You're reading from Mastering NGINX Personalize, customize and configure NGINX to meet the needs of your server

Product type Paperback

Published in Jul 2016

Publisher

ISBN-13 9781782173311

Length 320 pages

Edition 2nd Edition

Tools

NGINX

Concepts

Cloud Computing

Author (1):

Dimitri Aivaliotis

View More author details

Table of Contents (15) Chapters

Preface

1. Installing NGINX and Third-Party Modules FREE CHAPTER

2. A Configuration Guide

3. Using the mail Module

4. NGINX as a Reverse Proxy

5. Reverse Proxy Advanced Topics

6. The NGINX HTTP Server

7. NGINX for the Application Developer

8. Integrating Lua with NGINX

9. Troubleshooting Techniques

A. Directive Reference

B. The Rewrite Rule Guide

C. The NGINX Community

D. Persisting Solaris Network Tunings

Index

Enabling various modules

Besides the http and mail modules, there are a number of other modules included in the NGINX distribution. These modules are not activated by default, but may be enabled by setting the appropriate configuration option:

--with-<module-name>_module

Table – HTTP module configure options

Option	Explanation
`--with-http_ssl_module`	If you need to encrypt web traffic, you will need this option to be able to use URLs beginning with `https`. (Requires the OpenSSL library.)
`--with-http_realip_module`	If your NGINX is behind an L7 load balancer or other device that passes the client's IP address in an HTTP header, you will need to enable this module. For use in situations where multiple clients appear to come from one IP address.
`--with-http_addition_module`	This module works as an output filter, enabling you to add content of a different location before or after that of the location itself.
`--with-http_xslt_module`	This module will handle transformations of XML responses, based on one or more XSLT stylesheets. (Requires the libxml2 and libxslt libraries.)
`--with-http_image_filter_module`	This module is able to act as a filter on images, processing them before handing them over to the client. (Requires the `libgd` library.)
`--with-http_geoip_module`	With this module, you are able to set various variables to use in configuration blocks to make decisions based on the geographic location found for a client's IP address. (Requires the `MaxMind GeoIP` library and the corresponding precompiled database files.)
`--with-http_sub_module`	This module implements a substitution filter, replacing one string in the response with another. (A word of caution: using this module implicitly disables the caching of headers.)
`--with-http_dav_module`	Enabling this module will activate the configuration directives for using WebDAV. Note that this module should only be enabled on a need-to-use basis, as it could present security problems if configured incorrectly.
`--with-http_flv_module`	If you need to be able to stream Flash video files, this module will provide pseudo-streaming.
`--with-http_mp4_module`	This module supports pseudo-streaming for H.264/AAC files.
`--with-http_gzip_static_module`	Use this module if you would like to support sending pre-compressed versions of static files when the resource is called without the `.gz` ending.
`--with-http_gunzip_module`	This module will decompress pre-compressed content for clients that do not support `gzip` encoding.
`--with-http_random_index_module`	If you would like to serve an index file chosen at random from the files in a directory, then this module needs to be enabled.
`--with-http_secure_link_module`	This module provides a mechanism to hash a link to a URL, so that only those with the proper password would be able to calculate the link.
`--with-http_stub_status_module`	Enabling this module will help you gather statistics from NGINX itself. The output can be graphed using `RRDtool` or something similar.

As you can see, these are all modules that build upon the http module, providing extra functionality. Enabling the modules at compile time should not affect runtime performance at all. Using the modules later in the configuration is where performance may be impacted.

I would therefore recommend the following configure options for a web accelerator/proxy:

$ ./configure --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --with-http_stub_status_module --with-openssl=${BUILD_DIR}/openssl-1.0.1p

And the following for a web server:

$ ./configure --with-http_stub_status_module

The difference lies in where NGINX will be faced with clients. The web acceleration role takes care of terminating SSL requests as well as dealing with proxied clients and making decisions based on where a client came from. The web server role only needs to provide default file serving capability.

I would recommend always enabling the stub_status module, as it provides a means of gathering metrics on how your NGINX is performing.

Disabling unused modules

There are also a number of http modules that are normally activated, but may be disabled by setting the appropriate configuration option --without-<module-name>_module. If you have no use for these modules in your configuration, you can safely disable them.

Table – Disable configure options

Option	Explanation
`--without-http_charset_module`	The `charset` module is responsible for setting the `Content-Type` response header, as well as converting from one `charset` to another.
`--without-http_gzip_module`	The `gzip` module works as an output filter, compressing content as it's delivered to the client.
`--without-http_ssi_module`	This module is a filter that processes Server Side Includes. If the Perl module is enabled, an additional SSI command (`perl`) is available.
`--without-http_userid_module`	The `userid` module enables NGINX to set cookies that can be used for client identification. The variables `$uid_set` and `$uid_got` can then be logged for user tracking.
`--without-http_access_module`	The `access` module controls access to a location based on IP address.
`--without-http_auth_basic_module`	This module limits access via HTTP Basic Authentication.
`--without-http_autoindex_module`	The `autoindex` module enables NGINX to generate a directory listing for directories that have no `index` file.
`--without-http_geo_module`	This module enables you to set up configuration variables based on a client's IP address and then take action on the value of those variables.
`--without-http_map_module`	The map module enables you to map one variable to another.
`--without-http_split_clients_module`	This module creates variables that can be used for A/B testing.
`--without-http_referer_module`	This module enables NGINX to block requests based on the Referer HTTP header.
`--without-http_rewrite_module`	The `rewrite` module allows you to change URIs based on various conditions.
`--without-http_proxy_module`	The `proxy` module allows NGINX to pass requests onto another server or group of servers.
`--without-http_fastcgi_module`	The FastCGI module enables NGINX to pass requests to a FastCGI server.
`--without-http_uwsgi_module`	This module enables NGINX to pass requests to a uWSGI server.
`--without-http_scgi_module`	The SCGI module enables NGINX to pass requests to an SCGI server.
`--without-http_memcached_module`	This module enables NGINX to interact with a memcached server, placing responses to queries into a variable.
`--without-http_limit_conn_module`	This module enables NGINX to set connection limits based on certain keys, usually an IP address.
`--without-http_limit_req_module`	With this module, NGINX can limit the request rate per key.
`--without-http_empty_gif_module`	The empty GIF module produces a 1 x 1-pixel in-memory transparent GIF.
`--without-http_browser_module`	The browser module allows for configurations based on the User-Agent HTTP request header. Variables are set based on the version found in this header.
`--without-http_upstream_ip_hash_module`	This module defines a set of servers that may be used in conjunction with the various proxy modules.