NGinx Best Practices
Solution 1
By far, the best tips I have ever seen are from the author on it's pitfall page: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
Solution 2
How to combine HTTP and HTTPS blocks.
server {
listen 80;
listen 443 default ssl;
# other directives
}
This was posted as an answer to a different question. See here.
Solution 3
Generally, using "if" is a bad practice (according to author of nginx). if possible, better to use try_file of error_page directives instead "if (-f ...)"
Combining tip with maintenence.html file and tip with try_files we get:
location / { try_files /maintenance.html $uri $uri/ @wordpress; }
When maintenance ends, just mv maintenance.html from $root.
Solution 4
Configure nginx to use stronger SSL ciphers. By default, SSLv2 is enabled (which you should disable if possible).
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
http://tumblelog.jauderho.com/post/121851623/nginx-and-stronger-ssl
Solution 5
The empty_gif
module is also very useful, especially if you need monitor responses from the webserver (using nagios/monit/etc):
location /token {
empty_gif;
}
location /favicon.ico {
empty_gif;
}
location /img/1px.gif {
empty_gif;
}
Related videos on Youtube
signpainter
Updated on September 17, 2022Comments
-
signpainter almost 2 years
What best practices do you use while using NGinx?
-
Jeremy Stein about 15 yearsJust a note that this does not work for a Magento setup. Still investigating the reasons but I think it has something to do with the query string.
-
rahul286 over 14 yearslocation /wordpress must be useful when you have wordpress in subdirectory named "wordpress". What about when we have wordpress in web root "/"?
-
-
Benoit about 15 yearsDoes your exemple work only for requests with an undefined vhost or will it also work with requests with an unknown (wrong) vhost?
-
Unknown about 15 yearsyou do know that you can do server_name mysite.tld *.mysite.tld
-
signpainter about 15 yearsCan you provide a real world example for this? I still don't fully understand how it's useful.
-
Unknown about 15 years@Benoit it works for anything that is not defined.
-
Unknown about 15 years@ The Pixel Developer, its only really useful for speed. Nginx keeps the data for an empty gif in memory so it never has to load from disk.
-
SaveTheRbtz over 14 yearsalso
access_log off;
for those locations is common practice -
rahul286 over 14 yearsIs " server_name _ * " is not supported nginx 0.7 onwards?
-
Martin Fjordvald about 13 yearsPlease note this is only partially true. "" will catch a MISSING Host header, but it will not be catch a request with a Host header that doesn't match anything. If you want a catch-all server block then see the default_server flag under the listen directive.
-
Aaron Gibralter about 13 yearsThis is not ideal as /maintenance.html will be served as a 200 response. You probably want search engines to recognize that the maintenance page is not your actual website. You would probably want to return a 503 (Service Temporarily Unavailable). The only way I can figure out how to do this is with an
if (-f ...) { return 503; }
anderror_page 503 /maintenance.html
. What do you think? -
Aaron Gibralter about 13 yearsActually, I disagree -- I added a comment to serverfault.com/questions/18994/nginx-best-practices/…. Basically, you want to return a 503 error or else bots and indexers will think your maintenance page is part of your actual site... There's nothing wrong with an
if
statement if you use it correctly -- the docs say thatif
s are safe if you're just doingreturn xxx;
. -
Aaron Gibralter about 13 yearsAlso, is
location = /maintenance.html { break; }
necessary? -
womble almost 13 yearsI'd put that in the category of "ugly but occasionally necessary practice" -- certainly not something to be encouraged.