NGINX CONFIGURATION DETAILS

NGNIX — HTTP WEB SERVER

 

Ngnix is an open source resverse proxy server for HTTP,HTTPS,SMTP,POP3 AND IMAP Protocols as well as load balancer ,HTTP cache and a web server.

 

Difference from Apache:–

————————-

Mainly it differs in how it “handles the request” ….. Apache default model of request handling is “threaded” or “process oriented” and Ngnix uses an asynchronous event-driven handler for requests,that allow ngnix to more accurately provide predictable performance under high loads.

 

Features:-

———-

Handels static files,index file and auto-indexing.

Reverse proxy and cacheing abilities.

Load balancing of nodes.

Support fault tolerance.

Open SSl support for certificates.

Fast CGI,PHP_FPM and SCGI support.

Fully IPV6 compatible.

Websockets and HTTP/1.1.

URL  Redirects and rewriting.

Live streaming copmression.

Bandwidth Throttling.

Gelocation of IPs.

Very low memory footpritning-more than 10k concurrent connections with only ~2.5 mb for memory keep alive sessions.

 

INSTALLATION AND BASIC SETUP FOR NGNIX:–

——————————————

 

/etc/yum.repos.d/nginx.repo —> Enter the below on this file (ngnix.repo)

 

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=0

enabled=1

 

yum install epel-release

yum -y install nginx

———————————————

 

Configuration File:-

 

cd /etc/nginx/conf.d/

cat /etc/nginx/nginx.conf —> Most important configuration file

cd /usr/share/nginx/html/

 

——————————————–

 

Default Configuration Optimization:-

————————————-

 

vim /etc/nginx/nginx.conf  

 

user  nginx;

worker_processes  1; –>  “”responsible to know virtual server our all physical server (backbone of ngnix)–>1 worker process equal to 1 core if we multiple core in cpu than we will use number core equal to worker process. “”

 

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

 

events {

   worker_connections  1024; —> “” it tell us how many concurrent connection or how many enduser can simulataneously server as web connection }} best practise is to 1024  * number of worker_process “”

}

 

http {

   include       /etc/nginx/mime.types;

   default_type  application/octet-stream;

 

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                     ‘$status $body_bytes_sent “$http_referer” ‘

                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

 

   access_log  /var/log/nginx/access.log  main;

 

   sendfile        on;

   #tcp_nopush     on;

 

   keepalive_timeout  65; –> “” that means nginx will close close after this period of time it must be 15 “”

 

   #gzip  on;

 

   include /etc/nginx/conf.d/*.conf;

}

 

We will add below new entities :-

———————————-

If Buffer size is too low on the nginx then it has too write the temporary file which could increase the read and write constantly on the system which can load the system as it will increase the I/O load and request will take time to serve.

 

Three type of buffer size:-

 

Client body buffer size–  it handles the client  (postactions)

Client header buffer size — it handles the client header size

Client max body size — is the maximum allowed size for the client request if maximum size is exceeded than it will give 413 error i.e request too large

 

client_body_buffer_size 10k;

client_header_buffer_size 1k;

client_max_body_size 8m; –> Megabytes

large_client_header_buffer 2 1k;

 

client_body_timeout 12;

client_header_timeout 12;

send_timeout 10;

 

include /etc/nginx/vhost.d/*.conf; –> it will also include so it can all sites file (we will make the directory vhost.d) —>Basically we will move the default.conf file in the vhost.d directory

 

nginx -t —> we can check our configuration by running this (nginx -t)

 

So the final configuration file will look like below:–

———————————————————

 

user  nginx;

worker_processes  1;

 

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

 

events {

   worker_connections  1024;

}

 

http {

   include       /etc/nginx/mime.types;

   default_type  application/octet-stream;

 

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                     ‘$status $body_bytes_sent “$http_referer” ‘

                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

 

   access_log  /var/log/nginx/access.log  main;

 

   sendfile        on;

   #tcp_nopush     on;

 

   keepalive_timeout  15;

 

   #gzip  on;

 

client_body_buffer_size 10k;

client_header_buffer_size 1k;

client_max_body_size 8m;

large_client_header_buffers 2 1k;

 

client_body_timeout 12;

client_header_timeout 12;

send_timeout 10;

 

   include /etc/nginx/conf.d/*.conf;

   include /etc/nginx/vhost.d/*.conf;

}

 

———————————————————————————————-

 

Default.conf file configuration:-

———————————-

 

vim /etc/nginx/vhost.d/default.conf (file)

 

Only one change is made :-

 

root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html (it depends if you want)

   

 

server {

   listen       80;

   server_name  localhost;

 

   #charset koi8-r;

   #access_log  /var/log/nginx/log/host.access.log  main;

 

   location / {

       root   /usr/share/nginx/html;

       index  index.html index.htm;

   }

 

   #error_page  404              /404.html;

 

   # redirect server error pages to the static page /50x.html

   #

   error_page   500 502 503 504  /50x.html;

   location = /50x.html {

       root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html

   }

 

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80

   #

   #location ~ \.php$ {

   #    proxy_pass   http://127.0.0.1;

   #}

 

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

   #

   #location ~ \.php$ {

   #    root           html;

   #    fastcgi_pass   127.0.0.1:9000;

   #    fastcgi_index  index.php;

   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

   #    include        fastcgi_params;

   #}

 

   # deny access to .htaccess files, if Apache’s document root

   # concurs with nginx’s one

   #

   #location ~ /\.ht {

   #    deny  all;

   #}

}

 

——————————————————————————————————-

 

HOW TO USE LOAD BALANCE

 

1) Copy the code file into one more file like server.js and server2.js and we will also change the port for the file which we have copied like for the configuration of server.js file we are using the port number 8888 then we are use anothet port for server2.js like port 8080.

And also we will make index2.html and also make change in server2.js configuration file.cd

 

We will add the below line in our code file like http://www.mynode.local.conf

 

server localhost:8888;

server localhost:8889;

 

———————————————————————————————————

 

SSL Certification Management

 

Self signed certificate

 

These 3 file are their when we create the Self signed certificate:-

 

server.key :– openssl genrsa -des3  -out server.key 1024

server.csr :– openssl req -new -key server.key -out server.csr —>to create server csr  

server.crt  :- openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt

 

cd /etc/nginx

 

mkdir ssl

 

cd ssl

 

which openssl

 

Then we will create a self signed certificate

 

Step1:– openssl genrsa -des3  -out server.key 1024 —-> to create a server key (server.key)

 

Step2:– openssl req -new -key server.key -out server.csr —>to create server csr (server.csr)

 

Step3:– cp server.key server.key.org  —> when we want passphrase from the server key if we wont do this then everytime we restart the nginx it will ask for the passpahse.

 

Step4:– openssl rsa -in server.key.org -out server.key —> After running this it will remove the passphase

 

Step5:– openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt —-> to create the certificate

 

then we will go the cd /etc/nginx/vhost.d/www.myexample.local.conf (wherever is the configuration file for your website) and below line for https:-

 

server {

        listen 80;

root /var/www/html/myexample;

index index.html index.htm index.php;

server_name http://www.myexample.local myexample;

}

server{

listen 443;

 

root /var/www/html/myexample;

index index.html index.htm index.php;

 

server_name http://www.example.local myexample;

 

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;

ssl_certificate_key /etc/nginx/ssl/server.key;

}

 

————————————————————————————————————————–

 

Return Directive:–

———————

 

If we want to return something when we get the request:–

 

Go to your http://www.myexample.local.conf

 

cd /etc/init.d/nginx/www.myexample.local.conf

 

       location /form{       —————->if we want to redirect the 404 page

       return 404;

       }

 

location /form{

       return 301 http://www.google.com;            —————->if we want to premanent redirect the page (In this their is permanenet redirection google.com as 301 means permanent redirection )

       }

 

————————————————–

 

Return Directive Final Configration:-

————————————–

 

server {

        listen 80;

 

       root /var/www/html/myexample;

       index index.html index.htm index.php;

 

       server_name http://www.myexample.local myexample;

 

       location /form{

       return 404;

       }

}

server{

       listen 443;

 

       root /var/www/html/myexample;

       index index.html index.htm index.php;

 

       server_name http://www.example.local myexample;

 

       ssl on;

       ssl_certificate /etc/nginx/ssl/server.crt;

       ssl_certificate_key /etc/nginx/ssl/server.key;

}

 

———————————————————

 

Basic Rewrites :-

——————

 

If their is directory forum and we want redirect it to forums then we will use the rewrite rule:-

 

location /form{

rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;

}

}

 

—————————————————————————————————-

server {

        listen 80;

root /var/www/html/myexample;

index index.html index.htm index.php;

server_name http://www.myexample.local myexample;

location /form{

rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;

}

}

server{

listen 443;

 

root /var/www/html/myexample;

index index.html index.htm index.php;

 

server_name http://www.example.local myexample;

 

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;

ssl_certificate_key /etc/nginx/ssl/server.key;

}

————————————————————————————————————————————

 

Custom Error page:-

——————-

 

error_page 404 = /404.html;

       location = /403.html{

               root /var/www/html/myexample; —-> Here we will first create the error page like here we have created 404.html

               internal;

 

————————————————————————————————————————————–

 

LEMP Stack :– Linux E stands for Nginx MariaDB Php

 

Installation Php:-

——————-

 

Default port is 9000 for php

 

1) yum install php

2) yum install php-fpm (we will also install php-fpm )

Php-fpm :- It helps us the run the fast CGI process manager,it has some addtional features high and large traffic sites running nginx.

 

Then we will edit the file   “vim /etc/php-fpm.d/www.conf”  in this file we edit the location we will comment the below line and add listen =/var/run/php-fpm/www.sock (just like below)

 

#listen = 127.0.0.1:9000

listen =

 

Then we will create the file:– touch var/run/php-fpm/www.sock and give the ownership “chown nginx:nginx /var/run/php-fpm/www.sock”

 

—————————————————————————————————————————————–

 

Maria DB:-

———–

 

Installation:-

—————–

 

vim /etc/yum.repos.d/maria.repo :—> Make a file maria.repo and add the below lines:-

 

# MariaDB 5.5 CentOS repository list – created 2013-08-11 14:22 UTC

# http://mariadb.org/mariadb/repositories/

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/5.5/centos6-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

 

then run “yum install MariaDB-server”

—> To start the  MariaDB services we will run the command :-   /etc/init.d/mysql start

 

To run the secure mysql installation:-

 

mysql_secure_installation

 

——————————————————–XXXXXXXXXXXXXXXXXXXXXXXXXXX—————————————————

 

NGNIX — HTTP WEB SERVER

 

Ngnix is an open source resverse proxy serverfor HTTP,HTTPS,SMTP,POP3 AND IMAP Protocols as well as load balancer ,HTTP cache and a web server.

 

Difference from Apache:–

————————-

Mainly it differs in how it “handles the request” ….. Apache default model of request handling is “threaded” or “process oriented” and Ngnix uses an asynchronous event-driven handler for requets,that allow ngnix to more accurately provide predictable performance under high loads.

 

Features:-

———-

Handels static files,index file and auto-indexing.

Reverse proxy and cacheing abilities.

Load balancing of nodes.

Support fault tolerance.

Open SSl support for certificates.

Fast CGI,PHP_FPM and SCGI support.

Fully IPV6 compatible.

Websockets and HTTP/1.1.

URL  Redirects and rewriting.

Live streaming copmression.

Bandwidth Throttling.

Gelocation of IPs.

Very low memory footpritning-more than 10k concurrent connections with only ~2.5 mb for memory keep alive sessions.

 

INSTALLATION AND BASIC SETUP FOR NGNIX:–

——————————————

 

/etc/yum.repos.d/nginx.repo —> Enter the below on this file (ngnix.repo)

 

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=0

enabled=1

 

yum install epel-release

yum -y install nginx

———————————————

 

Configuration File:-

 

cd /etc/nginx/conf.d/

cat /etc/nginx/nginx.conf —> Most important configuration file

cd /usr/share/nginx/html/

 

——————————————–

 

Default Configuration Optimization:-

————————————-

 

vim /etc/nginx/nginx.conf  

 

user  nginx;

worker_processes  1; –>  “”responsible to know virtual server our all physical server (backbone of ngnix)–>1 worker process equal to 1 core if we multiple core in cpu than we will use number core equal to worker process. “”

 

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

 

events {

   worker_connections  1024; —> “” it tell us how many concurrent connection or how many enduser can simulataneously server as web connection }} best practise is to 1024  * number of worker_process “”

}

 

http {

   include       /etc/nginx/mime.types;

   default_type  application/octet-stream;

 

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                     ‘$status $body_bytes_sent “$http_referer” ‘

                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

 

   access_log  /var/log/nginx/access.log  main;

 

   sendfile        on;

   #tcp_nopush     on;

 

   keepalive_timeout  65; –> “” that means nginx will close close after this period of time it must be 15 “”

 

   #gzip  on;

 

   include /etc/nginx/conf.d/*.conf;

}

 

We will add below new entities :-

———————————-

If Buffer size is too low on the nginx then it has too write the temporary file which could increase the read and write constantly on the system which can load the system as it will increase the I/O load and request will take time to serve.

 

Three type of buffer size:-

 

Client body buffer size–  it handels the client  (postactions)

Client header buffer size — it handels the client header size

Client max body size — is the maximum allowed size for the client request if maximum size is exceded than it will give 413 error i.e request too large

 

client_body_buffer_size 10k;

client_header_buffer_size 1k;

client_max_body_size 8m; –> Megabytes

large_client_header_buffer 2 1k;

 

client_body_timeout 12;

client_header_timeout 12;

send_timeout 10;

 

include /etc/nginx/vhost.d/*.conf; –> it will also include so it can all sites file (we will make the directory vhost.d) —>Basically we will move the default.conf file in the vhost.d directory

 

nginx -t —> we can check our configurtion by running this (nginx -t)

 

So the final configuration file will look like below:–

———————————————————

 

user  nginx;

worker_processes  1;

 

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

 

events {

   worker_connections  1024;

}

 

http {

   include       /etc/nginx/mime.types;

   default_type  application/octet-stream;

 

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                     ‘$status $body_bytes_sent “$http_referer” ‘

                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

 

   access_log  /var/log/nginx/access.log  main;

 

   sendfile        on;

   #tcp_nopush     on;

 

   keepalive_timeout  15;

 

   #gzip  on;

 

client_body_buffer_size 10k;

client_header_buffer_size 1k;

client_max_body_size 8m;

large_client_header_buffers 2 1k;

 

client_body_timeout 12;

client_header_timeout 12;

send_timeout 10;

 

   include /etc/nginx/conf.d/*.conf;

   include /etc/nginx/vhost.d/*.conf;

}

 

———————————————————————————————-

 

Default.conf file confguration:-

———————————-

 

vim /etc/nginx/vhost.d/default.conf (file)

 

Only one change is made :-

 

root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html (it depends if you want)

   

 

server {

   listen       80;

   server_name  localhost;

 

   #charset koi8-r;

   #access_log  /var/log/nginx/log/host.access.log  main;

 

   location / {

       root   /usr/share/nginx/html;

       index  index.html index.htm;

   }

 

   #error_page  404              /404.html;

 

   # redirect server error pages to the static page /50x.html

   #

   error_page   500 502 503 504  /50x.html;

   location = /50x.html {

       root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html

   }

 

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80

   #

   #location ~ \.php$ {

   #    proxy_pass   http://127.0.0.1;

   #}

 

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

   #

   #location ~ \.php$ {

   #    root           html;

   #    fastcgi_pass   127.0.0.1:9000;

   #    fastcgi_index  index.php;

   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

   #    include        fastcgi_params;

   #}

 

   # deny access to .htaccess files, if Apache’s document root

   # concurs with nginx’s one

   #

   #location ~ /\.ht {

   #    deny  all;

   #}

}

 

——————————————————————————————————-

 

HOW TO USE LOAD BALANCE

 

1) Copy the code file into one more file like server.js and server2.js and we will also change the port for the file which we have copied like for the configuration of server.js file we are using the port number 8888 then we are use anothet port for server2.js like port 8080.

And also we will make index2.html and also make change in server2.js configuration file.cd

 

We will add the below line in our code file like http://www.mynode.local.conf

 

server localhost:8888;

server localhost:8889;

 

———————————————————————————————————

 

SSL Certification Management

 

Self signed certificate

 

These 3 file are their when we create the Self signed certificate:-

 

server.key :– openssl genrsa -des3  -out server.key 1024

server.csr :– openssl req -new -key server.key -out server.csr —>to create server csr  

server.crt  :- openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt

 

cd /etc/nginx

 

mkdir ssl

 

cd ssl

 

which openssl

 

Then we will create a self signed certificate

 

Step1:– openssl genrsa -des3  -out server.key 1024 —-> to create a server key (server.key)

 

Step2:– openssl req -new -key server.key -out server.csr —>to create server csr (server.csr)

 

Step3:– cp server.key server.key.org  —> when we want passphrase from the server key if we wont do this then everytime we restart the nginx it will ask for the passpahse.

 

Step4:– openssl rsa -in server.key.org -out server.key —> After running this it will remove the passphase

 

Step5:– openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt —-> to create the certificate

 

then we will go the cd /etc/nginx/vhost.d/www.myexample.local.conf (wherever is the configuration file for your website) and below line for https:-

 

server {

        listen 80;

root /var/www/html/myexample;

index index.html index.htm index.php;

server_name http://www.myexample.local myexample;

}

server{

listen 443;

 

root /var/www/html/myexample;

index index.html index.htm index.php;

 

server_name http://www.example.local myexample;

 

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;

ssl_certificate_key /etc/nginx/ssl/server.key;

}

 

————————————————————————————————————————–

 

Return Directive:–

———————

 

If we want to return something when we get the request:–

 

Go to your http://www.myexample.local.conf

 

cd /etc/init.d/nginx/www.myexample.local.conf

 

       location /form{       —————->if we want to redirect the 404 page

       return 404;

       }

 

location /form{

       return 301 http://www.google.com;            —————->if we want to premanent redirect the page (In this their is permanenet redirection google.com as 301 means permanent redirection )

       }

 

————————————————–

 

Return Directive Final Configration:-

————————————–

 

server {

        listen 80;

 

       root /var/www/html/myexample;

       index index.html index.htm index.php;

 

       server_name http://www.myexample.local myexample;

 

       location /form{

       return 404;

       }

}

server{

       listen 443;

 

       root /var/www/html/myexample;

       index index.html index.htm index.php;

 

       server_name http://www.example.local myexample;

 

       ssl on;

       ssl_certificate /etc/nginx/ssl/server.crt;

       ssl_certificate_key /etc/nginx/ssl/server.key;

}

 

———————————————————

 

Basic Rewrites :-

——————

 

If their is directory forum and we want redirect it to forums then we will use the rewrite rule:-

 

location /form{

rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;

}

}

 

—————————————————————————————————-

server {

        listen 80;

root /var/www/html/myexample;

index index.html index.htm index.php;

server_name http://www.myexample.local myexample;

location /form{

rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;

}

}

server{

listen 443;

 

root /var/www/html/myexample;

index index.html index.htm index.php;

 

server_name http://www.example.local myexample;

 

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;

ssl_certificate_key /etc/nginx/ssl/server.key;

}

————————————————————————————————————————————

 

Custom Error page:-

——————-

 

error_page 404 = /404.html;

       location = /403.html{

               root /var/www/html/myexample; —-> Here we will first create the error page like here we have created 404.html

               internal;

 

————————————————————————————————————————————–

 

LEMP Stack :– Linux E stands for Nginx MariaDB Php

 

Installation Php:-

——————-

 

Default port is 9000 for php

 

1) yum install php

2) yum install php-fpm (we will also install php-fpm )

Php-fpm :- It helps us the run the fast CGI process manager,it has some addtional features high and large traffic sites running nginx.

 

Then we will edit the file   “vim /etc/php-fpm.d/www.conf”  in this file we edit the location we will comment the below line and add listen =/var/run/php-fpm/www.sock (just like below)

 

#listen = 127.0.0.1:9000

listen =

 

Then we will create the file:– touch var/run/php-fpm/www.sock and give the ownership “chown nginx:nginx /var/run/php-fpm/www.sock”

 

—————————————————————————————————————————————–

 

Maria DB:-

———–

 

Installation:-

—————–

 

vim /etc/yum.repos.d/maria.repo :—> Make a file maria.repo and add the below lines:-

 

# MariaDB 5.5 CentOS repository list – created 2013-08-11 14:22 UTC

# http://mariadb.org/mariadb/repositories/

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/5.5/centos6-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

 

then run “yum install MariaDB-server”

—> To start the  MariaDB services we will run the command :-   /etc/init.d/mysql start

 

To run the secure mysql installation:-

 

mysql_secure_installation

 

——————————————————–XXXXXXXXXXXXXXXXXXXXXXXXXXX—————————————————

 

NGNIX — HTTP WEB SERVER

Ngnix is an open source resverse proxy serverfor HTTP,HTTPS,SMTP,POP3 AND IMAP Protocols as well as load balancer ,HTTP cache and a web server.

Difference from Apache:–
————————-
Mainly it differs in how it “handles the request” ….. Apache default model of request handling is “threaded” or “process oriented” and Ngnix uses an asynchronous event-driven handler for requets,that allow ngnix to more accurately provide predictable performance under high loads.

Features:-
———-
Handels static files,index file and auto-indexing.
Reverse proxy and cacheing abilities.
Load balancing of nodes.
Support fault tolerance.
Open SSl support for certificates.
Fast CGI,PHP_FPM and SCGI support.
Fully IPV6 compatible.
Websockets and HTTP/1.1.
URL  Redirects and rewriting.
Live streaming copmression.
Bandwidth Throttling.
Gelocation of IPs.
Very low memory footpritning-more than 10k concurrent connections with only ~2.5 mb for memory keep alive sessions.


INSTALLATION AND BASIC SETUP FOR NGNIX:–
——————————————

/etc/yum.repos.d/nginx.repo —> Enter the below on this file (ngnix.repo)

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum install epel-release
yum -y install nginx
———————————————

Configuration File:-

cd /etc/nginx/conf.d/
cat /etc/nginx/nginx.conf —> Most important configuration file
cd /usr/share/nginx/html/

——————————————–

Default Configuration Optimization:-
————————————-

vim /etc/nginx/nginx.conf  

user  nginx;
worker_processes  1; –>  “”responsible to know virtual server our all physical server (backbone of ngnix)–>1 worker process equal to 1 core if we multiple core in cpu than we will use number core equal to worker process. “”

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
   worker_connections  1024; —> “” it tell us how many concurrent connection or how many enduser can simulataneously server as web connection }} best practise is to 1024  * number of worker_process “”
}


http {
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
                     ‘$status $body_bytes_sent “$http_referer” ‘
                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

   access_log  /var/log/nginx/access.log  main;

   sendfile        on;
   #tcp_nopush     on;

   keepalive_timeout  65; –> “” that means nginx will close close after this period of time it must be 15 “”

   #gzip  on;

   include /etc/nginx/conf.d/*.conf;
}


We will add below new entities :-
———————————-
If Buffer size is too low on the nginx then it has too write the temporary file which could increase the read and write constantly on the system which can load the system as it will increase the I/O load and request will take time to serve.

Three type of buffer size:-

Client body buffer size–  it handels the client  (postactions)
Client header buffer size — it handels the client header size
Client max body size — is the maximum allowed size for the client request if maximum size is exceded than it will give 413 error i.e request too large

client_body_buffer_size 10k;
client_header_buffer_size 1k;
client_max_body_size 8m; –> Megabytes
large_client_header_buffer 2 1k;

client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;

include /etc/nginx/vhost.d/*.conf; –> it will also include so it can all sites file (we will make the directory vhost.d) —>Basically we will move the default.conf file in the vhost.d directory

nginx -t —> we can check our configurtion by running this (nginx -t)


So the final configuration file will look like below:–
———————————————————

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
   worker_connections  1024;
}


http {
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;

   log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
                     ‘$status $body_bytes_sent “$http_referer” ‘
                     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

   access_log  /var/log/nginx/access.log  main;

   sendfile        on;
   #tcp_nopush     on;

   keepalive_timeout  15;

   #gzip  on;

client_body_buffer_size 10k;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;

client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;

   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/vhost.d/*.conf;
}


———————————————————————————————-

Default.conf file confguration:-
———————————-

vim /etc/nginx/vhost.d/default.conf (file)

Only one change is made :-

root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html (it depends if you want)
   


server {
   listen       80;
   server_name  localhost;

   #charset koi8-r;
   #access_log  /var/log/nginx/log/host.access.log  main;

   location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html; —-> ” we will change it to root “”/var/www/html””;” and make a directory /var/www/html
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache’s document root
   # concurs with nginx’s one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}
}

——————————————————————————————————-

HOW TO USE LOAD BALANCE

1) Copy the code file into one more file like server.js and server2.js and we will also change the port for the file which we have copied like for the configuration of server.js file we are using the port number 8888 then we are use anothet port for server2.js like port 8080.
And also we will make index2.html and also make change in server2.js configuration file.cd

We will add the below line in our code file like http://www.mynode.local.conf

server localhost:8888;
server localhost:8889;

