book

NGINX Cookbook

Name: NGINX Cookbook
Author: Derek DeJonghe
ISBN: 9781492078487

by Derek DeJonghe

October 2020

Intermediate to advanced

203 pages

4h 14m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Basics
1.0. Introduction1.1. Installing on Debian/Ubuntu1.2. Installing on RedHat/CentOS1.3. Installing NGINX Plus1.4. Verifying Your Installation1.5. Key Files, Directories, and Commands1.6. Serving Static Content1.7. Graceful Reload
2. High-Performance Load Balancing
2.0. Introduction2.1. HTTP Load Balancing2.2. TCP Load Balancing2.3. UDP Load Balancing2.4. Load-Balancing Methods2.5. Sticky Cookie with NGINX Plus2.6. Sticky Learn with NGINX Plus2.7. Sticky Routing with NGINX Plus2.8. Connection Draining with NGINX Plus2.9. Passive Health Checks2.10. Active Health Checks with NGINX Plus2.11. Slow Start with NGINX Plus
3. Traffic Management
3.0. Introduction3.1. A/B Testing3.2. Using the GeoIP Module and Database3.3. Restricting Access Based on Country3.4. Finding the Original Client3.5. Limiting Connections3.6. Limiting Rate3.7. Limiting Bandwidth
4. Massively Scalable Content Caching
4.0. Introduction4.1. Caching Zones4.2. Cache Locking4.3. Caching Hash Keys4.4. Cache Bypass4.5. Cache Performance4.6. Cache Purging with NGINX Plus4.7. Cache Slicing
5. Programmability and Automation
5.0. Introduction5.1. NGINX Plus API5.2. Using the Key-Value Store with NGINX Plus5.3. Extending NGINX with a Common Programming Language5.4. Installing with Puppet5.5. Installing with Chef5.6. Installing with Ansible5.7. Installing with SaltStack5.8. Automating Configurations with Consul Templating
6. Authentication
6.0. Introduction6.1. HTTP Basic Authentication6.2. Authentication Subrequests6.3. Validating JWTs with NGINX Plus6.4. Creating JSON Web Keys6.5. Validate JSON Web Tokens with NGINX Plus6.6. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus6.7. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus
7. Security Controls
7.0. Introduction7.1. Access Based on IP Address7.2. Allowing Cross-Origin Resource Sharing7.3. Client-Side Encryption7.4. Advanced Client-Side Encryption7.5. Upstream Encryption7.6. Securing a Location7.7. Generating a Secure Link with a Secret7.8. Securing a Location with an Expire Date7.9. Generating an Expiring Link7.10. HTTPS Redirects7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX7.12. HTTP Strict Transport Security7.13. Satisfying Any Number of Security Methods7.14. NGINX Plus Dynamic Application Layer DDoS Mitigation7.15. Installing and Configuring NGINX Plus App Protect Module
8. HTTP/2
8.0. Introduction8.1. Basic Configuration8.2. gRPC8.3. HTTP/2 Server Push

9. Sophisticated Media Streaming
9.0. Introduction9.1. Serving MP4 and FLV9.2. Streaming with HLS with NGINX Plus9.3. Streaming with HDS with NGINX Plus9.4. Bandwidth Limits with NGINX Plus
10. Cloud Deployments
10.0. Introduction10.1. Auto-Provisioning on AWS10.2. Routing to NGINX Nodes Without an AWS ELB10.3. The NLB Sandwich10.4. Deploying from the AWS Marketplace10.5. Creating an NGINX Virtual Machine Image on Azure10.6. Load Balancing Over NGINX Scale Sets on Azure10.7. Deploying Through the Azure Marketplace10.8. Deploying to Google Compute Engine10.9. Creating a Google Compute Image10.10. Creating a Google App Engine Proxy
11. Containers/Microservices
11.0. Introduction11.1. Using NGINX as an API Gateway11.2. Using DNS SRV Records with NGINX Plus11.3. Using the Official NGINX Image11.4. Creating an NGINX Dockerfile11.5. Building an NGINX Plus Docker Image11.6. Using Environment Variables in NGINX11.7. Kubernetes Ingress Controller11.8. Prometheus Exporter Module
12. High-Availability Deployment Modes
12.0. Introduction12.1. NGINX Plus HA Mode12.2. Load-Balancing Load Balancers with DNS12.3. Load Balancing on EC212.4. NGINX Plus Configuration Synchronization12.5. State Sharing with NGINX Plus and Zone Sync
13. Advanced Activity Monitoring
13.0. Introduction13.1. Enable NGINX Open Source Stub Status13.2. Enabling the NGINX Plus Monitoring Dashboard13.3. Collecting Metrics Using the NGINX Plus API
14. Debugging and Troubleshooting with Access Logs, Error Logs, and Request Tracing
14.0. Introduction14.1. Configuring Access Logs14.2. Configuring Error Logs14.3. Forwarding to Syslog14.4. Request Tracing14.5. OpenTracing for NGINX
15. Performance Tuning
15.0. Introduction15.1. Automating Tests with Load Drivers15.2. Keeping Connections Open to Clients15.3. Keeping Connections Open Upstream15.4. Buffering Responses15.5. Buffering Access Logs15.6. OS Tuning
16. Introduction to NGINX Controller
16.0. Introduction16.1. Setup Overview16.2. Connecting NGINX Plus with Controller16.3. Driving NGINX Controller with the API16.4. Enable WAF Through Controller App Security
17. Practical Ops Tips and Conclusion
17.0. Introduction17.1. Using Includes for Clean Configs17.2. Debugging Configs
Conclusion
Index

Content preview from NGINX Cookbook

Chapter 4. Massively Scalable Content Caching

4.0 Introduction

Caching accelerates content serving by storing request responses to be served again in the future. Content caching reduces load to upstream servers, caching the full response rather than running computations and queries again for the same request. Caching increases performance and reduces load, meaning you can serve faster with fewer resources. The scaling and distribution of caching servers in strategic locations can have a dramatic effect on user experience. It’s optimal to host content close to the consumer for the best performance. You can also cache your content close to your users. This is the pattern of content delivery networks, or CDNs. With NGINX you’re able to cache your content wherever you can place an NGINX server, effectively enabling you to create your own CDN. With NGINX caching, you’re also able to passively cache and serve cached responses in the event of an upstream failure. Caching features are only available within the http context.

4.1 Caching Zones

Problem

You need to cache content and need to define where the cache is stored.

Solution

Use the proxy_cache_path directive to define shared memory-cache zones and a location for the content:

proxy_cache_path /var/nginx/cache 
                 keys_zone=CACHE:60m 
                 levels=1:2 
                 inactive=3h 
                 max_size=20g;
proxy_cache CACHE;

The cache definition example creates a directory for cached responses on the filesystem at /var/nginx/cache and creates a shared memory ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492078470Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills