NGINX Cookbook, 3rd Edition

NGINX Cookbook, 3rd Edition

by Derek DeJonghe
Released January 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098158439

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

NGINX is one of the most widely used web servers available today, in part because of its capabilities as a load balancer and reverse proxy server for HTTP and other network protocols. This revised cookbook provides easy-to-follow examples of real-world problems in application delivery. Practical recipes help you set up and use either the open source or commercial offering to solve problems in various use cases.

For professionals who understand modern web architectures such as n-tier or microservice designs and common web protocols such as TCP and HTTP, these recipes include proven solutions for security and software load balancing and for monitoring and maintaining NGINX's application delivery platform. You'll also explore advanced features of both NGINX and NGINX Plus, the free and licensed versions of this server.

You'll find recipes for:

  • High-performance load balancing with HTTP, TCP, and UDP
  • Securing access through encrypted traffic, secure links, HTTP authentication subrequests, and more
  • Deploying NGINX to Google, AWS, and Azure Cloud Services
  • NGINX Plus as a service provider in a SAML environment
  • HTTP/3 (QUIC), OpenTelemetry, and the njs module

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Conventions Used in This Book
    2. O’Reilly Online Learning
    3. How to Contact Us
  2. 1. Basics
    1. 1.0. Introduction
    2. 1.1. Installing NGINX on Debian/Ubuntu
    3. 1.2. Installing NGINX Through the YUM Package Manager
    4. 1.3. Installing NGINX Plus
    5. 1.4. Verifying Your Installation
    6. 1.5. Key Files, Directories, and Commands
    7. 1.6. Using Includes for Clean Configs
    8. 1.7. Serving Static Content
  3. 2. High-Performance Load Balancing
    1. 2.0. Introduction
    2. 2.1. HTTP Load Balancing
    3. 2.2. TCP Load Balancing
    4. 2.3. UDP Load Balancing
    5. 2.4. Load-Balancing Methods
    6. 2.5. Sticky Cookie with NGINX Plus
    7. 2.6. Sticky Learn with NGINX Plus
    8. 2.7. Sticky Routing with NGINX Plus
    9. 2.8. Connection Draining with NGINX Plus
    10. 2.9. Passive Health Checks
    11. 2.10. Active Health Checks with NGINX Plus
    12. 2.11. Slow Start with NGINX Plus
  4. 3. Traffic Management
    1. 3.0. Introduction
    2. 3.1. A/B Testing
    3. 3.2. Using the GeoIP Module and Database
    4. 3.3. Restricting Access Based on Country
    5. 3.4. Finding the Original Client
    6. 3.5. Limiting Connections
    7. 3.6. Limiting Rate
    8. 3.7. Limiting Bandwidth
  5. 4. Massively Scalable Content Caching
    1. 4.0. Introduction
    2. 4.1. Caching Zones
    3. 4.2. Caching Hash Keys
    4. 4.3. Cache Locking
    5. 4.4. Use Stale Cache
    6. 4.5. Cache Bypass
    7. 4.6. Cache Purging with NGINX Plus
    8. 4.7. Cache Slicing
  6. 5. Programmability and Automation
    1. 5.0. Introduction
    2. 5.1. NGINX Plus API
    3. 5.2. Using the Key-Value Store with NGINX Plus
    4. 5.3. Using the njs Module to Expose JavaScript Functionality Within NGINX
    5. 5.4. Extending NGINX with a Common Programming Language
    6. 5.5. Installing with Ansible
    7. 5.6. Installing with Chef
    8. 5.7. Automating Configurations with Consul Templating
  7. 6. Authentication
    1. 6.0. Introduction
    2. 6.1. HTTP Basic Authentication
    3. 6.2. Authentication Subrequests
    4. 6.3. Validating JWTs with NGINX Plus
    5. 6.4. Creating JSON Web Keys
    6. 6.5. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus
    7. 6.6. Validate JSON Web Tokens (JWT) with NGINX Plus
    8. 6.7. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus
    9. 6.8. Configuring NGINX Plus as a Service Provider for SAML Authentication
  8. 7. Security Controls
    1. 7.0. Introduction
    2. 7.1. Access Based on IP Address
    3. 7.2. Allowing Cross-Origin Resource Sharing
    4. 7.3. Client-Side Encryption
    5. 7.4. Advanced Client-Side Encryption
    6. 7.5. Upstream Encryption
    7. 7.6. Securing a Location
    8. 7.7. Generating a Secure Link with a Secret
    9. 7.8. Securing a Location with an Expire Date
    10. 7.9. Generating an Expiring Link
    11. 7.10. HTTPS Redirects
    12. 7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX
    13. 7.12. HTTP Strict Transport Security
    14. 7.13. Restricting Access Based on Country
    15. 7.14. Satisfying Any Number of Security Methods
    16. 7.15. NGINX Plus Dynamic Application Layer DDoS Mitigation
    17. 7.16. Installing and Configuring NGINX Plus with the NGINX App Protect WAF Module
  9. 8. HTTP/2 and HTTP/3 (QUIC)
    1. 8.0. Introduction
    2. 8.1. Enabling HTTP/2
    3. 8.2. Enabling HTTP/3
    4. 8.3. gRPC
  10. 9. Sophisticated Media Streaming
    1. 9.0. Introduction
    2. 9.1. Serving MP4 and FLV
    3. 9.2. Streaming with HLS with NGINX Plus
    4. 9.3. Streaming with HDS with NGINX Plus
    5. 9.4. Bandwidth Limits with NGINX Plus
  11. 10. Cloud Deployments
    1. 10.0. Introduction
    2. 10.1. Auto-Provisioning
    3. 10.2. Deploying an NGINX VM in the Cloud
    4. 10.3. Creating an NGINX Machine Image
    5. 10.4. Routing to NGINX Nodes Without a Cloud Native Load Balancer
    6. 10.5. The Load Balancer Sandwich
    7. 10.6. Load Balancing over Dynamically Scaling NGINX Servers
    8. 10.7. Creating a Google App Engine Proxy
  12. 11. Containers/Microservices
    1. 11.0. Introduction
    2. 11.1. Using NGINX as an API Gateway
    3. 11.2. Using DNS SRV Records with NGINX Plus
    4. 11.3. Using the Official NGINX Container Image
    5. 11.4. Creating an NGINX Dockerfile
    6. 11.5. Building an NGINX Plus Container Image
    7. 11.6. Using Environment Variables in NGINX
    8. 11.7. NGINX Ingress Controller from NGINX
  13. 12. High-Availability Deployment Modes
    1. 12.0. Introduction
    2. 12.1. NGINX Plus HA Mode
    3. 12.2. Load Balancing Load Balancers with DNS
    4. 12.3. Load Balancing on EC2
    5. 12.4. NGINX Plus Configuration Synchronization
    6. 12.5. State Sharing with NGINX Plus and Zone Sync
  14. 13. Advanced Activity Monitoring
    1. 13.0. Introduction
    2. 13.1. Enable NGINX Stub Status
    3. 13.2. Enabling the NGINX Plus Monitoring Dashboard
    4. 13.3. Collecting Metrics Using the NGINX Plus API
    5. 13.4. OpenTelemetry for NGINX
    6. 13.5. Prometheus Exporter Module
  15. 14. Debugging and Troubleshooting with Access Logs, Error Logs, and Request Tracing
    1. 14.0. Introduction
    2. 14.1. Configuring Access Logs
    3. 14.2. Configuring Error Logs
    4. 14.3. Forwarding to Syslog
    5. 14.4. Debugging Configs
    6. 14.5. Request Tracing
  16. 15. Performance Tuning
    1. 15.0. Introduction
    2. 15.1. Automating Tests with Load Drivers
    3. 15.2. Controlling Cache at the Browser
    4. 15.3. Keeping Connections Open to Clients
    5. 15.4. Keeping Connections Open Upstream
    6. 15.5. Buffering Responses
    7. 15.6. Buffering Access Logs
    8. 15.7. OS Tuning
  17. Index
  18. About the Author

Product information

  • Title: NGINX Cookbook, 3rd Edition
  • Author(s): Derek DeJonghe
  • Release date: January 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098158439