What best practices do you use while using NGinx?
-
Just a note that this does not work for a Magento setup. Still investigating the reasons but I think it has something to do with the query string. – Jauder Ho Jun 04 '09 at 08:26
-
location /wordpress must be useful when you have wordpress in subdirectory named "wordpress". What about when we have wordpress in web root "/"? – rahul286 Dec 10 '09 at 12:24
15 Answers
By far, the best tips I have ever seen are from the author on it's pitfall page: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
- 237,123
- 42
- 477
- 940
- 473
- 11
- 22
Generally, using "if" is a bad practice (according to author of nginx). if possible, better to use try_file of error_page directives instead "if (-f ...)"
Combining tip with maintenence.html file and tip with try_files we get:
location / { try_files /maintenance.html $uri $uri/ @wordpress; }
When maintenance ends, just mv maintenance.html from $root.
- 66
- 1
- 4
-
16This is not ideal as /maintenance.html will be served as a 200 response. You probably want search engines to recognize that the maintenance page is not your actual website. You would probably want to return a 503 (Service Temporarily Unavailable). The only way I can figure out how to do this is with an `if (-f ...) { return 503; }` and `error_page 503 /maintenance.html`. What do you think? – Aaron Gibralter Jun 02 '11 at 14:08
Configure nginx to use stronger SSL ciphers. By default, SSLv2 is enabled (which you should disable if possible).
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
http://tumblelog.jauderho.com/post/121851623/nginx-and-stronger-ssl
- 5,337
- 2
- 18
- 17
Its often more efficient to use the map
directive in place of regular expressions when switching the root for matching subdomains:
server {
server_name mysite.tld ~^.+\.mysite\.tld$;
map $host $files {
default common;
mysite.tld common;
www.mysite.tld common;
admin.mysite.tld admin;
system.mysite.tld system;
*.mysite.tld users;
}
root /var/www/mysite/$files;
}
- 1,016
- 5
- 15
- 24
The empty_gif
module is also very useful, especially if you need monitor responses from the webserver (using nagios/monit/etc):
location /token {
empty_gif;
}
location /favicon.ico {
empty_gif;
}
location /img/1px.gif {
empty_gif;
}
- 1,016
- 5
- 15
- 24
-
1Can you provide a real world example for this? I still don't fully understand how it's useful. – The Pixel Developer Jun 05 '09 at 16:22
-
1@ The Pixel Developer, its only really useful for speed. Nginx keeps the data for an empty gif in memory so it never has to load from disk. – Unknown Jun 12 '09 at 02:34
-
5
We set up Nginx with Chef, using this cookbook which contains scripts for handling nginx configuration similar to how Debian does Apache2, and also some sample templates with sane defaults.
- 7,511
- 2
- 33
- 42
Here's a good method for returning a maintenance page. All requests are rewritten and the correct http code is returned. (503 - Service unavailable)
error_page 503 /maintenance.html;
location /
{
if (-f $document_root/maintenance.html)
{
return 503;
}
try_files $uri /index.php?$args;
}
location = /maintenance.html
{
rewrite ^ /maintenance.html break;
}
- 847
- 3
- 9
- 20
-
1Actually, I disagree -- I added a comment to http://serverfault.com/questions/18994/nginx-best-practices/124755#124755. Basically, you want to return a 503 error or else bots and indexers will think your maintenance page is part of your actual site... There's nothing wrong with an `if` statement if you use it correctly -- the docs say that `if`s are safe if you're just doing `return xxx;`. – Aaron Gibralter Jun 02 '11 at 14:10
-
From nginx 0.7.12 and later, a "" is usable in server_name to catch requests without a "Host" header.
You can use the following as a catchall for undefined virtual hosts.
server {
server_name _ "";
}
- 1,675
- 6
- 20
- 27
-
Does your exemple work only for requests with an undefined vhost or will it also work with requests with an unknown (wrong) vhost? – Benoit Jun 04 '09 at 08:26
-
-
-
1Please note this is only partially true. "" will catch a MISSING Host header, but it will not be catch a request with a Host header that doesn't match anything. If you want a catch-all server block then see the default_server flag under the listen directive. – Martin Fjordvald Apr 09 '11 at 23:48
I also posted a while ago about how to properly handle gzip compression with nginx as older browsers may have issues with just a blanket gzip statement. HTH.
http://tumblelog.jauderho.com/post/27655495/gzip-compression-with-nginx
- 5,337
- 2
- 18
- 17
I don't know if it is a best practice, but definitely a neat hack to get nested conditions in nginx. Here's a sample from the nginx wiki.
location /xxxx/ {
set $test "";
if ($request_method = POST) {
set $test P;
}
if ($http_cookie ~* "CCCC=.+(?:;|$)" ) {
set $test "${test}C";
}
if ($test = PC) {
#rewrite rule goes here.
}
}
- 4,397
- 6
- 40
- 51
- 582
- 6
- 12
-
3I'd put that in the category of "ugly but occasionally necessary practice" -- certainly not something to be encouraged. – womble Jul 30 '11 at 02:56
If you need to flip contextually between http and https for subdomains handled by the same server block, you can use variables to do so. Might not be the most efficient way to do things, but it works:
server {
server mysite.tld ~^.+\.mysite\.tld$;
set $req_ssl = 0;
map $host $files {
default common;
mysite.tld common;
www.mysite.tld common;
admin.mysite.tld admin;
system.mysite.tld system;
*.mysite.tld users;
}
root /var/www/mysite/$files;
if ( $files = "admin" ){
set $req_ssl 1;
}
if ( $files = "common" ){
set $req_ssl 2;
}
if ( $scheme = http )
{
set $req_ssl $req_ssl.1;
}
if ( $scheme = https )
{
set $req_ssl $req_ssl.2;
}
if ($req_ssl = 1.1){
rewrite ^ https://$host$uri;
}
if ($req_ssl = 2.2){
rewrite ^ http://$host$uri;
}
}
- 1,016
- 5
- 15
- 24
I always try to use the root
directive in the top of the server block so I can take advantage of the $document_root
variable and never, but never, include the root
directive inside a location block.
The Pitfalls Page from the Nginx wiki has some great tips about best practices.
- 237,123
- 42
- 477
- 940
- 381
- 3
- 5
If you are using nginx as a proxy, having the timeout settings adjusted can be important to ensure you are not having nginx drop connections before your application is done with them, especially if you are dealing with a high traffic application:
proxy_connect_timeout
proxy_send_timeout
- 709
- 2
- 6
- 16