complete command for the configure script
  8. 8. 1. Compress data to reduce bandwidth • Reduce bandwidth requirements per client – Content Compression reduces text and HTML – Image resampling reduces image sizes
  9. 9. HTTP gzip module • Provides Gzip capabilities so that responses from NGINX are compressed to reduce file size • Directives can be used in the http, server and location contexts • Key directives – gzip – gzip_types – gzip_proxied © Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx, Inc. 9
  10. 10. Gzip example © Copyright 2014 by ServiceRocket, Inc. | All Rights Reserved | Prepared for Nginx, Inc. 10 It is not advisable to enable gzip for binary content types such as images, word documents or videos Enable gzip gzip on; Apply gzip for text, html and CSS gzip_types text/plain text/html text/css; Enable gzip compression for any proxied request gzip_proxy any;
  11. 11. HTTP image filter • Provides inline image manipulation to transform images for optimal delivery • Directives can be used in the location context • Key directives – image_filter size; – image_filter resize width height; – image_filter crop width height; 11
  12. 12. HTTP image filter example 12 location /img/ { proxy_pass http://backend; image_filter resize 150 100; image_filter rotate 90; error_page 415 = /empty; } location = /empty { empty_gif; }
  13. 13. We talk about the ‘N second rule’: – 10 seconds (Jakob Nielsen, March 1997) – 8 seconds (Zona Research, June 2001) – 4 seconds (Jupiter Research, June 2006) – 3 seconds (PhocusWright, March 2010)
  14. 14. 2. Stop brute force retries • Stop brute force password attacks • Stop form spamming – Use the NGINX limit request module
  15. 15. HTTP limit req module • Allows granular control of request processing rate • Directives an be used in http, server and location contexts • Key directives – limit_req_zone – limit_req
  16. 16. HTTP limit req module http { limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; … server { … location /search/ { limit_req zone=one burst=5; } } }
  17. 17. 3. Protect Apache from thread exhaustion attacks • Use NGINX in front of Apache • Mitigates ‘slow loris’, ‘keep dead’ and ‘front page of hacker news’ attacks
  18. 18. What is thread exhaustion? http process http process http process http process http process http process http process Client-side: Multiple Connections HTTP Keepalives Server-side: Limited concurrency
  19. 19. How NGINX mitigates thread exhaustion N Large numbers of clients, with long-term keepalive connections NGINX reduces connections to the minimum number necessary
  20. 20. 4. Rewrite content inline • Use the power of substitution to simplify updates • Directives can be used in the http, server and location contexts • Key directives – sub_filter_once – sub_filter – sub_filter_types
  21. 21. HTTP sub module example 21 location / { sub_filter_once off; sub_filter_types text/html; sub_filter “__copyright_date__” “2014”; }
  22. 22. 5. Online Binary updates and configuration changes • Update either the configuration files or the binary without losing any connections
  23. 23. Configuration file update 23 [root@localhost ~]# nginx -s reload [root@localhost ~]#
  24. 24. 24 Yep. It’s that simple
  25. 25. Binary update • Choose your method of binary installation • Replace the binary [root@localhost ~]# cat /var/run/nginx.pid 1991 [root@localhost ~]# kill –USR2 1991
  26. 26. Binary update [root@localhost ~]# ps -ef |grep nginx root 1991 1 0 08:06 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 2974 1991 0 08:22 ? 00:00:00 nginx: worker process nginx 2975 1991 0 08:22 ? 00:00:00 nginx: worker process root 3123 2948 0 08:43 pts/0 00:00:00 grep nginx root 3124 1991 0 08:43 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
  27. 27. Binary update [root@localhost ~]# kill –WINCH 1991 • Verify things are working as expected (you can still back out gracefully at this point) [root@localhost ~]# kill –QUIT 1991
  28. 28. Bonus: nginx –V gives a nearly complete configuration script for compiling
  29. 29. [root@localhost ~]# nginx -V nginx version: nginx/1.5.7 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx/ --sbin- path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error- log-path=/var/log/nginx/error.log --http-log- path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid -- lock-path=/var/run/nginx.lock --http-client-body-temp- path=/var/cache/nginx/client_temp --http-proxy-temp- path=/var/cache/nginx/proxy_temp --http-fastcgi-temp- path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp- path=/var/cache/nginx/uwsgi_temp --http-scgi-temp- path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with- http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --etc
  30. 30. More resources • Check out our blog on nginx.com • Webinars: nginx.com/webinars Try NGINX F/OSS (nginx.org) or NGINX Plus (nginx.com)
  31. 31. Thanks for your time! @sarahnovotny Evangelist, NGINX Program Chair, OSCON
  • nabilshahzain

    Mar. 17, 2021
  • JunshanHe

    Dec. 17, 2015
  • hanxue

    Oct. 27, 2015
  • progger_chen

    Sep. 18, 2015
  • slashsbin

    Sep. 1, 2015
  • jholze

    May. 24, 2015
  • RaphaelPrader

    Apr. 28, 2015
  • rsanjay

    Mar. 27, 2015
  • j3ffyang

    Feb. 24, 2015
  • theexperiences

    Feb. 14, 2015
  • ertugerata

    Jan. 21, 2015
  • nordicdyno

    Jan. 18, 2015
  • visarz

    Jan. 17, 2015
  • azder

    Jan. 16, 2015
  • tiduronline1

    Jan. 16, 2015
  • hz20040

    Oct. 9, 2014

NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.

Views

Total views

8,453

On Slideshare

0

From embeds

0

Number of embeds

102

Actions

Downloads

82

Shares

0

Comments

0

Likes

16

×