Reverse proxy implementation in nginx includes in-band (or passive) server health checks. If the response from a particular server fails with an error, nginx will mark this server as failed, and will try to avoid selecting this server for subsequent inbound requests for a while.

如何通俗地解释 CGI、FastCGI、php-fpm 之间的关系？

./nginx #打开 nginx nginx -s reload|reopen|stop|quit #重新加载配置|重启|停止|退出 nginx nginx -t #测试配置是否有语法错误 nginx [-?hvVtq] [-s signal] [-c filename] [-p prefix] [-g directives] -?,-h : 打开帮助信息 -v : 显示版本信息并退出 -V : 显示版本和配置选项信息，然后退出 -t : 检测配置文件是否有语法错误，然后退出 -q : 在检测配置文件期间屏蔽非错误信息 -s signal : 给一个 nginx 主进程发送信号：stop（停止）, quit（退出）, reopen（重启）, reload（重新加载配置文件） -p prefix : 设置前缀路径（默认是：/usr/local/nginx/） -c filename : 设置配置文件（默认是：/usr/local/nginx/conf/nginx.conf） -g directives : 设置配置文件外的全局指令 -s signal Send a signal to the master process. The argument signal can be one of: stop, quit, reopen, reload. The following table shows the corresponding system signals: stop SIGTERM quit SIGQUIT reopen SIGUSR1 SIGNALS The master process of nginx can handle the following signals: SIGINT, SIGTERM Shut down quickly. SIGHUP Reload configuration, start the new worker process with a new configuration, and gracefully shut down old worker processes. SIGQUIT Shut down gracefully. SIGUSR1 Reopen log files. SIGUSR2 Upgrade the nginx executable on the fly. SIGWINCH Shut down worker processes gracefully.

./nginx #打开 nginx nginx -s reload|reopen|stop|quit #重新加载配置|重启|停止|退出 nginx nginx -t #测试配置是否有语法错误 nginx [-?hvVtq] [-s signal] [-c filename] [-p prefix] [-g directives] -?,-h : 打开帮助信息 -v : 显示版本信息并退出 -V : 显示版本和配置选项信息，然后退出 -t : 检测配置文件是否有语法错误，然后退出 -q : 在检测配置文件期间屏蔽非错误信息 -s signal : 给一个 nginx 主进程发送信号：stop（停止）, quit（退出）, reopen（重启）, reload（重新加载配置文件） -p prefix : 设置前缀路径（默认是：/usr/local/nginx/） -c filename : 设置配置文件（默认是：/usr/local/nginx/conf/nginx.conf） -g directives : 设置配置文件外的全局指令 -s signal Send a signal to the master process. The argument signal can be one of: stop, quit, reopen, reload. The following table shows the corresponding system signals: stop SIGTERM quit SIGQUIT reopen SIGUSR1 SIGNALS The master process of nginx can handle the following signals: SIGINT, SIGTERM Shut down quickly. SIGHUP Reload configuration, start the new worker process with a new configuration, and gracefully shut down old worker processes. SIGQUIT Shut down gracefully. SIGUSR1 Reopen log files. SIGUSR2 Upgrade the nginx executable on the fly. SIGWINCH Shut down worker processes gracefully.

二.停止命令 1.查看进程号 登录后复制 $ ps -ef|grep nginx root 5747 1 0 May23 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx 500 12037 7886 0 10:00 pts/1 00:00:00 grep nginx nobody 25581 5747 0 Sep27 ? 00:01:16 nginx: worker process nobody 25582 5747 0 Sep27 ? 00:01:25 nginx: worker process nobody 25583 5747 0 Sep27 ? 00:02:59 nginx: worker process nobody 25584 5747 0 Sep27 ? 00:02:05 nginx: worker process1.2.3.4.5.6.7. 2.杀死进程 在进程列表里 面找master进程，它的编号就是主进程号了。这里要注意,我们服务器可能部署多个nginx服务器,可能会查到多个主进程,不要手误停错了; 登录后复制 #从容停止Nginx： $ kill -QUIT 5747 #快速停止Nginx： $ kill -TERM 5747 #强制停止Nginx：(常用) $ kill -9 5747

By default, this function reads template files in /etc/nginx/templates/*.template and outputs the result of executing envsubst to /etc/nginx/conf.d.

You should mentioned what you listed after the word try_files. Here's what I ended up using that seemed to work: try_files $uri $uri/index.html $uri.html /index.html; The /index.html at the end needs to match the fallback: 'index.html' part of your adapter-static config. Otherwise going directly to a route that doesn't have a matching file at that path -- such as any route with a dynamic param like [id] -- will result in a 404.

Here's another convenient use of try_files, as unconditional redirects to named locations. The named locations are effectively acting as subroutines, saving duplication of code.

The ngx_http_auth_jwt_module module (1.11.3) implements client authorization by validating the provided JSON Web Token (JWT) using the specified keys. JWT claims must be encoded in a JSON Web Signature (JWS) structure. The module can be used for OpenID Connect authentication.

ngx_http_access_module

The fastest way to preventively block the scripts that require prior consent is to install a module on your own server that we have developed for Apache, IIS and NGNIX. After the initial configuration, the module will autonomously block all the resources that are subject to prior consent, on all sites on that server that are using the Cookie Solution.

Using environment variables in nginx configuration

output = lustache:render("{{title}} spends {{calc}}", view_model)

1connect/nginx-config-formatter

Make text substitutions in response bodies, using both regular expressions and fixed strings, in this filter module.

nginx_substitutions_filter is a filter module which can do both regular expression and fixed string substitutions on response bodies. This module is quite different from the Nginx's native Substitution Module.

http { proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; server { location / { proxy_pass http://1.2.3.4; proxy_set_header Host $host; proxy_buffering on; proxy_cache STATIC; proxy_cache_valid 200 1d; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } } }

Default: proxy_cache off;

Default: proxy_cache_lock off;

Default: proxy_cache_lock_age 5s;

Default: proxy_cache_lock_timeout 5s;

Sets an offset in bytes for byte-range requests. If the range is beyond the offset, the range request will be passed to the proxied server and the response will not be cached.

“GET” and “HEAD” methods are always added to the list, though it is recommended to specify them explicitly.

If the value is set to off, temporary files will be put directly in the cache directory.

Cached data that are not accessed during the time specified by the inactive parameter get removed from the cache regardless of their freshness. By default, inactive is set to 10 minutes.

The special “cache manager” process monitors the maximum cache size set by the max_size parameter. When this size is exceeded, it removes the least recently used data.

Cache data are stored in files.

Default: proxy_cache_min_uses 1;

The levels parameter defines hierarchy levels of a cache: from 1 to 3

each level accepts values 1 or 2

location / { sub_filter '<a href="http://127.0.0.1:8080/' '<a href="https://$host/'; sub_filter '<img src="http://127.0.0.1:8080/' '<img src="https://$host/'; sub_filter_once on; }

proxy_set_header Accept-Encoding "";

# request will be sent to backend without uri changed # to '/' due to if location /proxy-pass-uri { proxy_pass http://127.0.0.1:8080/; set $true 1; if ($true) { # nothing } }

Is anyone aware of a lua http lib that supports keepalive?

local http = require "resty.http"
local httpc = http.new()
httpc:connect("127.0.0.1", 9081)
local response, err = httpc:request({
  path = "/proxy" .. ngx.var.request_uri, 
  method = "HEAD",
  headers = ngx.req.get_headers(),
  keepalive_timeout = 60,
  keepalive_pool = 10,
})

Also, it's always a good idea to add ipv6=off to the resolver directive when your dns server may return IPv6 addresses and your network does not support it.

Another difference about $uri and $request_uri in proxy_cache_key is $request_uri will include anchor tags part, but $uri$is_args$args will ignore it Do a curl operation : curl -I static.io/hello.htm

The proxy_buffering option tells NGINX to pass the response directly back to the client. Otherwise, it will try to buffer it in memory or on disk. I recommend this if the upstream response can be large.

set $stripped_cookie $http_cookie; if ($http_cookie ~ "(.*)(?:^|;)\s*sessionid=[^;]+(.*)$") { set $stripped_cookie $1$2; } if ($stripped_cookie ~ "(.*)(?:^|;)\s*csrftoken=[^;]+(.*)$") { set $stripped_cookie $1$2; }

location / { proxy_pass http://backend; # You may need to uncomment the following line if your redirects are relative, e.g. /foo/bar #proxy_redirect / /; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } location @handle_redirect { set $saved_redirect_location '$upstream_http_location'; proxy_pass $saved_redirect_location; }

The X-Forwarded-Proto request header helps you identify the protocol (HTTP or HTTPS) that a client used to connect to your load balancer. Your server access logs contain only the protocol used between the server and the load balancer; they contain no information about the protocol used between the client and the load balancer.

http {
    map $http_x_forwarded_proto $original_scheme {
      "" $scheme;
      default $http_x_forwarded_proto;
    }
}

I had a similar issue with nginx+passenger (for Ruby on Rails / Rack / etc.), and I confirm that by default, multiple slashes are collapsed (in both PATH_INFO and REQUEST_URI). Adding merge_slashes off; in the server context of the nginx configuration fixed it

non-blocking internal requests

      location /external/ {
        internal;
        set $upstream "";
        rewrite_by_lua_file ./lua/get_external.lua;
        resolver 8.8.8.8;
        proxy_pass $upstream;

-- strip beginning '/' from uri path
ngx.var.upstream = ngx.var.request_uri:sub(2)

set $template_root /usr/local/openresty/nginx/html/templates;

docker-openresty/alpine/Dockerfile.fat

# kill cache add_header Last-Modified $date_gmt; add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; if_modified_since off; expires off; etag off;

Because it can handle a high volume of connections, NGINX is commonly used as a reverse proxy and load balancer to manage incoming traffic and distribute it to slower upstream servers – anything from legacy database servers to microservices.

Dynamic sites, built using anything from Node.js to PHP, commonly deploy NGINX as a content cache and reverse proxy to reduce load on application servers and make the most effective use of the underlying hardware.

With its event-driven, asynchronous architecture, NGINX revolutionized how servers operate in high-performance contexts and became the fastest web server available.

NGINX has grown along with it and now supports all the components of the modern Web, including WebSocket, HTTP/2, and streaming of multiple video formats (HDS, HLS, RTMP, and others).

NGINX consistently beats Apache and other servers in benchmarks measuring web server performance.

This API function (as well as ngx.location.capture_multi) always buffers the whole response body of the subrequest in memory. Thus, you should use cosockets and streaming processing instead if you have to handle large subrequest responses.

Network I/O operations in user code should only be done through the Nginx Lua API calls as the Nginx event loop may be blocked and performance drop off dramatically otherwise. Disk operations with relatively small amount of data can be done using the standard Lua io library but huge file reading and writing should be avoided wherever possible as they may block the Nginx process significantly. Delegating all network and disk I/O operations to Nginx's subrequests (via the ngx.location.capture method and similar) is strongly recommended for maximum performance.

Nginx, by default, will consider any header that contains underscores as invalid.

While buffering can help free up the backend server to handle more requests, Nginx also provides a way to cache content from backend servers, eliminating the need to connect to the upstream at all for many requests.

local LuaSocket = require("socket") client = LuaSocket.connect("example.com", 80) client:send("GET /login.php?login=admin&pass=admin HTTP/1.0\r\nHost: example.com\r\n\r\n") while true do s, status, partial = client:receive('*a') print(s or partial) if status == "closed" then break end end client:close()

ngx.unescape_uri(str)

proxy_ssl_trusted_certificate file;

proxy_ssl_verify on

proxy_ssl_server_name on

There could be several proxy_redirect directives: proxy_redirect default; proxy_redirect http://localhost:8000/ /; proxy_redirect http://www.example.com/ /;

proxy_redirect ~*/user/([^/]+)/(.+)$ http://$1.example.com/$2;

proxy_redirect ~^.*$ /original/endpoint;

proxy_redirect $scheme://$host:$server_port/ /gitlab/;

proxy_redirect: If you need to modify the redirect (i.e. location header) being returned to the browser

ngx.log(ngx.STDERR, 'your message here')

print(a .. " World") --> Hello World

more_clear_headers

openresty/headers-more-nginx-module

header_filter_by_lua 'ngx.header.Foo = "blah"';

access_by_lua ' local res = ngx.location.capture("/auth") if res.status == ngx.HTTP_OK then return end if res.status == ngx.HTTP_FORBIDDEN then ngx.exit(res.status) end ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)

The Lua code cache can be temporarily disabled during development by switching lua_code_cache off

# map to different upstream backends based on header map $http_x_server_select $pool { default "apache"; staging "staging"; dev "development"; }

location ~* ^/proxy/(?<pschema>https?)/(?<phost>[\w.]+)(?<puri>/.*) { set $adr $pschema://$phost; rewrite .* $puri break; proxy_pass $adr;

You can only really adjust worker_connections since worker_processes is based off the number of CPUs you have available.

the product of your worker_connections and worker_processes directive settings

worker_rlimit_nofile directive. This changes the limit on the maximum number of open files

it defaults to /etc/nginx/conf.d/default.conf

resolver 8.8.8.8;

string.sub() Returns a substring (a specified portion of an existing string).

local data = ngx.req.get_body_data()

this is in /srv/www/ on the host.

This NGINX module provides mechanism to cryptographically bind HTTP cookies to client's HTTPS channel using Token Binding, as defined by following IETF drafts:

when the location is matched using regular expressions

In this configuration nginx tests only the request’s header field “Host” to determine which server the request should be routed to. If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port. In the configuration above, the default server is the first one — which is nginx’s standard default behaviour. It can also be set explicitly which server should be default, with the default_server parameter in the listen directive:

First, Nginx looks at the IP address and the port of the request. It matches this against the listen directive of each server to build a list of the server blocks that can possibly resolve the request.

The main server block directives that Nginx is concerned with during this process are the listen directive, and the server_name directive.