- Published on
A Comprehensive Guide to NGINX: The High-Performance Web Server
- Authors
- Name
- Pulathisi Kariyawasam
- @RandhanaK
A Comprehensive Guide to NGINX: The High-Performance Web Server
NGINX is one of the most widely used web servers and reverse proxies in the world. It is known for its performance, scalability, and flexibility, making it an excellent choice for serving static content, acting as a load balancer, and handling reverse proxy tasks.
What is NGINX?
NGINX (pronounced "engine-x") is an open-source web server that also functions as a reverse proxy, load balancer, and HTTP cache. Unlike traditional web servers like Apache, NGINX is event-driven and asynchronous, allowing it to handle thousands of connections with minimal resources.
Installing NGINX on Linux
To install NGINX on a Debian-based Linux system (Ubuntu):
sudo apt update
sudo apt install nginx -y
For Red Hat-based systems (CentOS, RHEL):
sudo yum install epel-release -y
sudo yum install nginx -y
Start and enable NGINX:
sudo systemctl start nginx
sudo systemctl enable nginx
To check the status of NGINX:
sudo systemctl status nginx
Basic Configuration
The default configuration file for NGINX is located at /etc/nginx/nginx.conf. The main configuration settings include:
worker_processes auto;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name example.com;
root /var/www/html;
index index.html;
}
}
Reloading NGINX
After making changes to the configuration file, restart or reload NGINX:
sudo systemctl reload nginx
Setting Up NGINX as a Reverse Proxy
NGINX can act as a reverse proxy, forwarding client requests to a backend server (e.g., a Node.js or Python application).
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Load Balancing with NGINX
NGINX can distribute traffic among multiple backend servers:
upstream backend_servers {
server server1.example.com;
server server2.example.com;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_servers;
}
}
Securing NGINX with SSL/TLS
Securing your NGINX server with SSL/TLS ensures encrypted communication between clients and your server. You can use Let's Encrypt, a free and automated certificate authority, to obtain and configure SSL certificates.
Installing Certbot
First, install Certbot and the NGINX plugin:
sudo apt install certbot python3-certbot-nginx -y
Obtaining an SSL Certificate
Run the following command to request an SSL certificate for your domain:
sudo certbot --nginx -d example.com -d www.example.com
This command will automatically configure SSL for NGINX and obtain a certificate. Once completed, Certbot will update your NGINX configuration to use SSL.
Verifying SSL Configuration
You can test the SSL configuration by inspecting the generated NGINX configuration file at /etc/nginx/sites-available/example.com.
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root /var/www/html;
index index.html;
}
}
Enabling Automatic Renewal
Let's Encrypt certificates expire every 90 days, so it's essential to renew them automatically. Certbot includes a built-in renewal mechanism that runs via a cron job.
To test automatic renewal, run:
sudo certbot renew --dry-run
To ensure it runs automatically, add the renewal command to a cron job:
crontab -e
Add the following line:
0 3 * * * /usr/bin/certbot renew --quiet
This will attempt renewal every day at 3 AM.
Conclusion
NGINX is a powerful and efficient web server, reverse proxy, and load balancer. Whether you're hosting a simple website or a high-traffic application, NGINX provides the flexibility and performance needed to scale your infrastructure effectively.
For further reading, check out the official NGINX documentation.