Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Comprehensive Nginx Administration and Configuration Guide

Tech May 16 1

Nginx Installation on RHEL/CentOS

To install Nginx from the official repository, first set up the package source by creating a configuration file at /etc/yum.repos.d/nginx.repo:

[nginx-repo]
name=nginx repository
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

Once configured, proceed with the installation:

sudo yum install nginx
nginx -v             # Verify version
systemctl stop nginx # Terminate immediately
nginx -s quit        # Graceful shutdown
nginx -s reload      # Reload configuration

Containerized Deployment

You can quickly deploy Nginx using Docker to isolated environments:

docker run -d \
  --name nginx-server \
  -p 80:80 \
  --restart unless-stopped \
  -v $(pwd)/config:/etc/nginx/conf.d \
  nginx:stable-alpine

Load Balancing Strategies

Define upstream groups to distribute traffic effectively:

  • Weighted Round Robin: Assigns traffic based on server capacity.
upstream backend_cluster {
    server node1.internal weight=5;
    server node2.internal weight=1;
}
  • Least Connections: Routes traffic to the server with the fewest active requests.
upstream backend_cluster {
    least_conn;
    server node1.internal;
    server node2.internal;
}

Securing Traffic with SSL/TLS

Using acme.sh for automated Let's Encrypt certificate management is recommended:

# Generate certificate
acme.sh --issue -d example.com --nginx

# Deploy certificate
acme.sh --install-cert -d example.com \
  --key-file /etc/nginx/ssl/example.key \
  --fullchain-file /etc/nginx/ssl/example.crt \
  --reloadcmd "nginx -s reload"

Configure Nginx with optimized security headers and performance caching:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
        proxy_pass http://upstream_service;
    }
}

Advanced URL Path Stripping

To remove a URL prefix (e.g., /api/) before passing the request to a backend, you can manipulate the request path:

# Strategy 1: Using a trailing slash in proxy_pass
location /api/ {
    proxy_pass http://backend_server/;
}

# Strategy 2: Using rewrite for explicit mapping
location /api/ {
    rewrite ^/api/(.*)$ /$1 break;
    proxy_pass http://backend_server;
}
Tags: nginxreverse-proxyload-balancingssl-tls
Back to List

Prev: Implementing Complex Types in Entity Framework Code First

Next: Working with Swing Components: Spinners, Split Panes, Tabbed Panes, and Tables

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top