NGinx Best Practices

nginx httpd

40,271

Solution 1

By far, the best tips I have ever seen are from the author on it's pitfall page: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

Solution 2

How to combine HTTP and HTTPS blocks.

server {
    listen 80;
    listen 443 default ssl;

    # other directives
}

This was posted as an answer to a different question. See here.

Solution 3

Generally, using "if" is a bad practice (according to author of nginx). if possible, better to use try_file of error_page directives instead "if (-f ...)"

Combining tip with maintenence.html file and tip with try_files we get:

location / {
    try_files /maintenance.html $uri $uri/ @wordpress;
}

When maintenance ends, just mv maintenance.html from $root.

Solution 4

Configure nginx to use stronger SSL ciphers. By default, SSLv2 is enabled (which you should disable if possible).

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

http://tumblelog.jauderho.com/post/121851623/nginx-and-stronger-ssl

Solution 5

The empty_gif module is also very useful, especially if you need monitor responses from the webserver (using nagios/monit/etc):

location /token {
    empty_gif;
}

location /favicon.ico {
    empty_gif;
}

location /img/1px.gif {
    empty_gif;
}

View more solutions

40,271

signpainter

Updated on September 17, 2022

Comments

signpainter almost 2 years

What best practices do you use while using NGinx?
- Jeremy Stein about 15 years
  
  Just a note that this does not work for a Magento setup. Still investigating the reasons but I think it has something to do with the query string.
- rahul286 over 14 years
  
  location /wordpress must be useful when you have wordpress in subdirectory named "wordpress". What about when we have wordpress in web root "/"?
Benoit about 15 years

Does your exemple work only for requests with an undefined vhost or will it also work with requests with an unknown (wrong) vhost?
Unknown about 15 years

you do know that you can do server_name mysite.tld *.mysite.tld
signpainter about 15 years

Can you provide a real world example for this? I still don't fully understand how it's useful.
Unknown about 15 years

@Benoit it works for anything that is not defined.
Unknown about 15 years

@ The Pixel Developer, its only really useful for speed. Nginx keeps the data for an empty gif in memory so it never has to load from disk.
SaveTheRbtz over 14 years

also access_log off; for those locations is common practice
rahul286 over 14 years

Is " server_name _ * " is not supported nginx 0.7 onwards?
Martin Fjordvald about 13 years

Please note this is only partially true. "" will catch a MISSING Host header, but it will not be catch a request with a Host header that doesn't match anything. If you want a catch-all server block then see the default_server flag under the listen directive.
Aaron Gibralter about 13 years

This is not ideal as /maintenance.html will be served as a 200 response. You probably want search engines to recognize that the maintenance page is not your actual website. You would probably want to return a 503 (Service Temporarily Unavailable). The only way I can figure out how to do this is with an if (-f ...) { return 503; } and error_page 503 /maintenance.html. What do you think?
Aaron Gibralter about 13 years

Actually, I disagree -- I added a comment to serverfault.com/questions/18994/nginx-best-practices/…. Basically, you want to return a 503 error or else bots and indexers will think your maintenance page is part of your actual site... There's nothing wrong with an if statement if you use it correctly -- the docs say that ifs are safe if you're just doing return xxx;.
Aaron Gibralter about 13 years

Also, is location = /maintenance.html { break; } necessary?
womble almost 13 years

I'd put that in the category of "ugly but occasionally necessary practice" -- certainly not something to be encouraged.