How to Get Started With NGINX
- 1. How to Get Started
With NGINX
Install and configure a web server, reverse
proxy and load balancer
JayDesai
Solutions Architect, Melbourne, Australia
- 3. | ©2019 F5
3
Agenda
1. Introducing NGINX
2. Install NGINX
3. ConfigureWeb Server
4. ConfigureReverse Proxy
5. ConfigureLoad Balancer
6. Link to Resources
- 4. | ©2019 F5
4
NGINX– EvolutionMap
2004
•NGINX0.1
2007
•“Viable”
2011
•NGINX, Inc.
•NGINX 1.0
2013
•NGINX Plus R1
First Commercial
Offering
2018
•NGINX Unit 1.0
•Controller 1.0
2019
•Controller 2.0
(API mgmt.)
•NGINX Plus R18
•Acquired by F5
Networks
2020
•Controller 3.4
•NGINX Plus R22
•APP Protect
- 5. | ©2019 F5
5
#1 450
million
Source: NetcraftMay2020 Web ServerSurvey
“Mostwebsitesuse NGINX”
- 6. | ©2019 F5
6
NGINX- Embracinga Multitudeof UseCases
Web
Server
Reverse
Proxy
Load
Balancer
Cache
Web
Application
Firewall
Internal
DDOS
Protection
API
Gateway
K8s
IC
Sidecar
Proxy
- 9. | ©2019 F5
9
Whatwe’regoingto build
Client / Browser + Internet
NGINX:
Reverse
Proxy, Load
Balancer &
Web Server
Other
Services /
Applications
Some
Services /
Applications
+
- 10. | ©2019 F5
10
• Laptop
• Internet connection
• Linuxhost / VM / Docker
• NGINX already installed?
−$ nginx -v
Confidential – Do
Not Distribute
Whatwillyou need
- 11. | ©2019 F5
11 CONFIDENTIAL
InstallingNGINX(simple)
CentOS / RHEL
• yum install nginx
Ubuntu / Debian
• apt-get installnginx
Docker
• docker pull nginx
MacOS / MacBook
• Use a VM or Docker
$ docker run --name mynginx -d -p 8080:80 nginx
- 12. | ©2019 F5
12 CONFIDENTIAL
WhatI willactuallydo
$ sudo wget https://nginx.org/keys/nginx_signing.key
$ sudo apt-key add nginx_signing.key
$ sudo vi /etc/apt/sources.list
deb https://nginx.org/packages/mainline/ubuntu/ bionic nginx
deb-src https://nginx.org/packages/mainline/ubuntu/ bionic nginx
$ sudo apt-get update
$ sudo apt-get install nginx
$ sudo service nginx start
$ nginx –v
nginx version: nginx/1.19.0
$ curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.19.0
https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#prebuilt_ubuntu
- 13. | ©2019 F5
13 CONFIDENTIAL
Some UsefulNGINXCommands
$ sudo service nginx {start|stop|status|restart|reload|force-reload|upgrade|configtest|check-
reload}
$ sudo nginx –v #version of NGINX
$ sudo nginx –V #version & Enabled Modules
$ sudo nginx –t #nginx configuration test
$ sudo nginx –T #Full configuration dump
- 15. | ©2019 F5
15
$ curl http://localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
- 16. | ©2019 F5
16
Checking/etc/nginx/nginx.conf
Exists
Has http{} block
• Contains
include /etc/nginx/conf.d/*.conf;
Sample here →
/etc/nginx/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf; _
}
- 17. | ©2019 F5
17
ServingContent– WebServer
• Inspectdefault.conf
• Cleanupdefault.conf
• Remove#commentedoutcontent
/etc/nginx/conf.d/default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 18. | ©2019 F5
18 CONFIDENTIAL
Createindex.htmlfile– APP1
$ cd /opt
$ sudo mkdir services
$ cd services
$ sudo mkdir App1
$ sudo mkdir App2
$ cd App1
$ sudo touch index.html
$ sudo vim index.html
Copy This →
SAVE
/opt/services/App1/index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
151
6
17
18
<!doctypehtml>
<html lang="en-US">
<head>
<link rel="icon" type="image/png"
href="https://www.nginx.com/wp-
content/uploads/2019/10/favicon-48x48.ico"sizes="48x48">
<h1>This is my APP 1</h1>
<style>
body{ background-color:#FF0000;}
</style>
<title>RED - APP 1</title>
</head>
</html>
- 19. | ©2019 F5
19 CONFIDENTIAL
Createindex.htmlfile– APP2
$ cd /opt/services/App2
$ sudo touch index.html
$ sudo vim index.html
Copy This →
SAVE
/opt/services/App1/index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
151
6
17
18
<!doctypehtml>
<html lang="en-US">
<head>
<link rel="icon" type="image/png"
href="https://www.nginx.com/wp-
content/uploads/2019/10/favicon-48x48.ico"sizes="48x48">
<h1>This is my APP 2</h1>
<style>
body{ background-color:#00FF00;}
</style>
<title>RED - APP 2</title>
</head>
</html>
- 20. | ©2019 F5
20 CONFIDENTIAL
Editing – default.conf
• Inspect default.conf
$ cd /etc/nginx/conf.d
$ sudo mv default.conf b2b.conf
$ sudo vim /etc/nginx/conf.d/b2b.conf
Copy This →
/etc/nginx/conf.d/b2b.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
151
6
17
18
19
20
21
22
23
24
25
26
server {
listen 8001 default_server;
server_name localhost;
location / {
root /opt/services/App1;
index index.html index.htm;
}
}
server {
listen 8002 default_server;
server_name localhost;
location / {
root /opt/services/App2;
index index.html index.htm;
}
}
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 21. | ©2019 F5
21
$ curl http://localhost:8001
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 1</h1>
.
