Обзор Типичных Конфигураций Для Nginx

[...] http://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/ [...]

[...] оригинал:  http://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/lang/ru/ [...]

[...] I’m not going to discuss all the options, but if you’re looking for what appears to be (at the moment) a setup that is a breeze to install and will churn out more requests/second than anything else, read on.One of the downsides to this setup is that the reverse proxy server we will be using, nginx, is a Russian project with almost no English documentation. Although, there seems to be at least two capable Rails developers (1, 2) who are vouching for its speed and stability. [...]

When using nginx in reverse proxy mode, is it possible to have nginx cache the result it got from the backend server (say for 1 minute) and just serve that without asking the backend server any more (until the 1 minute is up…)?

joe,
Actually, no. Nginx has only non-caching reverse proxying mode. But if your backend is some dynamic application on php/perl/java/etc, you can use memcached module to cache your answers and then nginx can get pages from cache.

I’m running nginx with a mongrel process in the background to serve RoR applications, but I’m having trouble getting nginx to serve static HTML pages from the document root. The server passes all requests, regardless of whether there is a directory/file in the document root to mongrel.

For reference, I’ve uploaded my configuration file to a different server: http://macographie.com/nginx.conf.txt

As you’ll see, I have two virtual hosts defined. Eventually, I would like to have both hosts capable of server both RoR applications and static server content.

Thanks in advance for any advice.

Thanks for the resource. How do you have nginx reverse-proxy to http and https for apache?

It looks really interesting, can’t wait to try it out.

2Ian: You can take a look at sample config file from nginx distribution. there is some https example.

All ideas are the same but you need some additional params in server section of config to assign specific certificates for virtual host.

2matthew: Take a look at my post about using nginx with rails and mongrel. there is some config file with rails caching support.

I just thought of something…

If nginx is running the ssl and reverse proxying to apache, does the _Apache_ have to be running ssl…or is the connection between nginx and apache encrypted. Just thought of that after reading some info on Pound and seeing how it acts as an SSL wrapper.

2Ian: AFAIU, you can setup non-encrypted connection between nginx and apache. As for pound, afair, it is simple tcp balancer, so it may require ssl on apache because it would simple proxy users connection on ISO Model Level 3.

Made a partial jump last night…

Fired up nginx running an ssl connection and reverse proxying it to Apache.

All seemed to work okay. Fired up Squirrelmail and was able to read messages just fine. I did notice a problem when I tried to send message. After I hit “send” in Squirrelmail, the page wouldn’t refresh to the message list, but stayed in the message edit page. The message DID get sent (I checked) but Squirrel wouldn’t leave the compose message page.

I checked the error logs for nginx and saw this message:

SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 aler
t bad certificate) while reading client request line, client: xxx.xxx.xxx.xxx, server: http://www.myserver.com

Here’s the server config:

server {
listen 443;
root /usr/local/apache/htdocs;
server_name http://www.myserver.com;
ssl on;
ssl_certificate /usr/local/apache/conf/server.pem;
ssl_certificate_key /usr/local/apache/conf/server.key;

ssl_session_timeout 5m;

location / {
root shtml;
index index.shtml index.html;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

2Ian: Honestly speaking, I have not so big experience with nginx+ssl… I’ve forwarded your question to russian nginx mailing list. Will answer here or by email if someone will answer about this issue.

Thanks.

2scoundrel: I might have a bit of an “aha” moment here…fired up firefox’s live headers and rec’d this after hitting the “send”:

Location: http://www.myserver.com:8080/webmail/src/right_main.php?mailbox=INBOX&sort=0&startMessage=1

So, it looks like the Apache backend is misbehaving and not trying to redirect to

“https://www.myserver.com/webmail…”

I’ve seen several pages on how to configure Apache as a reverse proxy, but can’t seem to find much on how it should be configured to be the backend.

вот хотел спросить — а есть возможность каждому виртуальному серверу своего пользователя указать?

