Nginx - The webserver you might actually like
-
Upload
edorian -
Category
Technology
-
view
1.867 -
download
0
description
Transcript of Nginx - The webserver you might actually like
NGINXTHE WEB SERVER YOU MIGHT ACTUALLY LIKE
ABOUT MEPHP since 10 yearsCICleanCodeDevOpsTDDShipping
WORKING FOR
ResearchGate gives science back to the people who make it happen.
We help researchers build reputation and accelerate scientificprogress.
On their terms.
GET IN TOUCH
stackoverflow: Twitter: @__edorianXing / G+: Volker DuschIRC: edorianMail: [email protected]
LET'S GO
WHY ANOTHER WEBSERVER?
WHY NOT LIGHTTPD?
THE BASICSIntroMultiple Servers / DomainsStatic contentSSLError pagesRewritesAuthCachingLoad BalancingProxyPHP!
INTRO/etc/nginx/nginx.conf/etc/nginx/conf.d/*.conf
NGINX CONF BASICSuser nginx;worker_processes 6;worker_cpu_affinity 000001 000010 000100 001000 010000 100000;
error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;
events { worker_connections 1024;}
NGINX CONFIGURATION
These don't have to be in the same file. Just "include" .conf files.
http { // ... server { // ... location { // ... } }}
NGINX CONF: BASICShttp { include /etc/nginx/mime.types; default_type application/octet-stream;
access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;}
SERVERSserver { server_name *.wallbash.com *.wallbash.de; listen 80; // ...}
server { server_name _; listen 80; // ...}
STATIC CONTENTlocation / { root /var/www/myApp/html/}
FANCY STATIC CONTENTlocation ~ ̂\/(js|img|css) {}
DENY ACCESS TO ALL .DOT-FILESlocation ~ /\. { access_log off; log_not_found off; deny all;}
SSLserver { server_name _; listen 80; listen 443 ssl;}
SSL - THE WHOLE STORYssl_certificate wildcard.crt;ssl_certificate_key wildcard.key;
ssl_session_timeout 5m;ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;ssl_ecdh_curve secp521r1;
REWRITESserver { server_name http://*; listen 80; rewrite ̂ https://$host$request_uri permanent;}
ERROR PAGESerror_page 500 501 502 503 504 /500.html;
location /500.html { internal;}
location /500 { return 500;}
CACHINGlocation ~ ̂\/(js|img|css) { expires 14d;}
CACHING - IN MEMCACHE!server { location / { set $memcached_key $uri; memcached_pass name:11211; default_type text/html; error_page 404 @fallback; }}
memcached_gzip_flag 2;gunzip on;
AUTHlocation / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/myApp.htpasswd;}
LOAD BALANCINGupstream web_workers { server www1.example.com; server www2.example.com; server www3.example.com; server www4.example.com;}
LOAD BALANCING LEGACYupstream web_workers { ip_hash; server www1.example.com; server www2.example.com; server www3.example.com; server www4.example.com;}
PROXYlocation / { proxy_pass http://localhost:8000; proxy_set_header X-Real-IP $remote_addr; proxy_cache zone;}
PHP!
PHP-FPM!?!FastCGI Process Manager
FPM-CONFIG[myApp]
listen = 9000
;listen.allowed_clients = 127.0.0.1
user = phpgroup = php
pm = dynamicpm.max_children = 50pm.start_servers = 5pm.min_spare_servers = 5pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/myApp-slow.log
NGINX + PHPModern frameworks
location / { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /var/www/myApp/index.php; include fastcgi_params;}
SUPPORTS ANY LAYOUTlocation / { try_files $uri $uri/ /index.php;}
REALLY SUPPORTS ANY LAYOUT
Make /foo/ go to .../foo/index.php
location ~ ̂.+\.php { fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/myApp/src$fastcgi_script_name;}
SCALING!location / { fastcgi_pass anontherServer:9000; fastcgi_param SCRIPT_FILENAME /var/www/myApp/html/index.php; include fastcgi_params;}
THANKS HELGI!@hhttp://helgi.ws/Further reading:https://speakerdeck.com/u/helgi/p/cranking-nginx-to-11-phptek-2012
THANK YOU