Основы Nginx
Nginx — это высокопроизводительный веб-сервер, обратный прокси и балансировщик нагрузки.
▸Установка
bash
1# Ubuntu/Debian2sudo apt update && sudo apt install nginx34# macOS5brew install nginx67# Проверка конфигурации8sudo nginx -t
Базовая конфигурация
nginx
1# /etc/nginx/nginx.conf2user www-data;3worker_processes auto;4pid /run/nginx.pid;56events {7 worker_connections 1024;8}910http {11 include /etc/nginx/mime.types;12 default_type application/octet-stream;1314 sendfile on;15 tcp_nopush on;16 tcp_nodelay on;17 keepalive_timeout 65;1819 access_log /var/log/nginx/access.log;20 error_log /var/log/nginx/error.log;2122 include /etc/nginx/conf.d/*.conf;23}
Реверс-прокси
nginx
1server {2 listen 80;3 server_name example.com;45 location / {6 proxy_pass http://localhost:3000;7 proxy_http_version 1.1;8 proxy_set_header Upgrade $http_upgrade;9 proxy_set_header Connection 'upgrade';10 proxy_set_header Host $host;11 proxy_set_header X-Real-IP $remote_addr;12 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;13 proxy_set_header X-Forwarded-Proto $scheme;14 proxy_cache_bypass $http_upgrade;15 }16}
SSL/TLS
nginx
1server {2 listen 443 ssl http2;3 server_name example.com;45 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;6 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;78 ssl_protocols TLSv1.2 TLSv1.3;9 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;10 ssl_prefer_server_ciphers off;1112 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;1314 location / {15 proxy_pass http://localhost:3000;16 }17}1819# Редирект HTTP → HTTPS20server {21 listen 80;22 server_name example.com;23 return 301 https://$server_name$request_uri;24}
Балансировка нагрузки
nginx
1upstream backend {2 least_conn;34 server backend1.example.com weight=3;5 server backend2.example.com weight=2;6 server backend3.example.com backup;7}89server {10 listen 80;1112 location / {13 proxy_pass http://backend;14 }15}
▸Алгоритмы балансировки
Кэширование
nginx
1proxy_cache_path /tmp/nginx_cache levels=1:22 keys_zone=my_cache:10m max_size=10g3 inactive=60m use_temp_path=off;45server {6 location / {7 proxy_cache my_cache;8 proxy_cache_valid 200 302 10m;9 proxy_cache_valid 404 1m;10 proxy_cache_use_stale error timeout updating;1112 add_header X-Cache-Status $upstream_cache_status;1314 proxy_pass http://localhost:3000;15 }16}
Статические файлы
nginx
1server {2 listen 80;3 server_name static.example.com;45 root /var/www/static;67 location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {8 expires 1y;9 add_header Cache-Control "public, immutable";10 }11}
Gzip сжатие
nginx
1gzip on;2gzip_vary on;3gzip_proxied any;4gzip_comp_level 6;5gzip_types text/plain text/css text/xml application/json application/javascript6 application/xml+rss application/atom+xml image/svg+xml;
Rate Limiting
nginx
1limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;23server {4 location /api/ {5 limit_req zone=api burst=20 nodelay;6 proxy_pass http://localhost:3000;7 }8}
Заключение
Nginx — это надёжный и производительный инструмент для проксирования, балансировки и раздачи статических файлов. Правильная настройка SSL, кэширования и rate limiting критична для безопасности и производительности.