Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering NGINX

You're reading from   Mastering NGINX Personalize, customize and configure NGINX to meet the needs of your server

Arrow left icon
Product type Paperback
Published in Jul 2016
Publisher
ISBN-13 9781782173311
Length 320 pages
Edition 2nd Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Dimitri Aivaliotis Dimitri Aivaliotis
Author Profile Icon Dimitri Aivaliotis
Dimitri Aivaliotis
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Installing NGINX and Third-Party Modules 2. A Configuration Guide FREE CHAPTER 3. Using the mail Module 4. NGINX as a Reverse Proxy 5. Reverse Proxy Advanced Topics 6. The NGINX HTTP Server 7. NGINX for the Application Developer 8. Integrating Lua with NGINX 9. Troubleshooting Techniques A. Directive Reference
B. The Rewrite Rule Guide C. The NGINX Community D. Persisting Solaris Network Tunings
Index

Enabling various modules

Besides the http and mail modules, there are a number of other modules included in the NGINX distribution. These modules are not activated by default, but may be enabled by setting the appropriate configuration option:

--with-<module-name>_module

Table – HTTP module configure options

Option

Explanation

--with-http_ssl_module

If you need to encrypt web traffic, you will need this option to be able to use URLs beginning with https. (Requires the OpenSSL library.)

--with-http_realip_module

If your NGINX is behind an L7 load balancer or other device that passes the client's IP address in an HTTP header, you will need to enable this module. For use in situations where multiple clients appear to come from one IP address.

--with-http_addition_module

This module works as an output filter, enabling you to add content of a different location before or after that of the location itself.

--with-http_xslt_module

This module will handle transformations of XML responses, based on one or more XSLT stylesheets. (Requires the libxml2 and libxslt libraries.)

--with-http_image_filter_module

This module is able to act as a filter on images, processing them before handing them over to the client. (Requires the libgd library.)

--with-http_geoip_module

With this module, you are able to set various variables to use in configuration blocks to make decisions based on the geographic location found for a client's IP address. (Requires the MaxMind GeoIP library and the corresponding precompiled database files.)

--with-http_sub_module

This module implements a substitution filter, replacing one string in the response with another. (A word of caution: using this module implicitly disables the caching of headers.)

--with-http_dav_module

Enabling this module will activate the configuration directives for using WebDAV. Note that this module should only be enabled on a need-to-use basis, as it could present security problems if configured incorrectly.

--with-http_flv_module

If you need to be able to stream Flash video files, this module will provide pseudo-streaming.

--with-http_mp4_module

This module supports pseudo-streaming for H.264/AAC files.

--with-http_gzip_static_module

Use this module if you would like to support sending pre-compressed versions of static files when the resource is called without the .gz ending.

--with-http_gunzip_module

This module will decompress pre-compressed content for clients that do not support gzip encoding.

--with-http_random_index_module

If you would like to serve an index file chosen at random from the files in a directory, then this module needs to be enabled.

--with-http_secure_link_module

This module provides a mechanism to hash a link to a URL, so that only those with the proper password would be able to calculate the link.

--with-http_stub_status_module

Enabling this module will help you gather statistics from NGINX itself. The output can be graphed using RRDtool or something similar.

As you can see, these are all modules that build upon the http module, providing extra functionality. Enabling the modules at compile time should not affect runtime performance at all. Using the modules later in the configuration is where performance may be impacted.

I would therefore recommend the following configure options for a web accelerator/proxy:

$ ./configure --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --with-http_stub_status_module --with-openssl=${BUILD_DIR}/openssl-1.0.1p

And the following for a web server:

$ ./configure --with-http_stub_status_module

The difference lies in where NGINX will be faced with clients. The web acceleration role takes care of terminating SSL requests as well as dealing with proxied clients and making decisions based on where a client came from. The web server role only needs to provide default file serving capability.

I would recommend always enabling the stub_status module, as it provides a means of gathering metrics on how your NGINX is performing.

Disabling unused modules

There are also a number of http modules that are normally activated, but may be disabled by setting the appropriate configuration option --without-<module-name>_module. If you have no use for these modules in your configuration, you can safely disable them.

Table – Disable configure options

Option

Explanation

--without-http_charset_module

The charset module is responsible for setting the Content-Type response header, as well as converting from one charset to another.

--without-http_gzip_module

The gzip module works as an output filter, compressing content as it's delivered to the client.

--without-http_ssi_module

This module is a filter that processes Server Side Includes. If the Perl module is enabled, an additional SSI command (perl) is available.

--without-http_userid_module

The userid module enables NGINX to set cookies that can be used for client identification. The variables $uid_set and $uid_got can then be logged for user tracking.

--without-http_access_module

The access module controls access to a location based on IP address.

--without-http_auth_basic_module

This module limits access via HTTP Basic Authentication.

--without-http_autoindex_module

The autoindex module enables NGINX to generate a directory listing for directories that have no index file.

--without-http_geo_module

This module enables you to set up configuration variables based on a client's IP address and then take action on the value of those variables.

--without-http_map_module

The map module enables you to map one variable to another.

--without-http_split_clients_module

This module creates variables that can be used for A/B testing.

--without-http_referer_module

This module enables NGINX to block requests based on the Referer HTTP header.

--without-http_rewrite_module

The rewrite module allows you to change URIs based on various conditions.

--without-http_proxy_module

The proxy module allows NGINX to pass requests onto another server or group of servers.

--without-http_fastcgi_module

The FastCGI module enables NGINX to pass requests to a FastCGI server.

--without-http_uwsgi_module

This module enables NGINX to pass requests to a uWSGI server.

--without-http_scgi_module

The SCGI module enables NGINX to pass requests to an SCGI server.

--without-http_memcached_module

This module enables NGINX to interact with a memcached server, placing responses to queries into a variable.

--without-http_limit_conn_module

This module enables NGINX to set connection limits based on certain keys, usually an IP address.

--without-http_limit_req_module

With this module, NGINX can limit the request rate per key.

--without-http_empty_gif_module

The empty GIF module produces a 1 x 1-pixel in-memory transparent GIF.

--without-http_browser_module

The browser module allows for configurations based on the User-Agent HTTP request header. Variables are set based on the version found in this header.

--without-http_upstream_ip_hash_module

This module defines a set of servers that may be used in conjunction with the various proxy modules.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image