Nginx: The power within

Slide 1

Slide 1 text

Helgi Þormar Þorbjörnsson DPC, Amsterdam, 2013 Nginx The power within

Slide 2

Slide 2 text

Co-founded Orchestra.io Work at EngineYard PEAR Developer From Iceland @h on Twitter Helgi

Slide 3

Slide 3 text

Nginx Just a web server?

Slide 4

Slide 4 text

✓ Web Server ✓ Proxy ✓ Cache ✓ Mail Proxy ✓ And more! No! It’s so much more!

Slide 5

Slide 5 text

Important for tweaking

Slide 6

Slide 6 text

Always run conﬁgtest before doing anything!

Slide 7

Slide 7 text

Reload (HUP Signal)

Slide 8

Slide 8 text

Reload (HUP Signal) ‣ Reloads conﬁg ‣ Starts up new workers ‣ Old workers stop listening ‣ Finish up any work they have

Slide 9

Slide 9 text

Upgrade (USR2 Signal)

Slide 10

Slide 10 text

Upgrade (USR2 Signal) ‣ Live upgrade of Nginx executable ‣ Starts up a new Master ‣ Run in parallel ‣ Old Workers gracefully shutdown ‣ Old Master can be brought back

Slide 11

Slide 11 text

Requires --with-debug during build time error_log /path/to/log debug; Debugging

Slide 12

Slide 12 text

server { error_log /path/to/log; location /conference { error_log /path/to/log debug; } } Debugging

Slide 13

Slide 13 text

events { debug_connection 1.2.3.4; debug_connection 1.2.3.0/24; } Connection Specific

Slide 14

Slide 14 text

Rewrite Log entries are notice level rewrite_log on; error_log /path/to/log notice; Debug Rewrite Rules

Slide 15

Slide 15 text

Rewrite Module

Slide 16

Slide 16 text

Regex (PCRE)

Slide 17

Slide 17 text

Responsible for all if statements, ﬁle exists checks, returns and more.

Slide 18

Slide 18 text

Can work with most Nginx variables such as $http_cookie, $request_method, $user_agent, $uri and countless others.

Slide 19

Slide 19 text

j.mp/nginx_variables List of variables

Slide 20

Slide 20 text

The power of SET Text set $helgi “Hi”;

Slide 21

Slide 21 text

Forward Domains server { server_name www.helgi.ws; return 301 $scheme://helgi.ws$request_uri; }

Slide 22

Slide 22 text

Load Balancing

Slide 23

Slide 23 text

upstream web_workers { server www1.example.com; server www2.example.com; server www3.example.com; server www4.example.com; } Simple Round Robin

Slide 24

Slide 24 text

Least Connection upstream web_workers { least_conn; server www1.example.com; server www2.example.com; server www3.example.com; server www4.example.com; }

Slide 25

Slide 25 text

upstream web_workers { ip_hash; server www1.example.com; server www2.example.com; server www3.example.com; server www4.example.com; } Consistent IP Routing

Slide 26

Slide 26 text

upstream web_workers { server www1.example.com; server www2.example.com weight=2 max_fails=2 fail_timeout=15; server www3.example.com weight=4 max_fails=3; server www4.example.com weight=4 max_fails=4 fail_timeout=20; keepalive 8; } Different Weights weight and ip_hash can work together in Nginx 1.3.1+

Slide 27

Slide 27 text

Cache

Slide 28

Slide 28 text

http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_cache_path /dev/shm/nginx levels=1:2 keys_zone=my-cache:8m max_size=2g inactive=600m; proxy_temp_path /dev/shm/nginx/tmp; proxy_cache_use_stale updating; server { location / { proxy_pass http://example.net; proxy_cache my-cache; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m; } } }

Slide 29

Slide 29 text

Headers

Slide 30

Slide 30 text

add_header add_header Set-Cookie "_orchestra=1; Max-Age=2; Path=/";

Slide 31

Slide 31 text

expires location ~* ^.+\.(jpg|js|jpeg|png)$ { expires 1h; }

Slide 32

Slide 32 text

Modules

Slide 33

Slide 33 text

cd /path/to/your/nginx/source ./configure --add-module= /usr/local/nginx/mod/headers-more/ make make install How to compile modules into nginx

