# Nginx NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption the nginx configuration file can be found in: /etc/nginx/nginx.conf This file consists of: - directive: the option that consists of name and parameters; it should end with a semicolon ```nginx gzip on; ``` - context: the section where you can declare directives (similar to scope in programming languages) ```nginx worker_processes 2; # directive in global context http { # http context gzip on; # directive in http context server { # server context listen 80; # directive in server context } } ``` ## Processing requests Inside nginx, you can specify multiple virtual servers, each described by a `server { }` context. ```nginx server { listen *:80 default_server; server_name netguru.co; return 200 "Hello from netguru.co"; } server { listen *:80; server_name foo.co; return 200 "Hello from foo.co"; } server { listen *:81; server_name bar.co; return 200 "Hello from bar.co"; } ``` Nginx will first check the `listen` directive to test which virtual server is listening on the given IP:port combination. Then, the value from `server_name` directive is tested against the `Host` header, which stores the domain name of the server. Nginx will choose the virtual server in the following order: 1. Server listing on IP:port, with a matching `server_name` directive; 2. Server listing on IP:port, with the `default_server` flag; 3. Server listing on IP:port, first one defined; 4. If there are no matches, refuse the connection. #### server_name directive ``` server_name netguru.co www.netguru.co; # exact match server_name *.netguru.co; # wildcard matching server_name netguru.*; # wildcard matching server_name ~^[0-9]*\.netguru\.co$; # regexp matching ``` #### Gzip Enabling `gzip` should significantly reduce the weight of your response, thus it will appear faster on the client side. #### SSL and TLS SSL (standing for Socket Secure Layer) is a protocol providing a secure connection over HTTP. Technically SSL and TLS are different (as each is describing the different version of a protocol) - but many use those names interchangeably. ##### Base SSL/TLS setup ```nginx server { listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl_certificate /etc/nginx/ssl/netguru.crt; ssl_certificate_key /etc/nginx/ssl/netguru.key; } ```  ### Reverse proxy A reverse proxy is an intermediary proxy service which takes a client request, passes it on to one or more servers, and subsequently delivers the server’s response to the client. Benefits: - Load Balancing - Increases security - Easy loggin and auditing https://medium.com/@mohsin061/forward-proxy-and-reverse-proxy-500b9bd4bf8e ### PHP PHP-FPM ```nginx location ~* \.php$ { fastcgi_pass unix:/run/php/php7.0-fpm.sock; } ``` #fastcgi_pass 127.0.0.1:9000; #tcp connection #fastcgi_pass unix:/tmp/php5-fpm.sock; #unix socket Using a socket (e.g. listen = '/tmp/php-fpm.sock') makes sense when both the front-end (e.g. Nginx) and php-fpm are in the same box and C10K problem is referred for the network socket unable to handle a large number of client (10,000) at the same time.