Web Server
These are list of popular web server:
Nginx
Create new configuration: sudo vi /etc/nginx/sites-enabled/site_name
upstream app_servers {
server unix:/tmp/app.sock fail_timeout=0;
# TCP
# server 127.0.0.1:8008;
}
server {
listen 80;
server_name www.yr.sa;
index index.html;
location = /favicon.ico {
access_log off;
log_not_found off;
}
# Static Files
location ~ /(static|media|js|css|img)/ {
root /home/yaser/site_name/www;
# add_header 'Access-Control-Allow-Origin' "$http_origin";
access_log off;
expires 365d;
}
location /admin/ {
allow put_your_public_ip;
deny all;
proxy_pass http://app_servers;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://app_servers;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
HTTP Security Headers - A Complete Guide
Nginx Tricks:
-
Example of Redirect yr.sa to www.yr.sa
server { listen 80; server_name yr.sa; rewrite ^ http://www.yr.sa$request_uri? permanent; }
-
Prevent static hotlinking
location ~ /(static|media|js|css|img)/ { valid_referers none blocked yr.sa *.yr.sa; if ($invalid_referer) { return 403; # or redirect } root /home/yaser/site_name/www; expires 365d; }
-
Mitigating DDoS Attacks https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/ See my configration
-
Enable cache with just anonymous user(not logged in users):
sudo vi /etc/nginx/sites-enabled/site_name
#https://www.webfoobar.com/node/28
#https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching
#https://serversforhackers.com/nginx-caching/
#https://www.nginx.com/blog/nginx-caching-guide/
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=my_zone:10m max_size=10g inactive=30m;
# use_temp_path=off -> NGINX version 1.7.10
proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
proxy_cache_valid 200 302 1m;
proxy_cache_valid 404 1m;
proxy_no_cache $cookie_sessionid;
proxy_cache_bypass $cookie_sessionid;
server {
...
location / {
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
...
}
...
}
Tunning Nginx: grep processor /proc/cpuinfo | wc -l
To get the number of CPU cores.
good resource: https://blog.codeship.com/tuning-nginx/
- worker_processes: Set it to the number of CPU cores or set it auto to do that for you.
- worker_connections: number of connections that each worker can handle. Each browser open at least 2 connections. on your terminal type ‘ulimit -n’ and use the same value. Max clients = worker_connections * worker_processes.
- use epoll: essential for linux, optmized to serve many clients with each thread
- multi_accept on: worker will try to accept all new connections at one time.
sudo vi /etc/nginx/nginx.conf
worker_processes auto;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
Nginx nginx_status:
- Active connections
- Reading
- Writing
- Waiting
Waiting = Active connections - (Reading + Writing)
More Resources:
Apache2
Create new configration:
sudo vi /etc/apache2/sites-enabled/site_name
Sample configuration:
Varnish:
Install varnish 4.0:
apt-get install apt-transport-https
curl https://repo.varnish-cache.org/GPG-key.txt | apt-key add -
echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0" >> /etc/apt/sources.list.d/varnish-cache.list
apt-get update
apt-get install varnish
https://www.linode.com/docs/websites/varnish/getting-started-with-varnish-cache
sudo vi /etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "80";
}
see varnish varnishlog
Good resources:
Ref: