Comprehensive Guide to Nginx: Architecture, Configuration, and Advanced Features

Nginx is a lightweight, high‑performance web server and reverse proxy widely used in internet projects due to its low memory consumption, fast startup, and strong concurrency capabilities.

Core Concepts

Nginx operates as an event‑driven, asynchronous, non‑blocking server. It uses a master process to listen on configured sockets and forks multiple worker processes that handle connections using an event loop (epoll), allowing a small number of processes to serve thousands of concurrent connections.

Key Advantages

Cross‑platform and simple configuration.

Non‑blocking, high‑concurrency handling (2‑5 × 10⁴ connections per worker).

Low memory usage (10 workers ≈ 150 MB).

Open‑source and cost‑effective.

Built‑in health checks and high stability.

Typical Use Cases

Standalone HTTP server for static content.

Virtual hosting multiple sites on one server.

Reverse proxy and load balancing for backend services.

API gateway and security management.

Request Processing Flow

On startup Nginx parses its configuration, creates listening sockets, forks worker processes, and each worker competes to accept new connections. After a connection is accepted, Nginx creates a ngx_connection_t structure, registers read/write events, exchanges data with the client, and finally closes the connection.

Load Balancing Algorithms

Nginx supports several upstream load‑balancing methods:

upstream backserver {
    server 192.168.0.12;
    server 192.168.0.13;
}

1. Round‑robin (default) 2. Weighted round‑robin

upstream backserver {
    server 192.168.0.12 weight=2;
    server 192.168.0.13 weight=8;
}

3. IP hash

upstream backserver {
    ip_hash;
    server 192.168.0.12:88;
    server 192.168.0.13:80;
}

4. Fair (third‑party module) and URL hash (third‑party module).

Rate Limiting (Leak Bucket)

Nginx uses the ngx_http_limit_req_module to limit request rates based on the leaky‑bucket algorithm.

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/m;
server {
    location /seckill.html {
        limit_req zone=one burst=5 nodelay;
        proxy_pass http://backend;
    }
}

For concurrent connection limits, the ngx_http_limit_conn_module can be used:

limit_conn_zone $binary_remote_addr zone=myip:10m;
server {
    location / {
        limit_conn myip 10;
    }
}

Static/Dynamic Resource Separation

Static files (HTML, CSS, JS, images) are served directly by Nginx, while dynamic requests are proxied to backend servers such as Tomcat. Example configuration:

location /image/ {
    root /usr/local/static/;
    autoindex on;
}

Compression

Enabling gzip reduces bandwidth usage for text resources.

http {
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 2;
    gzip_types text/plain application/javascript text/css application/xml;
    gzip_vary on;
}

Health Checks and High Availability

Nginx can perform health checks using built‑in proxy settings or the third‑party ngx_http_upstream_check_module to automatically remove failed upstream servers.

Additional Topics Covered

Reverse proxy vs. forward proxy concepts.

Virtual host configurations (domain‑based, port‑based, IP‑based).

Location directive syntax and regex examples.

Limiting browser access via if ($http_user_agent ~ Chrome) { return 500; }.

Obtaining current time with SSI variables.

Worker process tuning based on CPU cores.

Nginx status codes (e.g., 499, 502) and related troubleshooting.

Overall, the article serves as a practical reference for configuring Nginx as a high‑performance, secure, and scalable web server and reverse proxy.