background

Recently, there has been a global crackdown on Nginx, the birthplace of ClickHouse.

Computer technology is a discipline combining practice and theory with engineering. Whether you are doing back-end development, system architecture, big data development or data analysis, you still need to have the ability to manipulate the environment. Our average developer uses Nginx with a reverse proxy, which is basically enough. Nginx itself is a very powerful tool. As a beginner who has never used Nginx and has not studied Nginx systematically, it is common to encounter Nginx related requirements like this: I have a requirement or problem and I just want to know how to implement/solve it quickly, i.e. you just tell me what to do.

I am a non-professional operation and maintenance personnel, generally as a firefighter. The following is a list of common requirements for Nginx. Once you’ve solved these problems, you’ll be able to handle routine non-professional operations and maintenance.

  1. How to configure Nginx static resource server?
  2. How does Nginx do reverse proxy?
  3. How to obtain the actual CLIENT IP address after Nginx reverse proxy?
  4. How to configure Nginx load balancing?
  5. After Nginx load balancing/load tilting, how do clients know which host/service they are accessing?
  6. How does Nginx do secondary domain forwarding?
  7. How to configure HTTPS and certificates for Nginx?
  8. How does Nginx configure HTTP2?
  9. How to enable GZIP compression in Nginx?
  10. How to handle warnings from the Nginx console?
  11. Nginx error: the requested entity is too large.
  12. How does Nginx hide version numbers?

Note: 01. After modifying the configuration, you can use nginx -t to test whether there are syntax errors or typo; 02. After modifying the configuration, remember to use nginx-s reload to make the configuration take effect.

Nginx static resource hosting

Today, more and more front-end engineers are using tools like Nginx, Tengine, and OpenResty. Static resources, or even complete front-end projects, are typically deployed as static resource services.

  • Nginx static resource server
    location / {
        root  /opt/reading-notes/frontend/dist;
        index  index.html index.htm;
    }
Copy the code
  • Nginx configures proxy across domains
    location /api  {
            include  uwsgi_params;
            rewrite  ^/api/(.*)$ /$1 break;
            proxy_pass   http://localhost:8000;
    }
Copy the code
  • After Vue is packaged and deployed, refresh page 404
try_files $uri $uri/ /index.html;
Copy the code
  • Getting started with Nginx – Static resource Servers and cross-domain configuration

Nginx reverse proxy

What is a reverse proxy and what is a forward proxy?

  • Introduction to Nginx – Reverse proxy for secondary domain name forwarding

How to obtain the actual CLIENT IP address after Nginx reverse proxy

After the reverse proxy is configured, the client IP address obtained by the system log is 127.0.0.1. How do I obtain the actual client IP address?

Http_forwarded_for $proxy_add_X_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_for ().http_forwarded_forCopy the code

Nginx load balancing

Exposure to load balancing can be your first step towards becoming a systems architect, especially in the Java space. Because at this time, will be derived from today’s computer field of a core keyword: “cluster”. This is very similar to People’s Daily work life, one person’s strength is limited, and a group of people’s wisdom is infinite.

  • Default policy: Polling
Upstream {server 127.0.0.1:7000; Server 127.0.0.1:8000; }Copy the code
    location /api  {
            include  uwsgi_params;
            rewrite  ^/api/(.*)$ /$1 break;
            proxy_pass   http://api-server;
    }
Copy the code
  • Modify policy: Weight
Upstream {server 127.0.0.1:7000 weight=2; Server 127.0.0.1:8000; }Copy the code
  • Getting started with Nginx – Load Balancing (SpringBoot)

After Nginx load balancing/load tilting, how do clients know which host/service they are accessing?

After I have configured load balancing/load tilting, how do I know which back-end host/service I am accessing?

/etc/nginx/nginx.conf: add add_header ServerIP $upstream_addr to /etc/nginx/nginx.conf;Copy the code

With the above configuration, you can see the ServerIP information in the header of the request response.

Nginx secondary domain name forwarding

In fact, the so-called secondary domain name forwarding, the core or reverse proxy.

