HOWTO: Configure nginx for Debian / Ubuntu
UPDATE: I’m reworking my config blending in the security ideas found on camomel.org they’re really thought things through on this, this should make for a very secure environment.
I’m always trying new software, and with the webserver I’ve moved from Apache 1.3 to 2.0 to 2.2, and then later I moved everything over to Lighttpd, which I’ve liked, save for some memory issues that popped up. Now, enter a web server named nginx (engine x), written by a Russian hacker. It’s already proved it’s meddle by running some of the largest Russian sites for years now. It has the speed of Lighttpd, but with none of that memory weirdness, plus it uses a fraction of the CPU, so scaling should be smooth for highly visited sites. It also does cool things like load balancing, reverse proxy, IMAP and POP proxy, etc, so I can see it being used in a variety of ways on a network. It took me some time to understand how to configure it, which was a case of me just making it harder than it really is, so I wanted to post it here. Look for updates as we go along, but this is currently backing a Production site I manage.
user www-data www-data;
worker_processes 5;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr $host $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent" '
'"$request_time" "$gzip_ratio"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
#gzip_proxied expired no-cache no-store private auth;
gzip_proxied any;
gzip_min_length 1000;
gzip_types text/plain text/html text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server {
listen 80;
client_max_body_size 50M;
server_name server.domain.com;
root /var/www;
index index.html index.php;
access_log /var/log/nginx/access.log main;
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www;
}
location ~* ^.+.(jpg|jpeg|gif)$ {
root /var/www;
expires 30d;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
}
}
}
Tags: apache, lighttpd, linux, nginx, unix, webserver
Note to self, need to add SSL to this config - will try this first:
server {listen 443;
ssl on;
# path to your certificate
ssl_certificate /etc/nginx/certs/server.crt;
# path to your ssl key
ssl_certificate_key /etc/nginx/certs/server.key;
# put the rest of your server configuration here.
location / {
# set X-FORWARDED_PROTO so ssl_requirement plugin works
proxy_set_header X-FORWARDED_PROTO https;
# standard rails+mongrel configuration goes here.
}
}
And here’s a good overview on the rest:
http://rubypond.com/articles/2008/02/01/setting-up-nginx-ssl-and-virtual-hosts/
good coverage on utilizing memcached with nginx (something I’ve used before with Apache)
http://www.igvita.com/2008/02/11/nginx-and-memcached-a-400-boost/
and another idea about using perl to cache Wordpress sites
http://letsperl.in/perl/nginx-caching-wordpress
I too have started using Nginx for several of our websites. I have written several articles on Nginx configuration with special focus on virtual web site hosting, rewrite rules and more (linked from my name) which your viewers may find informative.
What is your experience of Nginx performance vis-a-vis Lighttpd?
Are you facing any problems?
@Angsuman Chakraborty
I haven’t had any problems, save for when I messed up something with PHP that broke fastcgi for the better part of the day, but that was my fault.
As for performance I haven’t done any real benchmarking, but I do know that it’s using far less resources and doesn’t get restarted every few days like lighttpd did.
oh, and to monitor and restart deamons I’m using the great monit - check it my comments on it here: http://fak3r.com/2008/02/19/howto-use-monit-to-keep-lighttpd-and-varnish-running/
Leave your response!
commentary »
Total borrowing from the Federal Reserve
What’s wrong with this picture? Can you say debt? Good, how about recession? Notice the gray areas, those are recession periods, we’ll wait for ours to appear here. Who thought it could get this bad this quickly? Here’s the graph at the Federal Reserve for you to research. Enjoy
humor »
HOWTO: send commandline email with attachments
Are you like me, do you have scripts running on servers and you need to know what they know? If there’s output in a file you can sed/grep/awk info out of them and have them emailed to you, but if you don’t know specifically what you’re looking for you may need the entire file/log/whatever. [...]
O'RLY? »
Equal Rights for All
Here’s a great, recent News of the Weird article,”Roy Hollander filed a civil rights lawsuit against Columbia University in New York City in August, claiming that its “women’s studies” curriculum teaches a religion-like philosophy that oppresses men by blaming them for nearly all social problems. (When interviewed by the New York Daily News, Hollander declined [...]
twitter-tweets »
Army: Twitter could be a terrorist tool
Hmmm…so the Army has claimed that terrorists may be ‘tweeting’ along to plan and organize attacks. Well yeah, I guess they could use Gmail, Slashdot comments and other things the same way, it seems their claim is that since this is more ‘real time’ it could be a danger. Ok, oh, and they [...]
sponsors »
get a student loan fast - compare loans in 2 clicks. good credit required.
we read »
be social »
we support »
tag cloud »
apple bands barack barack obama beer bsd cds code debian dubya election email features gamer hacker health hillary howto iphone lighttpd linux music muzak networking newstudy obama open source phishing politics privacy quote religion rock and roll security spam tech terror the daily show tour tv varnish video games vote web wiiRandom Posts
Latest Video Post
Most Commented
Most Popular