Huomio:
Tätä konfiguraatiota käytettiin tutkimuksessa, jossa mitattiin kolmen vapaan ohjelmiston HTTP-kiihdyttimen suorituskykyä staattisten ja dynaamisten verkkosivusisältöjen tarjoamisessa.
Konfiguraatio ei ole tarkoitettu sellaisenaan suoraan käyttöönotettavaksi jo olemassa olevaan ympäristöön. Älä siis kopioi huolimattomasti tätä tuotantoon, vaan kokeile ensin testiympäristössä.
Tutkimuksen tarkemmat tiedot löytyvät tästä artikkelista:
Vapaan ohjelmiston HTTP-kiihdyttimien vaikutus verkkosivujen suorituskykyyn (Varnish, Squid, Nginx)
Asennus terminaalin komennoilla:
sudo apt update sudo apt install nginx sudoedit /etc/nginx/nginx.conf sudo systemctl nginx restart
Nginxin konfiguraatio /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
proxy_buffering on;
proxy_buffers 256 16k;
proxy_buffer_size 32k;
proxy_cache_path /var/www/ levels=1:2 keys_zone=edge-cache:10m inactive=600m max_size=1024m;
proxy_temp_path /var/www/tmp;
proxy_cache_key $scheme$host$request_uri;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_http_version 1.1;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
add_header X-Cache-Status $upstream_cache_status;
server {
listen 80;
#root /home/markus/public_html/static/;
root /home/markus/public_html/dynamic/wordpress/;
# define nginx variables
set $do_not_cache 0;
set $skip_reason "";
set $bypass 0;
# security for bypass so localhost can empty cache
if ($remote_addr ~ "^(127.0.0.1)$") {
set $bypass $http_secret_header;
}
# skip caching WordPress cookies
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
set $skip_reason Cookie;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
set $skip_cache 1;
set $skip_reason URI;
}
location / {
# comment out proxy_redirect if get login redirect loop
proxy_redirect off;
proxy_cache edge-cache;
proxy_cache_revalidate on;
proxy_ignore_headers Expires Cache-Control Set-Cookie;
# CACHE CONFIGURATION result
proxy_cache_bypass $bypass $do_not_cache;
proxy_no_cache $do_not_cache;
# httproxy exploit protection
proxy_set_header Proxy "";
# add forwarded for header
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add the WordPress hostname to avoid WordPress canonical redirect
proxy_set_header Host $host;
# proxy_set_header Host www.edge-hostname.com;
proxy_set_header Connection "";
# pass requests to the origin backend
proxy_pass http://markusproto.fi:8080;
}
location ~* .(css|js|png|jpe?g)$ {
expires 600h;
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
proxy_redirect off;
proxy_cache edge-cache;
proxy_cache_revalidate on;
proxy_ignore_headers Expires Cache-Control Set-Cookie;
# CACHE CONFIGURATION result
proxy_cache_bypass $bypass $do_not_cache;
proxy_no_cache $do_not_cache;
# httpoxy exploit protection
proxy_set_header Proxy "";
# add forwarded for header
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add the WordPress hostname to avoid WordPress canonical redirect
proxy_set_header Host $host;
# proxy_set_header Host www.edge-hostname.com;
proxy_set_header Connection "";
# pass requests to the origin backend
proxy_pass http://markusproto.fi:8080;
}
}
}