Home >Operation and Maintenance >Nginx >Nginx secure deployment: start with server configuration
Nginx is an excellent HTTP and reverse proxy server that can provide high performance, stability and scalability. To ensure the security and stability of the Nginx server, secure deployment is required. This article will start with server configuration and introduce in detail the installation, configuration, optimization and security deployment of Nginx.
Before installing Nginx, you need to perform basic configuration of the server. It is recommended to use the Linux operating system and install the latest system updates and security patches. In addition, the server should have sufficient memory and processor power to ensure the high performance of the Nginx server.
Nginx can download the latest stable version from the official website https://nginx.org/en/download.html. After the download is complete, use the following command to install:
tar -zxvf nginx-1.18.0.tar.gz cd nginx-1.18.0 ./configure make sudo make install
The main configuration file of Nginx is located in /etc/nginx/nginx.conf. When making changes, make sure to back up the original files. The following is an example of a default Nginx configuration file:
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; # ... server { listen 80 default_server; listen [::]:80 default_server; root /usr/share/nginx/html; index index.html; server_name _; location / { try_files $uri $uri/ =404; } # ... } }
This file includes user and worker process configuration, log format, access log location, file transfer configuration and a default HTTP server block. The listen directive defines the port that the server block should listen on. Port 80 in this example is defined as the default server port. If the user accesses it using the IP address in the browser, Nginx will access the default file on the server and return it to the client.
The performance of Nginx depends on many factors, including server configuration and network environment. In order to optimize the performance of Nginx, you can do the following:
http { proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m; server { location ~* .(png|jpg|jpeg|gif|ico)$ { proxy_cache my_cache; proxy_pass http://backend; } } }
http { sendfile on; tcp_nopush on; tcp_nodelay on; # ... }
The security of Nginx is very important. Here are some suggestions for a secure deployment:
http { limit_req_zone $binary_remote_addr zone=my_zone:10m rate=1r/s; server { location / { limit_req zone=my_zone burst=5 nodelay; # ... } } }
http { client_max_body_size 10M; server { location /upload { # ... } } }
This article introduces the installation, configuration, optimization and safe deployment of Nginx in detail. These steps can ensure the high performance, security and stability of the Nginx server.
The above is the detailed content of Nginx secure deployment: start with server configuration. For more information, please follow other related articles on the PHP Chinese website!