nginx [Docs]

User Tools

Site Tools



NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption

the nginx configuration file can be found in: /etc/nginx/nginx.conf

This file consists of:

  • directive: the option that consists of name and parameters; it should end with a semicolon
    gzip on;
  • context: the section where you can declare directives (similar to scope in programming languages)
    worker_processes 2; # directive in global context
    http {              # http context
    gzip on;        # directive in http context
    server {          # server context
      listen 80;      # directive in server context

Processing requests

Inside nginx, you can specify multiple virtual servers, each described by a server { } context.

server {
  listen      *:80 default_server;
  return 200 "Hello from";
server {
  listen      *:80;
  return 200 "Hello from";
server {
  listen      *:81;
  return 200 "Hello from";

Nginx will first check the listen directive to test which virtual server is listening on the given IP:port combination. Then, the value from server_name directive is tested against the Host header, which stores the domain name of the server.

Nginx will choose the virtual server in the following order:

  1. Server listing on IP:port, with a matching server_name directive;
  2. Server listing on IP:port, with the default_server flag;
  3. Server listing on IP:port, first one defined;
  4. If there are no matches, refuse the connection.

server_name directive

server_name; # exact match
server_name *;              # wildcard matching
server_name netguru.*;                 # wildcard matching
server_name  ~^[0-9]*\.netguru\.co$;   # regexp matching


Enabling gzip should significantly reduce the weight of your response, thus it will appear faster on the client side.


SSL (standing for Socket Secure Layer) is a protocol providing a secure connection over HTTP. Technically SSL and TLS are different (as each is describing the different version of a protocol) - but many use those names interchangeably.

Base SSL/TLS setup
server {
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;
  ssl_certificate /etc/nginx/ssl/netguru.crt;
  ssl_certificate_key /etc/nginx/ssl/netguru.key;

enter image description here

Reverse proxy

A reverse proxy is an intermediary proxy service which takes a client request, passes it on to one or more servers, and subsequently delivers the server’s response to the client. Benefits:

  • Load Balancing
  • Increases security
  • Easy loggin and auditing



  location ~* \.php$ {
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;      
#fastcgi_pass; #tcp connection
#fastcgi_pass   unix:/tmp/php5-fpm.sock; #unix socket

Using a socket (e.g. listen = '/tmp/php-fpm.sock') makes sense when both the front-end (e.g. Nginx) and php-fpm are in the same box and

C10K problem is referred for the network socket unable to handle a large number of client (10,000) at the same time.

enter image description here

nginx.txt · Last modified: 2020/07/02 16:06 (external edit)