2012/Nginx, Overview and Deployment

From Open Source Bridge Wiki
Jump to: navigation, search

As the #2 most popular web server, NGINX has gained attention because of its performance, scalability and ability to manage concurrent requests.
What are the basics that every developer needs to know about NGINX? Why would you choose Nginx over some other web server? What are typical deployment scenarios?

Speaker: Cliff Wells

Return to this session's details

Contributed notes

(Add your notes here!)

Load testing - Funkload is a great Python-based tool: http://funkload.nuxeo.org/

comparison w/apache, pound and lighttpd: leaks & too many processes

Overview of how event-driven servers work: example comparison of serial, parallel, and event-driven choices.

"Waiting efficiently is the key" - Arstechnica reader, on Nginx

Nginx doesn't catch events; the kernel does, via eg epoll

now uses aio for kernel-level event driven disk I/O

review of C10K (the problem of handling 10,000 concurrent connections) with threads: 2MB stack per, excessive context switches, excessive CPU cache misses. Other thread issues: OS/memory limitations, difficult to tune, Slowloris-type exhaustion (DOS attack via keeping lots of slow connections open), Slashdot effect. Nginx was designed in part to deal with the issue of slow clients on poor networks.

advantages of event-driven servers: - only need enough RAM to handle requests - no needless context switches - better CPU affinity, reduced cache misses

disadvantages: - no blocking allowed - can only run on a single core

Nginx: - written by Igor Sysoev - started 2002, 0.1 released 2004 - originally designed as an Apache proxy; webserver features added later - 27% of top 1000 sites run Nginx

architecture: - single master process, one or more worker processes (usually one per core) - HTTP/HTTPS/SPDY/SMTP/IMAP/POP3 - Load balancer, cache, reverse proxy - FastCGI, SCGI, uWSGI, memcached - TLSv1.1/TLSv1.2/SSL/SNI - Bandwidth, connection, and request policing

 (geolimiting his personal sites cuts out attacks!)

- runs on all major platforms - scales down to the smallest devices (RaspberryPi!) or up to the largest datacenters (some of Netflix & Wikipedia)

key missing "features": - .htaccess - CGI - embedded scripting (eg mod_php; FastCGI is an alternative) - WebDAV (but patches available; maybe 2.0?0 - Subversion support (mod_svn) - mod_suexec - no dynamic shared objects; gotta build stuff in from source (2.0, in ~12mo should address this)

Configuration overview - order of "location" matching - there are perl/lua extensions that allow dynamic configuration

Directive execution - Phases: understanding them helps figure out configuration, since directives don't execute top-down - Careful about 'if': really a special kind of location; has side effects because of phases. Can create false expectation of procedural execution. - 'if' alternatives: try_files, map - load_balancing: has builtin weighted-round-robin, but HAProxy's a good choice

Nginx 2.0: - in 12 months - SPDY (in beta now) - Websockets - improved caching features - dynamic shared object support - embedded interpreters - .htaccess