  • Introduction to Nginx – Reverse proxy for secondary domain name forwarding

Nginx configures HTTPS encrypted transmission

HTTPS (full name: Hyper Text Transfer Protocol over SecureSocket Layer (Hyper Text Transfer Protocol over SecureSocket Layer) is an HTTP channel aimed at security. Based on HTTP, it ensures the security of the transmission process through transmission encryption and identity authentication. HTTPS is based on SSL. In practice, we generally implement site-wide HTTPS using a combination of domain names and SSL certificates, and many major browsers no longer recommend using insecure HTTP.

  • Getting started with Nginx – proxy HTTPS, HTTP force-forwarding HTTPS

Nginx configures HTTP2 for fast response

HTTP/2 is the first update to the HTTP protocol since HTTP 1.1 was released in 1999 and is based on the SPDY protocol. Some of the new features of HTTP2: binary framing, multiplexing, server push, header compression, etc. are aimed at speeding up the response to requests. We actually use HTTP2 in combination with the Undertow Web container for fast loading responses to large numbers of small images.

Here’s a quote from Illustrated HTTP:

The goal of HTTP2 is to improve the user’s speed experience when using the Web.

  • Nginx configuration enables HTTP2 support

Nginx enables GZIP compression

HTTP2 is not enabled at the beginning, we also used GZIP compression to achieve the larger response body (JSON, JS, CSS, TEXT, specific how much compression can be configured) compression, which is not rich bandwidth for small sites, is a better solution; However, when GZIP compression is enabled, it is important to pay attention to the coordination between CPU and bandwidth, because the compression process is CPU intensive, which is similar to the “architecture is a trade-off”.

/etc/nginx/nginx.conf /etc/nginx/nginx.conf gzip_buffers 32 4K; gzip_comp_level 8; gzip_min_length 1k; gzip_types application/json application/javascript text/css text/xml text/plain; gzip_disable "MSIE [1-6]\."; gzip_vary on;Copy the code

Nginx console warning

Although the warning does not affect the running of the actual service, you can ignore it. However, for those who suffer from obsessive-compulsive disorder, it is also necessary to eliminate the warning (in addition, some of our front-end students on the browser console invalid printing, warning is required not to appear).

nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size

Proxy_headers_hash_bucket_size 1024; proxy_headers_hash_bucket_size 1024; proxy_headers_hash_bucket_size 1024;Copy the code

nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size

/etc/nginx/nginx.conf: types_hash_bucket_size 1024; types_hash_bucket_size 1024Copy the code

Request response error

This occurs when files are uploaded. The SpringBoot project limits the size of files to be uploaded. The default size is 1 MB.

spring:
  servlet:
    multipart:
      maxFileSize: 10MB
      maxRequestSize: 30MB
Copy the code

413 Request Entity Too Large because Nginx’s default Request body is also 1M.

413 Request Entity Too Large

/etc/nginx/nginx.conf: client_max_body_size 10m; client_max_body_size 10m;Copy the code

Nginx hides the version number

By default, Nginx version information is displayed in the request header. Some versions of Nginx have bugs and some don’t. In this way, direct exposure of the publication number can easily be used by attackers. So, from a security point of view, it’s safer to hide the version number.

Server_tokens off; http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; server_tokens off; }Copy the code

Reference

  • Getting started with Nginx – Static resource Servers and cross-domain configuration
  • Introduction to Nginx – Reverse proxy for secondary domain name forwarding
  • Getting started with Nginx – Load Balancing (SpringBoot)
  • Getting started with Nginx – Proxy Websocket
  • Getting started with Nginx – proxy HTTPS, HTTP force-forwarding HTTPS
  • Nginx configuration enables HTTP2 support
  • After the openSSL version upgrade, Nginx still uses the old version of OpenSSL
  • Install Redis, Zookeeper, and Nginx on Huawei openEuler20.03 system
  • Before full-stack development, back-end service deployment: Nginx source code installation, reverse proxy, static resource service, cross-domain production environment, load balancing
  • Nginx source code installation, configuration boot from the start

If you have any questions or any bugs are found, please feel free to contact me.

Your comments and suggestions are welcome!