Nginx: Difference between revisions

From Omnia
Jump to navigation Jump to search
(Created page with "Pronounced "Engine X" "Developed by Igor Sysoev in 2002, Nginx was finally released to the public in 2004 and continues to grow in popularity every year. Nginx is an open-sou...")
 
No edit summary
Line 1: Line 1:
== Nginx ==
Pronounced "Engine X"
Pronounced "Engine X"


"Developed by Igor Sysoev in 2002, Nginx was finally released to the public in 2004 and continues to grow in popularity every year. Nginx is an open-sourced, free HTTP server and reverse proxy. It can also act as an IMAP/POP3 server. Benefiting from being fully scalable, Nginx combines the use of a predictable small amount of memory with asynchronous architecture, resulting in a small memory footprint and low resource consumption. Nginx offers a high-performance, stable environment and is currently the chosen web server for WordPress, SourceForge, and TorrentReactor. Nginx is currently the 3rd most popular web server (behind Apache and IIS) with a market share of 7.65% (according to Netcraft’s March 2011 survey)." [http://slodive.com/web-development/lightweight-alternatives-to-apache-and-iis-web-servers/]
"Developed by Igor Sysoev in 2002, Nginx was finally released to the public in 2004 and continues to grow in popularity every year. Nginx is an open-sourced, free HTTP server and reverse proxy. It can also act as an IMAP/POP3 server. Benefiting from being fully scalable, Nginx combines the use of a predictable small amount of memory with asynchronous architecture, resulting in a small memory footprint and low resource consumption. Nginx offers a high-performance, stable environment and is currently the chosen web server for WordPress, SourceForge, and TorrentReactor. Nginx is currently the 3rd most popular web server (behind Apache and IIS) with a market share of 7.65% (according to Netcraft’s March 2011 survey)." [http://slodive.com/web-development/lightweight-alternatives-to-apache-and-iis-web-servers/]
== SSL Proxy ==
Example:
<pre>
http {
    #...
    upstream backend.example.com {
        server backend1.example.com:443;
        server backend2.example.com:443;
  }
    server {
        listen      80;
        server_name www.example.com;
        #...
        location /upstream {
            proxy_pass                    https://backend.example.com;
            proxy_ssl_certificate        /etc/nginx/client.pem;
            proxy_ssl_certificate_key    /etc/nginx/client.key;
            proxy_ssl_protocols          TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers            HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;
        }
    }
    server {
        listen      443 ssl;
        server_name backend1.example.com;
        ssl_certificate        /etc/ssl/certs/server.crt;
        ssl_certificate_key    /etc/ssl/certs/server.key;
        ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client      optional;
        location /yourapp {
            proxy_pass https://url_to_app.com;
        #...
        }
    server {
        listen      443 ssl;
        server_name backend2.example.com;
        ssl_certificate        /etc/ssl/certs/server.crt;
        ssl_certificate_key    /etc/ssl/certs/server.key;
        ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client      optional;
        location /yourapp {
            proxy_pass https://url_to_app.com;
        #...
        }
    }
}
</pre>
ref: https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/


== keywords ==
== keywords ==

Revision as of 05:48, 19 January 2024

Nginx

Pronounced "Engine X"

"Developed by Igor Sysoev in 2002, Nginx was finally released to the public in 2004 and continues to grow in popularity every year. Nginx is an open-sourced, free HTTP server and reverse proxy. It can also act as an IMAP/POP3 server. Benefiting from being fully scalable, Nginx combines the use of a predictable small amount of memory with asynchronous architecture, resulting in a small memory footprint and low resource consumption. Nginx offers a high-performance, stable environment and is currently the chosen web server for WordPress, SourceForge, and TorrentReactor. Nginx is currently the 3rd most popular web server (behind Apache and IIS) with a market share of 7.65% (according to Netcraft’s March 2011 survey)." [1]

SSL Proxy

Example:

http {
    #...
    upstream backend.example.com {
        server backend1.example.com:443;
        server backend2.example.com:443;
   }

    server {
        listen      80;
        server_name www.example.com;
        #...

        location /upstream {
            proxy_pass                    https://backend.example.com;
            proxy_ssl_certificate         /etc/nginx/client.pem;
            proxy_ssl_certificate_key     /etc/nginx/client.key;
            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;

            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;
        }
    }

    server {
        listen      443 ssl;
        server_name backend1.example.com;

        ssl_certificate        /etc/ssl/certs/server.crt;
        ssl_certificate_key    /etc/ssl/certs/server.key;
        ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client      optional;

        location /yourapp {
            proxy_pass https://url_to_app.com;
        #...
        }

    server {
        listen      443 ssl;
        server_name backend2.example.com;

        ssl_certificate        /etc/ssl/certs/server.crt;
        ssl_certificate_key    /etc/ssl/certs/server.key;
        ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client      optional;

        location /yourapp {
            proxy_pass https://url_to_app.com;
        #...
        }
    }
}

ref: https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/

keywords