book

NGINX Cookbook, 2nd Edition

Name: NGINX Cookbook, 2nd Edition
Author: Derek DeJonghe
ISBN: 9781098126247

by Derek DeJonghe

May 2022

Intermediate to advanced

202 pages

4h 17m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Basics
1.0. Introduction1.1. Installing NGINX on Debian/Ubuntu1.2. Installing NGINX on RedHat/CentOS1.3. Installing NGINX Plus1.4. Verifying Your Installation1.5. Key Files, Directories, and Commands1.6. Serving Static Content1.7. Graceful Reload
2. High-Performance Load Balancing
2.0. Introduction2.1. HTTP Load Balancing2.2. TCP Load Balancing2.3. UDP Load Balancing2.4. Load-Balancing Methods2.5. Sticky Cookie with NGINX Plus2.6. Sticky Learn with NGINX Plus2.7. Sticky Routing with NGINX Plus2.8. Connection Draining with NGINX Plus2.9. Passive Health Checks2.10. Active Health Checks with NGINX Plus2.11. Slow Start with NGINX Plus
3. Traffic Management
3.0. Introduction3.1. A/B Testing3.2. Using the GeoIP Module and Database3.3. Restricting Access Based on Country3.4. Finding the Original Client3.5. Limiting Connections3.6. Limiting Rate3.7. Limiting Bandwidth
4. Massively Scalable Content Caching
4.0. Introduction4.1. Caching Zones4.2. Cache Locking4.3. Caching Hash Keys4.4. Cache Bypass4.5. Cache Performance4.6. Cache Purging with NGINX Plus4.7. Cache Slicing
5. Programmability and Automation
5.0. Introduction5.1. NGINX Plus API5.2. Using the Key-Value Store with NGINX Plus5.3. Using the NJS Module to Expose JavaScript Functionality Within NGINX5.4. Extending NGINX with a Common Programming Language5.5. Installing with Chef5.6. Installing with Ansible5.7. Automating Configurations with Consul Templating
6. Authentication
6.0. Introduction6.1. HTTP Basic Authentication6.2. Authentication Subrequests6.3. Validating JWTs with NGINX Plus6.4. Creating JSON Web Keys6.5. Validate JSON Web Tokens with NGINX Plus6.6. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus6.7. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus
7. Security Controls
7.0. Introduction7.1. Access Based on IP Address7.2. Allowing Cross-Origin Resource Sharing7.3. Client-Side Encryption7.4. Advanced Client-Side Encryption7.5. Upstream Encryption7.6. Securing a Location7.7. Generating a Secure Link with a Secret7.8. Securing a Location with an Expire Date7.9. Generating an Expiring Link7.10. HTTPS Redirects7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX7.12. HTTP Strict Transport Security7.13. Satisfying Any Number of Security Methods7.14. NGINX Plus Dynamic Application Layer DDoS Mitigation7.15. Installing and Configuring NGINX Plus with the NGINX App Protect WAF Module
8. HTTP/2
8.0. Introduction8.1. Basic Configuration8.2. gRPC8.3. HTTP/2 Server Push
9. Sophisticated Media Streaming
9.0. Introduction9.1. Serving MP4 and FLV9.2. Streaming with HLS with NGINX Plus9.3. Streaming with HDS with NGINX Plus9.4. Bandwidth Limits with NGINX Plus

10. Cloud Deployments
10.0. Introduction10.1. Auto-Provisioning on AWS10.2. Routing to NGINX Nodes Without an AWS ELB10.3. The NLB Sandwich10.4. Deploying from the AWS Marketplace10.5. Creating an NGINX Virtual Machine Image on Azure10.6. Load Balancing Over NGINX Scale Sets on Azure10.7. Deploying Through the Azure Marketplace10.8. Deploying to Google Compute Engine10.9. Creating a Google Compute Image10.10. Creating a Google App Engine Proxy
11. Containers/Microservices
11.0. Introduction11.1. Using NGINX as an API Gateway11.2. Using DNS SRV Records with NGINX Plus11.3. Using the Official NGINX Image11.4. Creating an NGINX Dockerfile11.5. Building an NGINX Plus Docker Image11.6. Using Environment Variables in NGINX11.7. Kubernetes Ingress Controller11.8. Prometheus Exporter Module11.9. NGINX Service Mesh mTLS
12. High-Availability Deployment Modes
12.0. Introduction12.1. NGINX Plus HA Mode12.2. Load-Balancing Load Balancers with DNS12.3. Load Balancing on EC212.4. NGINX Plus Configuration Synchronization12.5. State Sharing with NGINX Plus and Zone Sync
13. Advanced Activity Monitoring
13.0. Introduction13.1. Enable NGINX Open Source Stub Status13.2. Enabling the NGINX Plus Monitoring Dashboard13.3. Collecting Metrics Using the NGINX Plus API
14. Debugging and Troubleshooting with Access Logs, Error Logs, and Request Tracing
14.0. Introduction14.1. Configuring Access Logs14.2. Configuring Error Logs14.3. Forwarding to Syslog14.4. Request Tracing14.5. OpenTracing for NGINX
15. Performance Tuning
15.0. Introduction15.1. Automating Tests with Load Drivers15.2. Keeping Connections Open to Clients15.3. Keeping Connections Open Upstream15.4. Buffering Responses15.5. Buffering Access Logs15.6. OS Tuning
16. Introduction to NGINX Instance Manager
16.0. Introduction16.1. Setup Overview16.2. Agent Installation16.3. Automating NGINX Discovery, Configuration, and Monitoring with the API
17. Introduction to NGINX Controller
17.0. Introduction17.1. Setup Overview17.2. Connecting NGINX Plus with Controller17.3. Driving NGINX Controller with the API17.4. Enable WAF Through Controller App Security
18. Practical Ops Tips and Conclusion
18.0. Introduction18.1. Using Includes for Clean Configs18.2. Debugging Configs
Conclusion
Index
About the Author

Overview

NGINX is one of the most widely used web servers available today, in part because of itscapabilities as a load balancer and reverse proxy server for HTTP and other network protocols. This revised cookbook provides easy-to-follow examples of real-world problems in application delivery. Practical recipes help you set up and use either the open source or commercial offering to solve problems in various use cases.

For professionals who understand modern web architectures, such as n-tier or microservice designs and common web protocols such as TCP and HTTP, these recipes provide proven solutions for security and software load balancing and for monitoring and maintaining NGINX's application delivery platform. You'll also explore advanced features of both NGINX and NGINX Plus, the free and licensed versions of this server.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098126230Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills