Comprehensive Nginx Installation, Configuration, and Optimization Guide

Nginx Installation

After extracting the source, configure the installation directory and compile:

# ./configure --prefix=/usr/local/nginx
# make
# make install

The --prefix option defines the installation path, defaulting to /usr/local/nginx, which creates the sbin directory.

Basic Directives

listen configures the network port, e.g. listen 80; or listen *:8080;. server_name defines virtual host names, supporting name‑based ( server_name www.example.com;) and IP‑based ( server_name 192.168.1.1;) configurations. location matches request URIs with patterns such as =/ (exact), ~ (case‑sensitive regex), ~* (case‑insensitive regex), and / (fallback).

Rate Limiting

The leaky‑bucket algorithm is used via limit_req_zone and limit_req:

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req zone=one burst=5 nodelay;

limit_req_zone

creates a memory zone (10 MB) keyed by client IP; rate sets the allowed request rate. limit_req applies the zone, with burst defining a buffer for burst traffic and nodelay controlling whether excess requests are delayed or rejected.

Connection limiting uses limit_conn_zone and limit_conn to restrict simultaneous connections per IP:

limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 1;

Load Balancing

Nginx supports multiple upstream algorithms:

Round‑robin (default)

Weight‑based ( server 192.168.1.1:8001 weight=1;)

IP‑hash ( ip_hash;)

Least connections ( least_conn;)

Fair (response‑time based, fair;)

Example upstream configuration:

upstream backend {
    server 192.168.37.220:8001;
    server 192.168.37.220:8002;
    server 192.168.37.220:8003;
}

Combined with a server block:

server {
    listen 80;
    server_name www.example.com;
    location / {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header "";
    }
}

Reverse Proxy & Keepalive

Typical reverse‑proxy example forwarding www.123.com to 127.0.0.1:8080:

server {
    listen 80;
    server_name www.123.com;
    location / {
        proxy_pass http://127.0.0.1:8080;
        index index.html index.htm index.jsp;
    }
}

Enabling long connections improves throughput:

keepalive_timeout 65;
keepalive_requests 100;
proxy_http_version 1.1;
proxy_set_header Connection "";

Static Resource & Compression Settings

Serve images, text, and downloads with gzip compression and proper caching:

location ~.*\.(jpg|gif|png)$ {
    gzip on;
    root /usr/share/nginx/images;
}
location ~.*\.(txt|xml)$ {
    gzip on;
    root /usr/share/nginx/code;
}
location ~ ^/download {
    gzip_static on;
    root /opt/app/code;
}

CORS and Anti‑Leech

Cross‑origin resource sharing headers:

add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;

Prevent hot‑linking with valid_referers and a 404 response for invalid referers.

LVS + Nginx + Keepalived Architecture

Combining LVS (layer‑4 load balancer) with Nginx (layer‑7) and Keepalived provides high‑availability active‑standby Nginx nodes while LVS distributes traffic at the network layer. This reduces Nginx load and enables dynamic upstream updates via tools like Consul + upsync.

Additional Tuning

Parameters such as sendfile, tcp_nopush, tcp_nodelay, and gzip_http_version can be set at http, server, or location scopes to optimize file transmission, packet aggregation, and compression behavior.