NGINX is a production-grade web server that sits between the external web and your backend infrastructure. It can be configured to be a simple web server that just serves static content, or it can be used in more sophisticated architectures as a load balancer, reverse proxy, HTTP cache, and other roles. An alternative to Nginx is Apache HTTP Server.
This page assumes that NGINX is installed on a Linux machine.
Nginx configuration files contain a custom language consisting of directives. See the list of all directives. Directives can reference variables. See the list of all variables.
The primary Nginx configuration file is available at
# Example nginx.conf
server blocks mean you’re hosting multiple services (websites, for example).
# NGINX Architecture
Notes taken from the official blog on Nginx’s architecture.
Nginx follows an event-driven master-slave architecture. Running Nginx involves spawning a master process and worker processes (which you can see via
ps -ax | grep -i nginx). Nginx also manages a set of caches which it will check before actually sending the request through to the backend infrastructure.
The worker processes are responsible for listening to and establishing new connections, and handling requests by talking to the upstream services in the backend infrastructure (eg. your API server). Ever worker process is single-threaded which reduces context switching on the CPU. This is an important design decision because a multi-threaded process at very high traffic would cause so much constant context switching that it seriously degrades performance. Allocating one worker process per CPU core is the most resource-efficient configuration and can be done through the directive:
The worker processes implement the following state machine:
# NGINX CLI
Nginx installations ship with a simple
nginx CLI that lets you send signals the the nginx master and worker processes. I mainly find these commands useful:
Let’s Encrypt is a non-profit CA, trusted by most major browsers, that provides digital certificates for free! It relies on donations/sponsorships. Essentially, it makes SSL/TLS available to everyone for free.
certbot CLI, you can provision or renew SSL certificates and have them automatically write in the nginx configuration for you:
Note: make sure you’ve:
- Have ownership over the domain
- Created DNS records that point
www.example.comto the nginx server’s host machine’s IP address.
- Have a
serverblock in your nginx config files that specify
server_name example.com www.example.combecause that is what certbot uses to find the configuration file to write to.