———————————————————————————————————

SSL Certification Management


Self signed certificate

These 3 file are their when we create the Self signed certificate:-

server.key :– openssl genrsa -des3  -out server.key 1024
server.csr :– openssl req -new -key server.key -out server.csr —>to create server csr  
server.crt  :- openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt

cd /etc/nginx

mkdir ssl

cd ssl

which openssl

Then we will create a self signed certificate

Step1:– openssl genrsa -des3  -out server.key 1024 —-> to create a server key (server.key)

Step2:– openssl req -new -key server.key -out server.csr —>to create server csr (server.csr)

Step3:– cp server.key server.key.org  —> when we want passphrase from the server key if we wont do this then everytime we restart the nginx it will ask for the passpahse.

Step4:– openssl rsa -in server.key.org -out server.key —> After running this it will remove the passphase

Step5:– openssl x509 -req -days 365  -in server.csr -signkey server.key -out server.crt —-> to create the certificate

then we will go the cd /etc/nginx/vhost.d/www.myexample.local.conf (wherever is the configuration file for your website) and below line for https:-

server {
        listen 80;

root /var/www/html/myexample;
index index.html index.htm index.php;

server_name http://www.myexample.local myexample;
}
server{
listen 443;

root /var/www/html/myexample;
index index.html index.htm index.php;

server_name http://www.example.local myexample;


ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}

————————————————————————————————————————–

Return Directive:–
———————

If we want to return something when we get the request:–

Go to your http://www.myexample.local.conf

cd /etc/init.d/nginx/www.myexample.local.conf


       location /form{       —————->if we want to redirect the 404 page
       return 404;
       }




location /form{
       return 301 http://www.google.com;            —————->if we want to premanent redirect the page (In this their is permanenet redirection google.com as 301 means permanent redirection )
       }



————————————————–

Return Directive Final Configration:-
————————————–

server {
        listen 80;

       root /var/www/html/myexample;
       index index.html index.htm index.php;

       server_name http://www.myexample.local myexample;

       location /form{
       return 404;
       }
}
server{
       listen 443;

       root /var/www/html/myexample;
       index index.html index.htm index.php;

       server_name http://www.example.local myexample;


       ssl on;
       ssl_certificate /etc/nginx/ssl/server.crt;
       ssl_certificate_key /etc/nginx/ssl/server.key;
}

———————————————————

Basic Rewrites :-
——————

If their is directory forum and we want redirect it to forums then we will use the rewrite rule:-




location /form{
rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;
}
}

—————————————————————————————————-
server {
        listen 80;

root /var/www/html/myexample;
index index.html index.htm index.php;

server_name http://www.myexample.local myexample;

location /form{
rewrite  ^/forum/(.*)$ http://www.myexample.local/forums/$1 permanent;
}
}
server{
listen 443;

root /var/www/html/myexample;
index index.html index.htm index.php;

server_name http://www.example.local myexample;


ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}
————————————————————————————————————————————

Custom Error page:-
——————-

error_page 404 = /404.html;
       location = /403.html{
               root /var/www/html/myexample; —-> Here we will first create the error page like here we have created 404.html
               internal;

————————————————————————————————————————————–

LEMP Stack :– Linux E stands for Nginx MariaDB Php


Installation Php:-
——————-

Default port is 9000 for php

1) yum install php
2) yum install php-fpm (we will also install php-fpm )
Php-fpm :- It helps us the run the fast CGI process manager,it has some addtional features high and large traffic sites running nginx.


Then we will edit the file   “vim /etc/php-fpm.d/www.conf”  in this file we edit the location we will comment the below line and add listen =/var/run/php-fpm/www.sock (just like below)

#listen = 127.0.0.1:9000
listen =


Then we will create the file:– touch var/run/php-fpm/www.sock and give the ownership “chown nginx:nginx /var/run/php-fpm/www.sock”

—————————————————————————————————————————————–

Maria DB:-
———–

Installation:-
—————–

vim /etc/yum.repos.d/maria.repo :—> Make a file maria.repo and add the below lines:-

# MariaDB 5.5 CentOS repository list – created 2013-08-11 14:22 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/5.5/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1


then run “yum install MariaDB-server”
—> To start the  MariaDB services we will run the command :-   /etc/init.d/mysql start



To run the secure mysql installation:-

mysql_secure_installation

——————————————————–XXXXXXXXXXXXXXXXXXXXXXXXXXX—————————————————
































 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s