Nginx is a high performance web server and proxy, which is used by many big sites. If you need Nginx, you either have a high performance site, or you like the asynchronous event driven approach of it, which ensures a consistent usage of memory almost regardless of the connection amount. Nginx comes with a ton of features, but most likely, only the proxying and SSL features are needed in this recipe.
The source code of the example application is available at examples/chapter7/ssl/example-app as well as for examples/chapter7/ssl/example-app-2 for the second application instance. The configuration files for the web server are put in examples/chapter7/nginx.
Nginx should be installed, and up and running. Execute apt-get install nginx on any Debian derived distribution.
Let us start with a single external port 80 to internal port 9000 redirection:
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.2:9000;
proxy_redirect http://192.168.0.2:9000/ http://your.external.domain/;
}The next step is to get SSL up and running:
server {
listen 443;
server_name your.server.name;
ssl on;
ssl_certificate /etc/nginx/host.crt;
ssl_certificate_key /etc/nginx/host.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://192.168.0.2:9000;
}
}As usual, load balancing is the last part of the setup:
upstream www.test.local {
server 192.168.0.2:9000;
server 192.168.0.3:9000;
}
server {
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.test.local;
proxy_redirect / http://www.test.local/;
}
}While taking a closer look at the setup, there are almost no differences to the Apache setup except for the header rewriting. A closer look has to be taken at the proxy_redirect directive, as this is changing depending whether you are load balancing or not.
If you need load balancing support, you should make sure that you name the cluster the same as your site. This allows a far more readable configuration, when using the proxy_pass directive.
The SSL configuration also sets all needed headers, where in most cases, some predefined variables are used, like the $host one. For a complete reference go to http://wiki.nginx.org/HttpCoreModule#Variables. Furthermore, you should make sure that the server_name directive in the SSL configuration matches with the SSL certificate host name.
You could possibly use Nginx for many more things because it has support for memcached, MPEG, and flash streaming or WebDAV.
Nginx had the problem of not having too much documentation. However, today the website at http://www.nginx.org as well as the wiki at http://wiki.nginx.org/ show you most of the configuration options. Furthermore, there is also a good book named Nginx HTTP Server about Nginx, which is also released by Packt Publishing.
Nginx has a nice module called fair balancer that keeps in mind which node has the lowest load by counting currently processed requests, and thus balances all requests in an even manner instead of using pure round-robin based load balancing.
You can remove the node to be upgraded out of your load balancing configuration and call nginx -s reload to force it to reread its configuration. Then update your application and re-enable it in the configuration file. Reload the configuration again and you are done.