informatique:nginx
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
informatique:nginx [19/03/2010 13:37] – créée cyrille | informatique:nginx [21/09/2023 11:47] (Version actuelle) – [Nginx auth request] cyrille | ||
---|---|---|---|
Ligne 5: | Ligne 5: | ||
===== Documentation ===== | ===== Documentation ===== | ||
- | http://wiki.nginx.org | + | * https:// |
- | + | * [[https:// | |
- | http:// | + | * [[http://nginx.org/ |
+ | * [[http://nginx.org/ | ||
+ | * http:// | ||
+ | | ||
[[http:// | [[http:// | ||
+ | |||
+ | ==== CGI ==== | ||
+ | |||
+ | * [[http:// | ||
+ | * [[https:// | ||
+ | * Php-fpm | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== Securité ===== | ||
+ | |||
+ | ==== WAF (Web Application Firewall) ==== | ||
+ | |||
+ | * ModSecurity | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * NAXSI (Nginx Anti Xss & Sql Injection) | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * [[https:// | ||
+ | |||
+ | ==== Autre ==== | ||
+ | |||
+ | [[/ | ||
+ | |||
+ | * Bunkerized Nginx | ||
+ | * https:// | ||
+ | * [[https:// | ||
+ | |||
===== Tips & Tricks ===== | ===== Tips & Tricks ===== | ||
+ | |||
+ | ==== Nginx auth request ==== | ||
+ | |||
+ | Nginx peut authentifier des requêtes en effectuant une requête intermédiaire auprès d'un service (//HTTP subrequest to an external server//). C'est le module '' | ||
+ | |||
+ | Utile pour servir des fichiers statiques aux seuls utilisateurs connectés ce qui évite de monopoliser un slot du moteur d' | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | ==== Letsencrypt certbot reload ==== | ||
+ | |||
+ | '' | ||
+ | |||
+ | ''/ | ||
+ | <code bash> | ||
+ | #!/bin/sh | ||
+ | # set -e | ||
+ | systemctl reload nginx | ||
+ | </ | ||
+ | |||
+ | ==== Optimize Nginx ==== | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ==== Logging ==== | ||
+ | |||
+ | * [[https:// | ||
+ | |||
+ | ==== more than one worker process ==== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | < | ||
+ | user www-data www-data; | ||
+ | # Nginx can have more than one worker process running at the same time. | ||
+ | # To take advantage of SMP and to enable good efficiency I would recommend changing this to read: | ||
+ | worker_processes | ||
+ | events { | ||
+ | worker_connections | ||
+ | } | ||
+ | http { | ||
+ | tcp_nodelay | ||
+ | include / | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Sets the number of connections that each worker can handle. This is a good default setting. | ||
+ | |||
+ | You can work out the maximum clients value from this and the worker_processes settings: | ||
+ | |||
+ | max_clients = worker_processes * worker_connections | ||
+ | |||
+ | |||
+ | Sendfile is used when the server (Nginx) can actually ignore the contents of the file it is sending. It uses the kernel sendfile support instead of using it's own resources on the request. | ||
+ | |||
+ | It is generally used for larger files (such as images) which do not need use of a multiple request/ | ||
+ | |||
+ | Keep it an on unless you know why you need to turn it off. | ||
+ | |||
+ | ==== nginx proxy cache tuiles OSM ==== | ||
+ | |||
+ | configuration nginx pour installer un cache de tuiles OSM par CQuest : https:// | ||
+ | |||
+ | < | ||
+ | # tilecache.conf | ||
+ | # conserver les tuiles dans /var/cache, pendant 24h et au maximum 16Go | ||
+ | proxy_cache_path / | ||
+ | |||
+ | server { | ||
+ | server_name tilecache.mondomaine.tld a.tilecache.mondomaine.tld b.tilecache.mondomaine.tld c.tilecache.mondomaine.tld; | ||
+ | listen 80; | ||
+ | | ||
+ | location / { | ||
+ | proxy_pass http:// | ||
+ | proxy_cache tilecache; | ||
+ | proxy_cache_valid | ||
+ | proxy_cache_valid | ||
+ | proxy_cache_lock on; | ||
+ | |||
+ | # on ajoute l'IP du client dans la requête vers le upstream | ||
+ | proxy_set_header X-Forwarded-For $remote_addr; | ||
+ | |||
+ | # on indique le status du cache dans la réponse au client | ||
+ | add_header X-Cache-Status $upstream_cache_status; | ||
+ | # si upstream down, on envoie la copie qu'on a en cache | ||
+ | proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
informatique/nginx.1269002226.txt.gz · Dernière modification : 19/05/2012 00:15 (modification externe)