сейчас у меня крутится apache-mpm-itk но в общем-то мне не нужен апач на сервере. но нужно раздавать кучу всякой статики для которой судя по всему nginx подходит как нельзя лучше…

2aim: не – нельзя. Но можно извратиться и запустить N нгинксов по одному воркеру на каждого и на них спроксировать… через нгинкс номер N+1

I am testing nginx with your static configuration (first example in your post) and getting some strange behaviour:

For files larger than a few hundred kB, I often get a 206 partial or a 200, but the file does not send completely. This is very irregular. Sometimes it works, sometimes not. Any ideas?

Thanks.

An example req/resp:

GET /static/f/testimage.jpg HTTP/1.1
Host: http://www.xxxx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Range: bytes=544487-
If-Range: Wed, 04 Apr 2007 12:20:33 GMT
Cache-Control: max-age=0

HTTP/1.x 206 Partial Content
Date: Sat, 02 Jun 2007 11:15:58 GMT
Server: nginx/0.5.22
Content-Type: image/jpeg
Content-Length: 2949459
Last-Modified: Wed, 04 Apr 2007 12:20:33 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Range: bytes 544487-3493945/3493946
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive

[...] This article “has moved”:http://rubyjudo.com/2006/8/27/nginx-yet-another-rails-deployment-option over to our sister spin-off blog, “RubyJudo”:http://rubyjudo.com, which focuses on more arcane technical topics than NotRocketSurgery.One of the downsides to this setup is that the reverse proxy server we will be using, nginx, is a Russian project with almost no English documentation. Although, there seems to be at least two capable Rails developers (1, 2) who are vouching for its speed and stability. [...]

hi anyone know how to get nginx to autostart on reboot.. using ssl and be able to have the passphrase ( which it always ask for on restart ) automatically entered. ??

please send answer to chrisangileri@yahoo.com

thanks muchly

[...] la : http://nginx.net/ http://blog.kovyrin.net/2006/04/04/nginx-small-powerful-web-server/ http://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/ http://www.lighttpd.net/download/spawn-fcgi.txt [...]

Hi
I am trying to configure Nginx as proxy POP3 server on a Linux 2.6.x system. When I try to use the example config files, nginx daemon says imap and mail as unrecognized words. Would appreciate any help in this regards.

achari_98 AT yahoo.com

2Fritzie: AFAIU, you need to enable mail support when you compile your nginx.

[...] it is a high-performance HTTP server / reverse proxy known for its stability, performance, and ease of use. The great track record, a plethora of great modules, and an active development community have [...]

Hi,
Thanks for the previous response.
Is it possible to enable SSL between NGINX and backend POP server. Can somebody please share any example configuration to achive this.

Basically the scenario I am talking about is, the end user POP3 client talks to the NGINX pop proxy over TCP port 110, then the NGINX server talks to backend POP3 server over SSL socket say 995.

I tried compiling the NGINX with mail_ssl support, but the TCP connection between NGINX and backend pop3 server gets established but SSL session set up does not happen.

I appreciate any help in this regard.

Thanks and regards

K Achary

Скажите, а где прописывать эти команды для нгинкс?
Если создать .htaccess и в нём прописать. то будет работать?

Hi, its possible to use Trac SCM on nginx with basic auth?

i’m tired of fighting with nginx, so changed it with lighttpd

[...] 详细的NGINX HTTPS服务器配置可以参考： http://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/ [...]

Здравствуйте. Кто нибудь в курсе как настроить nginx, так чтобы он смог обрабатывать URL большой длины т.е. длина HTTP GET запросов могла быть более 4-5 кб. При моей текущей конфигурации запросы такой длины приводят к появлению 414 ошибки.

Thanks for the nice overview. A question:

Could nginx be used as a HTTP wrapper for TCP protocols that do not speak HTTP, such as RTMP? Or with added SSL to function like stunnel?