book

NGINX Cookbook, 3rd Edition

Name: NGINX Cookbook, 3rd Edition
Author: Derek DeJonghe
ISBN: 9781098158439

by Derek DeJonghe

January 2024

Beginner to intermediate

194 pages

4h 9m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Conventions Used in This BookO’Reilly Online LearningHow to Contact Us
1. Basics
1.0. Introduction1.1. Installing NGINX on Debian/Ubuntu1.2. Installing NGINX Through the YUM Package Manager1.3. Installing NGINX Plus1.4. Verifying Your Installation1.5. Key Files, Directories, and Commands1.6. Using Includes for Clean Configs1.7. Serving Static Content
2. High-Performance Load Balancing
2.0. Introduction2.1. HTTP Load Balancing2.2. TCP Load Balancing2.3. UDP Load Balancing2.4. Load-Balancing Methods2.5. Sticky Cookie with NGINX Plus2.6. Sticky Learn with NGINX Plus2.7. Sticky Routing with NGINX Plus2.8. Connection Draining with NGINX Plus2.9. Passive Health Checks2.10. Active Health Checks with NGINX Plus2.11. Slow Start with NGINX Plus
3. Traffic Management
3.0. Introduction3.1. A/B Testing3.2. Using the GeoIP Module and Database3.3. Restricting Access Based on Country3.4. Finding the Original Client3.5. Limiting Connections3.6. Limiting Rate3.7. Limiting Bandwidth
4. Massively Scalable Content Caching
4.0. Introduction4.1. Caching Zones4.2. Caching Hash Keys4.3. Cache Locking4.4. Use Stale Cache4.5. Cache Bypass4.6. Cache Purging with NGINX Plus4.7. Cache Slicing
5. Programmability and Automation
5.0. Introduction5.1. NGINX Plus API5.2. Using the Key-Value Store with NGINX Plus5.3. Using the njs Module to Expose JavaScript Functionality Within NGINX5.4. Extending NGINX with a Common Programming Language5.5. Installing with Ansible5.6. Installing with Chef5.7. Automating Configurations with Consul Templating
6. Authentication
6.0. Introduction6.1. HTTP Basic Authentication6.2. Authentication Subrequests6.3. Validating JWTs with NGINX Plus6.4. Creating JSON Web Keys6.5. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus6.6. Validate JSON Web Tokens (JWT) with NGINX Plus6.7. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus6.8. Configuring NGINX Plus as a Service Provider for SAML Authentication
7. Security Controls
7.0. Introduction7.1. Access Based on IP Address7.2. Allowing Cross-Origin Resource Sharing7.3. Client-Side Encryption7.4. Advanced Client-Side Encryption7.5. Upstream Encryption7.6. Securing a Location7.7. Generating a Secure Link with a Secret7.8. Securing a Location with an Expire Date7.9. Generating an Expiring Link7.10. HTTPS Redirects7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX7.12. HTTP Strict Transport Security7.13. Restricting Access Based on Country7.14. Satisfying Any Number of Security Methods7.15. NGINX Plus Dynamic Application Layer DDoS Mitigation7.16. Installing and Configuring NGINX Plus with the NGINX App Protect WAF Module
8. HTTP/2 and HTTP/3 (QUIC)
8.0. Introduction8.1. Enabling HTTP/28.2. Enabling HTTP/38.3. gRPC
9. Sophisticated Media Streaming
9.0. Introduction9.1. Serving MP4 and FLV9.2. Streaming with HLS with NGINX Plus9.3. Streaming with HDS with NGINX Plus9.4. Bandwidth Limits with NGINX Plus

10. Cloud Deployments
10.0. Introduction10.1. Auto-Provisioning10.2. Deploying an NGINX VM in the Cloud10.3. Creating an NGINX Machine Image10.4. Routing to NGINX Nodes Without a Cloud Native Load Balancer10.5. The Load Balancer Sandwich10.6. Load Balancing over Dynamically Scaling NGINX Servers10.7. Creating a Google App Engine Proxy
11. Containers/Microservices
11.0. Introduction11.1. Using NGINX as an API Gateway11.2. Using DNS SRV Records with NGINX Plus11.3. Using the Official NGINX Container Image11.4. Creating an NGINX Dockerfile11.5. Building an NGINX Plus Container Image11.6. Using Environment Variables in NGINX11.7. NGINX Ingress Controller from NGINX
12. High-Availability Deployment Modes
12.0. Introduction12.1. NGINX Plus HA Mode12.2. Load Balancing Load Balancers with DNS12.3. Load Balancing on EC212.4. NGINX Plus Configuration Synchronization12.5. State Sharing with NGINX Plus and Zone Sync
13. Advanced Activity Monitoring
13.0. Introduction13.1. Enable NGINX Stub Status13.2. Enabling the NGINX Plus Monitoring Dashboard13.3. Collecting Metrics Using the NGINX Plus API13.4. OpenTelemetry for NGINX13.5. Prometheus Exporter Module
14. Debugging and Troubleshooting with Access Logs, Error Logs, and Request Tracing
14.0. Introduction14.1. Configuring Access Logs14.2. Configuring Error Logs14.3. Forwarding to Syslog14.4. Debugging Configs14.5. Request Tracing
15. Performance Tuning
15.0. Introduction15.1. Automating Tests with Load Drivers15.2. Controlling Cache at the Browser15.3. Keeping Connections Open to Clients15.4. Keeping Connections Open Upstream15.5. Buffering Responses15.6. Buffering Access Logs15.7. OS Tuning
Index
About the Author

Content preview from NGINX Cookbook, 3rd Edition

Chapter 4. Massively Scalable Content Caching

4.0 Introduction

Caching accelerates content serving by storing responses to be served again in the future. By serving from its cache, NGINX reduces load on upstream servers by offloading them of expensive, repetitive work. Caching increases performance and reduces load, meaning you can serve faster with fewer resources. Caching also reduces the time and bandwidth it takes to serve resources.

The scaling and distribution of caching servers in strategic locations can have a dramatic effect on user experience. It’s optimal to host content close to the consumer for the best performance. You can also cache your content close to your users. This is the pattern of content delivery networks, or CDNs. With NGINX you’re able to cache your content wherever you can place an NGINX server, effectively enabling you to create your own CDN. With NGINX caching, you’re also able to passively cache and serve cached responses in the event of an upstream failure. Caching features are only available within the http context. This chapter will cover NGINX’s caching and content delivery capabilities.

4.1 Caching Zones

Problem

You need to cache content and need to define where the cache is stored.

Solution

Use the proxy_cache_path directive to define shared memory-cache zones and a location for the content:

proxy_cache_path /var/nginx/cache 
                 keys_zone=main_content:60m 
                 levels=1:2 
                 inactive=3h 
                 max_size=20g
                 min_free=500m;
proxy_cache CACHE;

The ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098158422Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills