SlideShare a Scribd company logo

Best Practices for Getting Started with NGINX Open Source

N
NGINX, Inc.

Best Practices for Getting Started with NGINX Open Source You already use NGINX, but can you take its performance "over 9000"? Alessandro Fael Garcia, Senior Solution Engineer for NGINX, describes best practices for configuring NGINX as a reverse proxy, load balancer, and cache, and how small adjustments with NGINX directives can improve performance. Speakers: Alessandro Fael Garcia

Software
1 of 29
Download to read offline
Best Practices for Getting Started with NGINX Open Source Alessandro Fael Garcia Senior Solutions Engineer – Community & Alliances
©2022 F5 2 Source: https://news.netcraft.com/archives/2022/06/30/june-2022-web-server-survey.html
©2022 F5 3
©2022 F5 4 Installing NGINX Best practices
©2022 F5 5 Use the NGINX Open Source official repository! https://nginx.org/en/linux_packages.html
©2022 F5 6 TIL • nginx –t → Check if NGINX configuration is valid • nginx –T → Dump full NGINX configuration • nginx –v → Print NGINX version • nginx –V → Print NGINX package config arguments • nginx –s <start/stop/reload> → Start NGINX; stop (kill) NGINX; reload NGINX configuration (gracefully) Key NGINX Commands
©2022 F5 7 /etc/nginx/nginx.conf • Main NGINX configuration file • Global settings • Contains sensible defaults (when installing NGINX from our official repositories) • Avoid modifying unless you know what you are doing (defaults will work out of the box for >80% of use cases) • Includes HTTP block (adding a Stream block is one of the few cases where you’d want to modify the file) /etc/nginx/conf.d/*.conf • Default directory for additional NGINX configuration files • By default, files here are contained within the HTTP context • default.conf includes sample configuration with the NGINX default landing page • Start with a single configuration file, split your configuration into further files as necessary Recommended NGINX Directory Structure Defaults? What defaults?!
©2022 F5 8 Use Let’s Encrypt and Certbot for easy certs! https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
©2022 F5 9 Tuning NGINX One step at a time
©2022 F5 10 nginx.conf nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; proxy_cache_lock on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; ... } } }
©2022 F5 11 worker_processes nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Make sure you spawn one NGINX worker process per CPU core (default: 1)
©2022 F5 12 worker_connections & worker_rlimit_nofile nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } a) Increase the worker connections to >1024 (default: 512) b) Increase the limit on the maximum number of open files to at least twice the number of worker connections (default: system limit)
©2022 F5 13 access_log nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } • Turn off the access log for extra performance (default: on) or • Set a buffer or a time to only write logs at an interval (default: off)
©2022 F5 14 keepalive nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Use keepalives to keep connections to upstream servers open (default: 0) → You will need to set HTTP to 1.1 and rewrite the Connection header
©2022 F5 15 ssl_session_cache nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Cache and share your SSL sessions between all your NGINX processes (default: disabled)
©2022 F5 16 proxy_cache_lock nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Send only one request to the upstream server when there are multiple cache misses for the same file (default: off)
©2022 F5 17 Recap nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } • Make sure you spawn one NGINX worker process per CPU core (default: 1) • Increase the worker connections to >1024 (default: 512) • Increase the limit on the maximum number of open files to at least twice the number of worker connections (default: system limit) • Turn off the access log for extra performance (default: on) • Set a buffer or a time to only write logs at an interval (default: off) • Use keepalives to keep connections to upstream servers open (default: 0) → You will need to set HTTP to 1.1 and rewrite the Connection header • Cache and share your SSL sessions between all your NGINX processes (default: disabled) • Send only one request to the upstream server when there are multiple cache misses for the same file (default: off)
©2022 F5 18 Common NGINX Mistakes That we’ve all made at some stage
©2022 F5 19 error_log nginx.conf 1 2 3 ... error_log off; ... nginx.conf 1 2 3 ... error_log /dev/null emerg; ... Creates an error log named off Redirects error log data to /dev/null
©2022 F5 20 Directive inheritance is not additive nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 http { add_header HTTP_HEADER; ... server { add_header HTTP_HEADER; ... location / { add_header HTTP_HEADER; add_header LOCATION_HEADER: ... } } } Sets directive Inherits directive Overrides directive
©2022 F5 21 ip_hash nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 http { ... upstream { ip_hash; server 10.10.20.105:8080; server 10.10.20.106:8080; server 10.10.20.108:8080; } server { ... } } If all your traffic comes from the same CIDR block, use hash or any other load balancing algorithm instead
©2022 F5 22 proxy_buffering nginx.conf 1 2 3 4 http { proxy_buffering off; ... } Avoiding buffers might speed up the initial response to your client, but it might also saturate your open connections
©2022 F5 23 stub_status nginx.conf 1 2 3 4 5 6 server { ... location = /status { stub_status; } } nginx.conf 1 2 3 4 5 6 7 8 9 10 11 server { ... location = /status { satisfy any; auth_basic “closed site”; auth_basic_user_file conf.d/.htpasswd; allow 192.168.1.0/24; deny all; stub_status; } } Everyone can access your data Secure access to your data
©2022 F5 24 proxy_pass nginx.conf 1 2 3 4 5 6 7 8 9 10 http { ... server { ... location / { ... proxy_pass http://localhost:3000/; } } } nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 http { ... upstream node_backend { zone upstreams 64K; hash; server 127.0.0.1:3000 max_fails=1 fail_timeout=2s; server 127.0.0.1:5000 max_fails=1 fail_timeout=2s; keepalive 4; } server { ... location / { ... proxy_next_upstream error timeout http_500; proxy_pass http://node_backend/; } } } Proxy to an upstream server directly • Load balance • Upstream stats • Keepalives • Passive health checks • Define behavior if the upstream servers go down
©2022 F5 25 If is Evil Much Computationally Expensive! Very Segfaults 😱 If only works as intended if you use return or rewrite inside your if block
©2022 F5 26 • error_log off != turn off the error log • Directive inheritance is not additive • ip_hash does not work for addresses under the same CIDR block • proxy_buffering off might lead unexpected saturated connections • Beware of not properly securing your stat locations • It’s better to proxy_pass to upstream groups than directly to an upstream server • If. Is. Evil. Recap
©2022 F5 27 Thankyouforattending! a.faelgarcia@f5.com alessfg @alessfg Alessandro Fael Garcia
©2022 F5 29 Further Resources • Performance-Tuning NGINX https://www.youtube.com/watch?v=YEdhuC2muOE • Best Practices for NGINX https://www.youtube.com/watch?v=pkHQCPXaimU • Avoiding the Top 10 NGINX Configuration Mistakes https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes • Tuning NGINX for Performance https://www.nginx.com/blog/tuning-nginx/

Recommended

How to Avoid the Top 5 NGINX Configuration Mistakes
How to Avoid the Top 5 NGINX Configuration MistakesHow to Avoid the Top 5 NGINX Configuration Mistakes
How to Avoid the Top 5 NGINX Configuration Mistakes
NGINX, Inc.
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
stupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfstupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdf
DaniloQueirozMota
 
Secrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on KubernetesSecrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
Amazon Web Services
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Vietnam Open Infrastructure User Group
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
Jerry Jalava
 
CICD Pipeline Using Github Actions
CICD Pipeline Using Github ActionsCICD Pipeline Using Github Actions
CICD Pipeline Using Github Actions
Kumar Shìvam
 

Recommended

How to Avoid the Top 5 NGINX Configuration Mistakes
How to Avoid the Top 5 NGINX Configuration MistakesHow to Avoid the Top 5 NGINX Configuration Mistakes
How to Avoid the Top 5 NGINX Configuration Mistakes
NGINX, Inc.
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
stupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdfstupid-simple-kubernetes-final.pdf
stupid-simple-kubernetes-final.pdf
DaniloQueirozMota
 
Secrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on KubernetesSecrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
Amazon Web Services
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Vietnam Open Infrastructure User Group
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
Jerry Jalava
 
CICD Pipeline Using Github Actions
CICD Pipeline Using Github ActionsCICD Pipeline Using Github Actions
CICD Pipeline Using Github Actions
Kumar Shìvam
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
CI-Jenkins.pptx
CI-Jenkins.pptxCI-Jenkins.pptx
CI-Jenkins.pptx
MEDOBEST1
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Vietnam Open Infrastructure User Group
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
Kevin Brockhoff
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Vietnam Open Infrastructure User Group
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
Knoldus Inc.
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
kubernetes, pourquoi et comment
kubernetes, pourquoi et commentkubernetes, pourquoi et comment
kubernetes, pourquoi et comment
Jean-Baptiste Claramonte
 
Nginx
NginxNginx
Nginx
Geeta Vinnakota
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Vietnam Open Infrastructure User Group
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CI
CEE-SEC(R)
 
DevOps with GitHub Actions
DevOps with GitHub ActionsDevOps with GitHub Actions
DevOps with GitHub Actions
Nilesh Gule
 
Getting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaGetting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and Grafana
Syah Dwi Prihatmoko
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
Brendan Gregg
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
alinalexandru
 

More Related Content

What's hot

Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
CI-Jenkins.pptx
CI-Jenkins.pptxCI-Jenkins.pptx
CI-Jenkins.pptx
MEDOBEST1
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Vietnam Open Infrastructure User Group
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
Kevin Brockhoff
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Vietnam Open Infrastructure User Group
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
Knoldus Inc.
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
kubernetes, pourquoi et comment
kubernetes, pourquoi et commentkubernetes, pourquoi et comment
kubernetes, pourquoi et comment
Jean-Baptiste Claramonte
 
Nginx
NginxNginx
Nginx
Geeta Vinnakota
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Vietnam Open Infrastructure User Group
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CI
CEE-SEC(R)
 
DevOps with GitHub Actions
DevOps with GitHub ActionsDevOps with GitHub Actions
DevOps with GitHub Actions
Nilesh Gule
 
Getting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaGetting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and Grafana
Syah Dwi Prihatmoko
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
Brendan Gregg
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 

What's hot (20)

Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
 
CI-Jenkins.pptx
CI-Jenkins.pptxCI-Jenkins.pptx
CI-Jenkins.pptx
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
 
kubernetes, pourquoi et comment
kubernetes, pourquoi et commentkubernetes, pourquoi et comment
kubernetes, pourquoi et comment
 
Nginx
NginxNginx
Nginx
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CI
 
DevOps with GitHub Actions
DevOps with GitHub ActionsDevOps with GitHub Actions
DevOps with GitHub Actions
 
Getting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and GrafanaGetting Started Monitoring with Prometheus and Grafana
Getting Started Monitoring with Prometheus and Grafana
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
 

Similar to Best Practices for Getting Started with NGINX Open Source

How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
alinalexandru
 
Load Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterLoad Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS Cluster
Kevin Jones
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
 
Open Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and DemoOpen Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and Demo
NGINX, Inc.
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
 
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
OW2
 
NGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App ServerNGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App Server
NGINX, Inc.
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
NGINX, Inc.
 
Sprint 17
Sprint 17Sprint 17
Sprint 17
ManageIQ
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
NETWAYS
 
Présentation "Docker + Kubernetes" @ Pastis.tech #2
Présentation "Docker + Kubernetes" @ Pastis.tech #2Présentation "Docker + Kubernetes" @ Pastis.tech #2
Présentation "Docker + Kubernetes" @ Pastis.tech #2
Blue Forest
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
Marcel Cattaneo
 
How to install nginx vs unicorn
How to install nginx vs unicornHow to install nginx vs unicorn
How to install nginx vs unicorn
baran19901990
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
NGINX, Inc.
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
NGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
Kevin Jones
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
Sylvain Rayé
 

Similar to Best Practices for Getting Started with NGINX Open Source (20)

How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
 
Load Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterLoad Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS Cluster
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
Open Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and DemoOpen Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and Demo
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
 
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
FaSilET² full end-to-end testing solution presented at OW2con'19, June 12-13,...
 
NGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App ServerNGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App Server
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
 
Sprint 17
Sprint 17Sprint 17
Sprint 17
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
 
Présentation "Docker + Kubernetes" @ Pastis.tech #2
Présentation "Docker + Kubernetes" @ Pastis.tech #2Présentation "Docker + Kubernetes" @ Pastis.tech #2
Présentation "Docker + Kubernetes" @ Pastis.tech #2
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
 
How to install nginx vs unicorn
How to install nginx vs unicornHow to install nginx vs unicorn
How to install nginx vs unicorn
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
3-sdn-lab.pdf
3-sdn-lab.pdf3-sdn-lab.pdf
3-sdn-lab.pdf
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
 

More from NGINX, Inc.

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
NGINX, Inc.
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
NGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
NGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
NGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
NGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティ
NGINX, Inc.
 
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
NGINX, Inc.
 

More from NGINX, Inc. (20)

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティ
 
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
 

Recently uploaded

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
QuickwayInfoSystems3
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
abdulrafaychaudhry
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
abdulrafaychaudhry
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 

Recently uploaded (20)

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 

Best Practices for Getting Started with NGINX Open Source

  • 1. Best Practices for Getting Started with NGINX Open Source Alessandro Fael Garcia Senior Solutions Engineer – Community & Alliances
  • 2. ©2022 F5 2 Source: https://news.netcraft.com/archives/2022/06/30/june-2022-web-server-survey.html
  • 5. ©2022 F5 5 Use the NGINX Open Source official repository! https://nginx.org/en/linux_packages.html
  • 6. ©2022 F5 6 TIL • nginx –t → Check if NGINX configuration is valid • nginx –T → Dump full NGINX configuration • nginx –v → Print NGINX version • nginx –V → Print NGINX package config arguments • nginx –s <start/stop/reload> → Start NGINX; stop (kill) NGINX; reload NGINX configuration (gracefully) Key NGINX Commands
  • 7. ©2022 F5 7 /etc/nginx/nginx.conf • Main NGINX configuration file • Global settings • Contains sensible defaults (when installing NGINX from our official repositories) • Avoid modifying unless you know what you are doing (defaults will work out of the box for >80% of use cases) • Includes HTTP block (adding a Stream block is one of the few cases where you’d want to modify the file) /etc/nginx/conf.d/*.conf • Default directory for additional NGINX configuration files • By default, files here are contained within the HTTP context • default.conf includes sample configuration with the NGINX default landing page • Start with a single configuration file, split your configuration into further files as necessary Recommended NGINX Directory Structure Defaults? What defaults?!
  • 8. ©2022 F5 8 Use Let’s Encrypt and Certbot for easy certs! https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
  • 10. ©2022 F5 10 nginx.conf nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; proxy_cache_lock on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; ... } } }
  • 11. ©2022 F5 11 worker_processes nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Make sure you spawn one NGINX worker process per CPU core (default: 1)
  • 12. ©2022 F5 12 worker_connections & worker_rlimit_nofile nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } a) Increase the worker connections to >1024 (default: 512) b) Increase the limit on the maximum number of open files to at least twice the number of worker connections (default: system limit)
  • 13. ©2022 F5 13 access_log nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } • Turn off the access log for extra performance (default: on) or • Set a buffer or a time to only write logs at an interval (default: off)
  • 14. ©2022 F5 14 keepalive nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Use keepalives to keep connections to upstream servers open (default: 0) → You will need to set HTTP to 1.1 and rewrite the Connection header
