NGINXTHE WEB SERVER YOU MIGHT ACTUALLY LIKE

ABOUT MESoftware EngineerPHP since 10 yearsCICleanCodeDevOpsTDDShippingBullet points

INSTEAD OF ME

LET'S GO

WHY ANOTHER WEBSERVER?

WHY NOT LIGHTTPD?

THE BASICSIntroMultiple Servers / DomainsStatic contentCachingSSLError pagesRewritesAuthLoad BalancingProxyPHP!Fancy PHP!

INTROsudo apt-get install nginx

/etc/nginx/nginx.conf/etc/nginx/conf.d/*.conf

NGINX CONF BASICS/etc/nginx/nginx.conf

user nginx;worker_processes 4;worker_cpu_affinity 0001 0010 0100 1000;

error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;

events { worker_connections 1024;}

NGINX CONF BASICS/etc/nginx/nginx.conf

http { include /etc/nginx/mime.types; default_type application/octet-stream;

access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65;

include /etc/nginx/conf.d/*.conf;}

SERVERS/etc/nginx/conf.d/mySite.conf/etc/nginx/sites-enabled/wallbash

server { server_name wallbash.com wallbash.de; listen 80; root /var/www/myApp/html/ // ...}

server { server_name _; listen 80; root /var/www/myOtherApp/html/}

STATIC CONTENT/etc/nginx/conf.d/anyConfig.conf

server { // ...

location / { }}

FANCY STATIC CONTENTInside Server Blocks

location ~ ̂\/(js|img|css|downloads)\/ {}

location ~ \.(js|css|png|gif|jpg|pdf)$ {}

CACHINGlocation ~ ̂\/(js|img|css)\/ { expires 14d;}

DENY ACCESS TO ALL .DOT-FILESInside Server Blocks

location ~ /\. { access_log off; log_not_found off; deny all;}

SSL

Or just

server { server_name _; listen 443; ssl on;}

server { listen 443 default_server ssl;}

SSL - CONFIGssl_certificate wildcard.crt;ssl_certificate_key wildcard.key;

ssl_session_timeout 5m;ssl_session_cache shared:SSL:10m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;ssl_ecdh_curve secp521r1;

ERROR PAGES

STARTUP BONUS:

error_page 500 501 502 503 504 /500.html;

location /500.html { internal;}

server { server_name *nextBigThing.io;

location /500 { return 500; }}

REWRITES

HTTPS ALL THE THINGS

OLDSCHOOL

server { server_name _; listen 80; rewrite ̂ https://$host$request_uri permanent;}

rewrite ̂/users/(.+)$ /show?user=$1? last;

AUTHlocation / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/myApp.htpasswd;}

LOAD BALANCINGupstream web_workers { server www1.example.com; server www2.example.com; server www3.example.com;}

LOAD BALANCING LEGACYupstream web_workers { ip_hash; server www1.example.com; server www2.example.com; server www3.example.com;}

PROXYlocation / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_cache zone;

//Default: proxy_cache_key $scheme$proxy_host$uri$is_args$args;}

PHP!

PHP-FPM!?!FastCGI Process Manager

PROCESS MANAGEMENT FOR THE MASSESThink: "supervisord"; But without caring

sudo apt-get install php5-fpm

/etc/php5/fpm/php-fpm.conf

// Don't restart the webserver, restart php :)sudo service php5-fpm restart

FPM-CONFIG[myApp]listen = 9000;listen.allowed_clients = 127.0.0.1

user = phpgroup = php

request_terminate_timeout = 10

request_slowlog_timeout = 1slowlog = /var/log/php-fpm/myApp-slow.log

FPM-CONFIG - PROCESS MANAGEMENTpm = dynamicpm.max_children = 50pm.start_servers = 5pm.min_spare_servers = 5pm.max_spare_servers = 35

NGINX + PHPlocation / { fastcgi_pass 127.0.01.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}

APPLICATION SERVERS!location / { fastcgi_pass anontherServer:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}

SCALING!location / { fastcgi_pass workers; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}

upstream workers { server App1:9000; server App2:9000; server 192.168.10.3:9000;}

THANK YOU