Slide 34

Slide 34 text

j.mp/MoreHeaders Introducing HttpHeadersMoreModule

Slide 35

Slide 35 text

more_set_headers 'Server: My-Temple'; # set and clear output headers location /bar { more_set_headers 'X-MyHeader: blah' 'X-MyHeader2: foo'; more_set_headers -t 'text/plain text/css' 'Content-Type: text/foo'; more_set_headers -s '400 404 500 503' -s 413 'Foo: Bar'; more_clear_headers 'Transfer-Encoding' 'Content-Type'; } # set output headers location /type { more_set_headers 'Content-Type: text/plain'; }

Slide 36

Slide 36 text

# set input headers location /foo { more_set_input_headers 'Host: London'; more_set_input_headers -t 'text/plain' 'X-PHP-UK: bah'; } # replace input header X-PHP-UK *only* if it already exists more_set_input_headers -r 'X-PHP-UK: howdy';

Slide 37

Slide 37 text

Blue Sky thinking!

Slide 38

Slide 38 text

Memcache

Slide 39

Slide 39 text

Nginx PHP Memcache Request Flow

Slide 40

Slide 40 text

Nginx PHP Memcache SET GET

Slide 41

Slide 41 text

location / { if ($request_method != GET) { rewrite . @fallback last; } # append an extenstion for proper MIME type detection if ($args ~* format=json) { rewrite ^/$uri/?(.*)$ /$uri.json$1 break; } if ($args ~* format=xml) { rewrite ^/$uri/?(.*)$ /$uri.xml$1 break; } if ($args ~* format=html) { default_type text/html; add_header "Content" "text/html; charset=utf8"; charset utf-8; } set $memcached_key "$uri?$args"; memcached_pass 127.0.0.1:2211; error_page 500 404 405 = @fallback; } location @fallback { /* pass to FastCGI */ }

Slide 42

Slide 42 text

set $memcached_key "$uri?$args"; memcached_pass 127.0.0.1:2211; error_page 500 404 405 = @fallback;

Slide 43

Slide 43 text

Set Misc Module j.mp/MiscModule

Slide 44

Slide 44 text

Provides various extras for the rewrite module

Slide 45

Slide 45 text

location /beer { set $amount $arg_amount; set_if_empty $amount 9999; } /beer?amount=12 /beer?amount=

Slide 46

Slide 46 text

location /beer { set $amount $arg_amount; set_if_empty $amount 9999; set_unescape_uri $name $amount; set_quote_sql_str $quoted_name $name; }

Slide 47

Slide 47 text

And more! set_md5 set_sha1 set_encode_base64 set_decode_base64 set_hmac_sha1 set_random set_secure_random_alphanum and more

Slide 48

Slide 48 text

location /coffee { set $raw “sekret”; set_sha1 $woop $raw; echo $woop; }

Slide 49

Slide 49 text

location /hmac { set $secret “superduper”; set $sign “I want this signed”; set_hmac_sha1 $signature $secret $sign; set_encode_base64 $signature $signature echo $signature; }

Slide 50

Slide 50 text

MySQL

Slide 51

Slide 51 text

drizzle-nginx-module j.mp/DrizzleModule

Slide 52

Slide 52 text

upstream mysql_backend { drizzle_server 127.0.0.1:3306 dbname=test password=some_pass user=web charset=utf8 protocol=mysql; }

Slide 53

Slide 53 text

location /secret { set_unescape_uri $name $arg_name; set_quote_sql_str $quoted_name $name; drizzle_query "INSERT INTO agents (name) VALUES ($quoted_name)"; drizzle_pass mysql_backend; }

Slide 54

Slide 54 text

j.mp/FormModule Nginx doesn’t expose POST as a variable

Slide 55

Slide 55 text

location /secret { set_unescape_uri $name $arg_name; set_quote_sql_str $quoted_name $name; drizzle_query "SELECT * FROM agents WHERE name = $quoted_name"; drizzle_pass mysql_backend; }

Slide 56

Slide 56 text

Does not output JSON by default

Slide 57

Slide 57 text

JSON + CSV Output

Slide 58

Slide 58 text

j.mp/rds-json j.mp/rds-csv

Slide 59

Slide 59 text

location /secret { set_unescape_uri $name $arg_name; set_quote_sql_str $quoted_name $name; drizzle_query "SELECT * FROM agents WHERE name = $quoted_name"; drizzle_pass mysql_backend; rds_json on; }

Slide 60

Slide 60 text

Questions? @h helgi@engineyard.com Please rate at joind.in/8611