  • 15. ©2022 F5 15 ssl_session_cache nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Cache and share your SSL sessions between all your NGINX processes (default: disabled)
  • 16. ©2022 F5 16 proxy_cache_lock nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } Send only one request to the upstream server when there are multiple cache misses for the same file (default: off)
  • 17. ©2022 F5 17 Recap nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ... worker_processes auto; worker_rlimit_nofile 2048; ... events { worker_connections 1024; } http { access_log off; sendfile on; tcp_nopush on; ... upstream app { server w.x.y.z; keepalive 2; ... } server { access_log /var/log/nginx/access.log main buffer=512k flush=5m; ssl_session_cache shared:SSL:10m; ... location / { proxy_http_version 1.1; proxy_set_header Connection “”; proxy_pass http://app; proxy_cache_lock on; ... } } } • Make sure you spawn one NGINX worker process per CPU core (default: 1) • Increase the worker connections to >1024 (default: 512) • Increase the limit on the maximum number of open files to at least twice the number of worker connections (default: system limit) • Turn off the access log for extra performance (default: on) • Set a buffer or a time to only write logs at an interval (default: off) • Use keepalives to keep connections to upstream servers open (default: 0) → You will need to set HTTP to 1.1 and rewrite the Connection header • Cache and share your SSL sessions between all your NGINX processes (default: disabled) • Send only one request to the upstream server when there are multiple cache misses for the same file (default: off)
  • 18. ©2022 F5 18 Common NGINX Mistakes That we’ve all made at some stage
  • 19. ©2022 F5 19 error_log nginx.conf 1 2 3 ... error_log off; ... nginx.conf 1 2 3 ... error_log /dev/null emerg; ... Creates an error log named off Redirects error log data to /dev/null
  • 20. ©2022 F5 20 Directive inheritance is not additive nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 http { add_header HTTP_HEADER; ... server { add_header HTTP_HEADER; ... location / { add_header HTTP_HEADER; add_header LOCATION_HEADER: ... } } } Sets directive Inherits directive Overrides directive
  • 21. ©2022 F5 21 ip_hash nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 http { ... upstream { ip_hash; server 10.10.20.105:8080; server 10.10.20.106:8080; server 10.10.20.108:8080; } server { ... } } If all your traffic comes from the same CIDR block, use hash or any other load balancing algorithm instead
  • 22. ©2022 F5 22 proxy_buffering nginx.conf 1 2 3 4 http { proxy_buffering off; ... } Avoiding buffers might speed up the initial response to your client, but it might also saturate your open connections
  • 23. ©2022 F5 23 stub_status nginx.conf 1 2 3 4 5 6 server { ... location = /status { stub_status; } } nginx.conf 1 2 3 4 5 6 7 8 9 10 11 server { ... location = /status { satisfy any; auth_basic “closed site”; auth_basic_user_file conf.d/.htpasswd; allow 192.168.1.0/24; deny all; stub_status; } } Everyone can access your data Secure access to your data
  • 24. ©2022 F5 24 proxy_pass nginx.conf 1 2 3 4 5 6 7 8 9 10 http { ... server { ... location / { ... proxy_pass http://localhost:3000/; } } } nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 http { ... upstream node_backend { zone upstreams 64K; hash; server 127.0.0.1:3000 max_fails=1 fail_timeout=2s; server 127.0.0.1:5000 max_fails=1 fail_timeout=2s; keepalive 4; } server { ... location / { ... proxy_next_upstream error timeout http_500; proxy_pass http://node_backend/; } } } Proxy to an upstream server directly • Load balance • Upstream stats • Keepalives • Passive health checks • Define behavior if the upstream servers go down
  • 25. ©2022 F5 25 If is Evil Much Computationally Expensive! Very Segfaults 😱 If only works as intended if you use return or rewrite inside your if block
  • 26. ©2022 F5 26 • error_log off != turn off the error log • Directive inheritance is not additive • ip_hash does not work for addresses under the same CIDR block • proxy_buffering off might lead unexpected saturated connections • Beware of not properly securing your stat locations • It’s better to proxy_pass to upstream groups than directly to an upstream server • If. Is. Evil. Recap
  • 28.
  • 29. ©2022 F5 29 Further Resources • Performance-Tuning NGINX https://www.youtube.com/watch?v=YEdhuC2muOE • Best Practices for NGINX https://www.youtube.com/watch?v=pkHQCPXaimU • Avoiding the Top 10 NGINX Configuration Mistakes https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes • Tuning NGINX for Performance https://www.nginx.com/blog/tuning-nginx/