book

NGINX Cookbook, 3rd Edition

Name: NGINX Cookbook, 3rd Edition
Author: Derek DeJonghe
ISBN: 9781098158439

by Derek DeJonghe

January 2024

Beginner to intermediate

194 pages

4h 9m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Conventions Used in This BookO’Reilly Online LearningHow to Contact Us
1. Basics
1.0. Introduction1.1. Installing NGINX on Debian/Ubuntu1.2. Installing NGINX Through the YUM Package Manager1.3. Installing NGINX Plus1.4. Verifying Your Installation1.5. Key Files, Directories, and Commands1.6. Using Includes for Clean Configs1.7. Serving Static Content
2. High-Performance Load Balancing
2.0. Introduction2.1. HTTP Load Balancing2.2. TCP Load Balancing2.3. UDP Load Balancing2.4. Load-Balancing Methods2.5. Sticky Cookie with NGINX Plus2.6. Sticky Learn with NGINX Plus2.7. Sticky Routing with NGINX Plus2.8. Connection Draining with NGINX Plus2.9. Passive Health Checks2.10. Active Health Checks with NGINX Plus2.11. Slow Start with NGINX Plus
3. Traffic Management
3.0. Introduction3.1. A/B Testing3.2. Using the GeoIP Module and Database3.3. Restricting Access Based on Country3.4. Finding the Original Client3.5. Limiting Connections3.6. Limiting Rate3.7. Limiting Bandwidth
4. Massively Scalable Content Caching
4.0. Introduction4.1. Caching Zones4.2. Caching Hash Keys4.3. Cache Locking4.4. Use Stale Cache4.5. Cache Bypass4.6. Cache Purging with NGINX Plus4.7. Cache Slicing
5. Programmability and Automation
5.0. Introduction5.1. NGINX Plus API5.2. Using the Key-Value Store with NGINX Plus5.3. Using the njs Module to Expose JavaScript Functionality Within NGINX5.4. Extending NGINX with a Common Programming Language5.5. Installing with Ansible5.6. Installing with Chef5.7. Automating Configurations with Consul Templating
6. Authentication
6.0. Introduction6.1. HTTP Basic Authentication6.2. Authentication Subrequests6.3. Validating JWTs with NGINX Plus6.4. Creating JSON Web Keys6.5. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus6.6. Validate JSON Web Tokens (JWT) with NGINX Plus6.7. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus6.8. Configuring NGINX Plus as a Service Provider for SAML Authentication
7. Security Controls
7.0. Introduction7.1. Access Based on IP Address7.2. Allowing Cross-Origin Resource Sharing7.3. Client-Side Encryption7.4. Advanced Client-Side Encryption7.5. Upstream Encryption7.6. Securing a Location7.7. Generating a Secure Link with a Secret7.8. Securing a Location with an Expire Date7.9. Generating an Expiring Link7.10. HTTPS Redirects7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX7.12. HTTP Strict Transport Security7.13. Restricting Access Based on Country7.14. Satisfying Any Number of Security Methods7.15. NGINX Plus Dynamic Application Layer DDoS Mitigation7.16. Installing and Configuring NGINX Plus with the NGINX App Protect WAF Module
8. HTTP/2 and HTTP/3 (QUIC)
8.0. Introduction8.1. Enabling HTTP/28.2. Enabling HTTP/38.3. gRPC
9. Sophisticated Media Streaming
9.0. Introduction9.1. Serving MP4 and FLV9.2. Streaming with HLS with NGINX Plus9.3. Streaming with HDS with NGINX Plus9.4. Bandwidth Limits with NGINX Plus

10. Cloud Deployments
10.0. Introduction10.1. Auto-Provisioning10.2. Deploying an NGINX VM in the Cloud10.3. Creating an NGINX Machine Image10.4. Routing to NGINX Nodes Without a Cloud Native Load Balancer10.5. The Load Balancer Sandwich10.6. Load Balancing over Dynamically Scaling NGINX Servers10.7. Creating a Google App Engine Proxy
11. Containers/Microservices
11.0. Introduction11.1. Using NGINX as an API Gateway11.2. Using DNS SRV Records with NGINX Plus11.3. Using the Official NGINX Container Image11.4. Creating an NGINX Dockerfile11.5. Building an NGINX Plus Container Image11.6. Using Environment Variables in NGINX11.7. NGINX Ingress Controller from NGINX
12. High-Availability Deployment Modes
12.0. Introduction12.1. NGINX Plus HA Mode12.2. Load Balancing Load Balancers with DNS12.3. Load Balancing on EC212.4. NGINX Plus Configuration Synchronization12.5. State Sharing with NGINX Plus and Zone Sync
13. Advanced Activity Monitoring
13.0. Introduction13.1. Enable NGINX Stub Status13.2. Enabling the NGINX Plus Monitoring Dashboard13.3. Collecting Metrics Using the NGINX Plus API13.4. OpenTelemetry for NGINX13.5. Prometheus Exporter Module
14. Debugging and Troubleshooting with Access Logs, Error Logs, and Request Tracing
14.0. Introduction14.1. Configuring Access Logs14.2. Configuring Error Logs14.3. Forwarding to Syslog14.4. Debugging Configs14.5. Request Tracing
15. Performance Tuning
15.0. Introduction15.1. Automating Tests with Load Drivers15.2. Controlling Cache at the Browser15.3. Keeping Connections Open to Clients15.4. Keeping Connections Open Upstream15.5. Buffering Responses15.6. Buffering Access Logs15.7. OS Tuning
Index
About the Author

Overview

NGINX is one of the most widely used web servers available today, in part because of its capabilities as a load balancer and reverse proxy server for HTTP and other network protocols. This revised cookbook provides easy-to-follow examples of real-world problems in application delivery. Practical recipes help you set up and use either the open source or commercial offering to solve problems in various use cases.

For professionals who understand modern web architectures such as n-tier or microservice designs and common web protocols such as TCP and HTTP, these recipes include proven solutions for security and software load balancing and for monitoring and maintaining NGINX's application delivery platform. You'll also explore advanced features of both NGINX and NGINX Plus, the free and licensed versions of this server.

You'll find recipes for:

High-performance load balancing with HTTP, TCP, and UDP
Securing access through encrypted traffic, secure links, HTTP authentication subrequests, and more
Deploying NGINX to Google, AWS, and Azure Cloud Services
NGINX Plus as a service provider in a SAML environment
HTTP/3 (QUIC), OpenTelemetry, and the njs module

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098158422Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills