October 22, 2021
  • 6:27 am WWW-sivun vektorigrafiikan tallentaminen kuvatiedostoksi
  • 3:26 pm Windows Terminal – Microsoft 365 -hallinnan helpottaminen PowerShell-profiilein
  • 11:10 pm Microsoft 365 – Salasanan resetointi itsepalveluna (SSPR)
  • 9:12 pm Exchange Online – Roskapostin estäminen top-level domainin (TLD) perusteella
  • 11:26 pm Windows 10 – Fiddler Web Debugger Proxyn asennus ja käyttöönotto

Huomio:

Tätä konfiguraatiota käytettiin tutkimuksessa, jossa mitattiin kolmen vapaan ohjelmiston HTTP-kiihdyttimen suorituskykyä staattisten ja dynaamisten verkkosivusisältöjen tarjoamisessa.

Konfiguraatio ei ole tarkoitettu sellaisenaan suoraan käyttöönotettavaksi jo olemassa olevaan ympäristöön. Älä siis kopioi huolimattomasti tätä tuotantoon, vaan kokeile ensin testiympäristössä.

Tutkimuksen tarkemmat tiedot löytyvät tästä artikkelista:

Vapaan ohjelmiston HTTP-kiihdyttimien vaikutus verkkosivujen suorituskykyyn (Varnish, Squid, Nginx)


Asennus terminaalin komennoilla:

sudo apt update
sudo apt install nginx

sudoedit /etc/nginx/nginx.conf
sudo systemctl nginx restart

Nginxin konfiguraatio /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE

        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;

    proxy_buffering on;

    proxy_buffers 256 16k;
    proxy_buffer_size 32k;

    proxy_cache_path /var/www/ levels=1:2 keys_zone=edge-cache:10m inactive=600m max_size=1024m;  
    proxy_temp_path /var/www/tmp;
    proxy_cache_key $scheme$host$request_uri;

    proxy_cache_lock on;

    proxy_cache_revalidate on;

    proxy_cache_min_uses 3;

    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    proxy_cache_background_update on;

    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 600;

    proxy_cache_valid 200 302   1h;
    proxy_cache_valid 301        1h;
    proxy_cache_valid any        1m;

    proxy_http_version       1.1;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

    add_header  X-Cache-Status $upstream_cache_status;

    server {
        listen 80;
        #root /home/markus/public_html/static/;
        root /home/markus/public_html/dynamic/wordpress/;
        # define nginx variables
        set $do_not_cache 0;
        set $skip_reason "";
        set $bypass 0;

        # security for bypass so localhost can empty cache
        if ($remote_addr ~ "^(127.0.0.1)$") {
            set $bypass $http_secret_header;
        }

        # skip caching WordPress cookies
        if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
            set $do_not_cache 1;
            set $skip_reason Cookie;
        }

        # Don't cache URIs containing the following segments
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
            set $skip_cache 1;
            set $skip_reason URI;
        }

        location / {
        # comment out proxy_redirect if get login redirect loop
            proxy_redirect off;
            proxy_cache edge-cache;
            proxy_cache_revalidate on;     
            proxy_ignore_headers  Expires Cache-Control Set-Cookie;

            # CACHE CONFIGURATION result
            proxy_cache_bypass $bypass $do_not_cache;
            proxy_no_cache $do_not_cache;

            # httproxy exploit protection
            proxy_set_header Proxy "";

            # add forwarded for header 
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # add the WordPress hostname to avoid WordPress canonical redirect
            proxy_set_header Host $host;

            # proxy_set_header Host www.edge-hostname.com;   
            proxy_set_header Connection "";

            # pass requests to the origin backend     
            proxy_pass http://markusproto.fi:8080;
        }

        location ~* .(css|js|png|jpe?g)$ {
            expires 600h;
            add_header Cache-Control "public";
            add_header      X-Cache-Status $upstream_cache_status;

            proxy_redirect off;
                        proxy_cache edge-cache;
                        proxy_cache_revalidate on;
                        proxy_ignore_headers  Expires Cache-Control Set-Cookie;

                        # CACHE CONFIGURATION result
                        proxy_cache_bypass $bypass $do_not_cache;
                        proxy_no_cache $do_not_cache;

                        # httpoxy exploit protection
                        proxy_set_header Proxy "";

                        # add forwarded for header 
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                        # add the WordPress hostname to avoid WordPress canonical redirect
                        proxy_set_header Host $host;

                        # proxy_set_header Host www.edge-hostname.com;   
                        proxy_set_header Connection "";

                        # pass requests to the origin backend     
                        proxy_pass http://markusproto.fi:8080;
        }
    }
}

TÄTÄ DOKUMENTTIA SAA KOPIOIDA JA MUOKATA GNU GENERAL PUBLIC LICENSE (VERSIO 3 TAI UUDEMPI) MUKAISESTI. HTTP://WWW.GNU.ORG/LICENSES/GPL.HTML
MARKUS PYHÄRANTA
Markus Pyhäranta

RELATED ARTICLES
LEAVE A COMMENT