Deep Dive on NGINX Directives
NGINX directives—from the basic to the advanced—with practical examples, recommended default values, and production tips.
NGINX’s flexibility comes from its rich set of configuration directives. In production, understanding these directives can help fine-tune performance, security, and resource management.
1. Global and Core Directives
worker_processes
Purpose: Defines the number of worker processes. , the default value is 1.
Example:
worker_processes auto;Production Tip: Use auto, as this ensures efficient utilization of system resources to match available CPU cores.
error_log
Purpose: Specifies the file where errors are logged.
Example:
error_log /var/log/nginx/error.log warn;Default/Recommended: Default is usually
error.login the installation directory; using a log level likewarnorerroris ideal for production. Use debug for issues.
include
Purpose: Allows you to include additional configuration files.
Example:
Production Tip: Modularize configurations for maintainability.
2. Events Block Directives
worker_connections
Purpose: Sets the maximum number of simultaneous connections per worker.
Example:
Default/Recommended: Default is often 512 or 1024; adjust based on traffic.
Production Tip: A higher value can help handle heavy loads, but ensure the OS limits are adjusted accordingly.
multi_accept
Purpose: Allows a worker to accept all new connections at once.
Example:
Production Tip: Helps reduce latency under high connection rates.
3. HTTP Block Directives
include (HTTP Context)
Purpose: Include MIME types and other HTTP-level configs.
Example:
Production Tip: Keep MIME types updated to ensure proper file delivery.
sendfile, tcp_nodelay, tcp_nopush
Purpose: Optimize file transfers.
Example:
Production Tip: These settings minimize latency and maximize throughput for static files.
keepalive_timeout
Purpose: Defines the timeout for persistent connections.
Example:
Default/Recommended: The default is usually 75 seconds; 65 seconds is a common production setting.
client_max_body_size
Purpose: Limits the size of client request bodies.
Example:
Production Tip: Set a sensible limit based on your application’s needs to mitigate DoS risks.
4. Server and Location Block Directives
listen and server_name
Purpose: Bind virtual hosts to specific IPs/ports and domain names.
Example:
Production Tip: Use precise names and ports to avoid ambiguity in multi-tenant environments.
root and index
Purpose: Define where static files are served from.
Example:
Production Tip: Ensure file paths match your deployment structure to prevent 404s.
error_page
Purpose: Customize responses for error codes.
Example:
Production Tip: Custom error pages enhance user experience and can hide sensitive server information.
5. URI Processing Directives
location
Purpose: Handle requests based on URI patterns.
Example:
Production Tip: Combine exact (
location =), prefix, and regex-based locations carefully to avoid unexpected matches.
rewrite
Purpose: Change request URIs using regex.
Example:
Production Tip: Use permanent redirects (
301) only when URLs have permanently changed.
try_files
Purpose: Check for the existence of files before proxying or handling errors.
Example:
Production Tip: Use
try_filesto efficiently serve static content and reduce backend load.
6. Proxying and Upstream Directives
proxy_pass
Purpose: Forward requests to a backend server or upstream group.
Example:
Production Tip: Ensure you correctly forward headers using additional directives (e.g.,
proxy_set_header) for proper client IP logging and security.
upstream
Purpose: Define groups of backend servers for load balancing.
Example:
Production Tip: Configure health checks and use weighted balancing to distribute load evenly.
proxy_set_header
Purpose: Modify or add headers when proxying.
Example:
Production Tip: Proper header forwarding is crucial for security and logging.
proxy_redirect
Purpose: Modify the “Location” header in responses from proxied servers.
Example:
Production Tip: Adjust proxy redirects to maintain client-side URL consistency.
7. FastCGI, SCGI, and uWSGI Directives
fastcgi_pass and fastcgi_param
Purpose: Forward requests to FastCGI application servers.
Example:
Production Tip: Ensure file paths and socket settings are correct; secure your FastCGI interface to prevent unauthorized access.
8. Caching and Compression Directives
proxy_cache_path and proxy_cache
Purpose: Configure caching for proxied content.
Example:
Production Tip: Monitor cache performance and configure proper expiration policies.
gzip
Purpose: Enable response compression.
Example:
Production Tip: Tweak
gzip_min_lengthandgzip_typesto balance CPU usage and bandwidth savings.
9. Security and Advanced Directives
SSL/TLS Directives
ssl_certificate and ssl_certificate_key
Purpose: Define the SSL certificate and key for secure connections.
Example:
Production Tip: Use automated certificate renewal and strong ciphers.
allow and deny
Purpose: Restrict access based on IP addresses.
Example:
Production Tip: Implement IP whitelisting for sensitive resources.
auth_basic
Purpose: Enable HTTP basic authentication.
Example:
Production Tip: For stronger security, integrate with external authentication providers.
resolver
Purpose: Specify DNS servers for resolving domain names (useful for dynamic or upstream configurations).
Example:
Default/Recommended: If not set, NGINX falls back to the system resolver. In production, explicitly setting resolvers (for example, Google DNS) improves reliability when using domain names in upstream blocks.
Production Tip: Use a short
resolver_timeoutto avoid delays, and update the DNS list as needed.
client_body_timeout and client_header_timeout
Purpose: Define timeouts for reading client request bodies and headers.
Example:
Production Tip: Shorten timeouts to mitigate slow client attacks while avoiding premature termination for legitimate users.
Last updated