$ curl http://localhost:8002
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 2</h1>
.
- 23. | ©2019 F5
23
Configuringupstream
/etc/nginx/conf.d/b2b.conf
upstream backend_servers {
zone backend_server_zone 64k;
server localhost:8001;
server localhost:8002;
}
server {
listen 8080 default_server;
server_name localhost;
location / {
proxy_pass http://backend_servers/;
}
}
server {
listen 8001 default_server;
server_name localhost;
index index.html index.htm;
location / {
root /opt/services/App1;
index index.html index.htm;
}
}
server {
listen 8002 default_server;
server_name localhost;
index index.html index.htm;
location / {
root /opt/services/App2;
index index.html index.htm;
}
}
$ sudo vim
/etc/nginx/conf.d/b2b.conf
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 24. | ©2019 F5
24
$ curl http://localhost:8080
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 1</h1>
.
$ curl http://localhost:8080
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 2</h1>
.
- 25. | ©2019 F5
25
Configuringupstream:
AddingServers
/etc/nginx/conf.d/b2b.conf
upstream backend_servers {
zone backend_server_zone 64k;
least_conn;
server localhost:8001;
server localhost:8002;
www.jdaus.net:9083;
}
server {
listen 8080 default_server;
server_name localhost;
location / {
proxy_pass http://backend_servers/;
}
}
server {
listen 8001 default_server;
server_name localhost;
index index.html index.htm;
location / {
root /opt/services/App1;
index index.html index.htm;
}
}
server {
listen 8002 default_server;
server_name localhost;
index index.html index.htm;
location / {
root /opt/services/App2;
index index.html index.htm;
}
$ sudo vim
/etc/nginx/conf.d/b2b.conf
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 26. | ©2019 F5
26
$ curl http://localhost:8080
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 1</h1>
.
$ curl http://localhost:8080
<!doctype html>
<html lang="en-US">
.
<h1>This is my APP 2</h1>
.
- 29. | ©2019 F5
29
LiveActivityMonitoring
• Configuring the Dashboard
/etc/nginx/conf.d/b2b.conf
.
.
.
.
.
.
.
.
.
.
.
.
server {
listen 8005 default_server;
server_name localhost;
location /api/ {
api write=on;
allow all;
#deny all;
}
location / {
root /usr/share/nginx/html;
index dashboard.html;
}
}
# End of file b2b.conf
NGINX Plus - ONLY
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 30. | ©2019 F5
30
ActiveHealthCheck
• Actively monitors all upstream server
locations
• Default – 5 seconds
health_check interval=10
fails=3 passes=2;
/etc/nginx/conf.d/b2b.conf
.
.
.
server {
listen 8080 default_server;
server_name localhost;
location / {
proxy_pass http://backend_servers/;
health_check;
}
}
.
.
.
NGINX Plus - ONLY
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 31. | ©2019 F5
31
Zero DowntimeConfigReloads
• Adding a new upstream
• Zero Downtime for active streams
/etc/nginx/conf.d/b2b.conf
1
2
3
4
5
6
7
8
9
upstream backend_servers{
zone backend_server_zone 64k;
least_conn;
serverlocalhost:8001;
serverlocalhost:8002;
www.jdaus.net:9083;
#INSERTTHE FOLLOWING UPSTREAM
www.jdaus.net:9084;
}
NGINX Plus - ONLY
$ sudo nginx –t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx –s reload
- 32. | ©2019 F5
32
RateLimiting
Rate limit is configured and monitored at
a global level
Limit is applied where we want it
• Per API gateway
• Per API definition
• Per URI/route
/etc/nginx/conf.d/b2b.conf
limit_req_zone $remote_addrzone=perip:1m rate=2r/s;
upstream backend_servers{
zone backend_server_zone 64k;
.
.
.
server {
listen 8000 default_server;
server_name localhost;
location / {
proxy_pass http://backend_servers/;
health_check;
limit_req zone=perip nodelay;
limit_req_status 429;
}
}
.
.
.
- 33. | ©2019 F5
33
$ nginx -s reload
$ curl http://localhost:8000
<!doctype html>
<html lang="en-US">
<head>…
$ !!;!!;!!;!!;!!
{"status":429,"message":”Rate limit exceeded"}
- 34. | ©2019 F5
34
How did we do?
1. Installing NGINX
2. Configuring Webserver
3. Configure Reverse Proxy
& Load Balancer
4. Active Health Check
5. Zero Downtime
Configuration Reloads
- 35. | ©2019 F5
35
Resources
OfficialNGINX open sourcedownloads
• http://nginx.org/en/linux_packages.html
NGINX Plus Trial License
• https://www.nginx.com/free-trial-request/
GettingStartedwith NGINX Guides
• https://www.nginx.com/resources/wiki/start/
• http://nginx.org/en/docs/beginners_guide.html