Comprehensive Nginx Installation, Configuration, and Optimization Guide

Installation

After extracting the source, configure and compile Nginx with a custom prefix:

[root@centos7 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx
[root@centos7 nginx-1.18.0]# make
[root@centos7 nginx-1.18.0]# make install

The --prefix option defines the installation directory (default /usr/local/nginx ) where the sbin folder will appear.

Basic Directives

listen configures the network port and address:

listen *:80      # listen on all IPv4 addresses, port 80
listen *:8080    # listen on all IPv4 addresses, port 8080
listen 192.168.1.1:80
listen 80

server_name defines virtual host names:

server_name example.com www.example.com;

It can be name‑based or IP‑based.

location matches request URIs. Syntax examples:

=/ – exact match

^~ – prefix match without regex

~ – case‑sensitive regex

~* – case‑insensitive regex

/ – generic match

location =/ { proxy_pass http://127.0.0.1:8080; }
location / { proxy_pass http://127.0.0.1:8080; }

proxy_pass forwards requests to an upstream server, e.g.:

proxy_pass http://127.0.0.1:8080;

index sets the default homepage files.

Rate Limiting

Nginx uses the leaky‑bucket algorithm for request‑rate limiting.

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

Apply the limit in a location:

limit_req zone=one burst=5 nodelay;

Parameters:

$binary_remote_addr – client IP identifier

zone=one:10m – shared memory zone

rate=1r/s – one request per second

burst=5 – buffer for burst traffic

nodelay – reject excess requests immediately

Connection Limiting

limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 1;

Limits each IP to a single concurrent connection.

Load Balancing (Upstream)

Define upstream servers and choose a balancing method:

upstream backend {
    server 192.168.37.220:8001;
    server 192.168.37.220:8002;
    server 192.168.37.220:8003;
    # round‑robin is default
}

Weight‑based:

upstream weighted {
    server localhost:10001 weight=1;
    server localhost:10002 weight=2;
}

IP‑hash (sticky per client IP):

upstream iphash {
    ip_hash;
    server localhost:10001 weight=1;
    server localhost:10002 weight=2;
}

Least connections:

upstream least_conn {
    least_conn;
    server localhost:10001 weight=1;
    server localhost:10002 weight=2;
}

Fair (response‑time based):

upstream fair {
    server localhost:10001 weight=1;
    server localhost:10002 weight=2;
    fair;
}

Static Resource Configuration

location ~.*\.(jpg|gif|png)$ {
    gzip on;
    root /usr/share/nginx/images;
}
location ~.*\.(txt|xml)$ {
    gzip on;
    root /usr/share/nginx/code;
}

Performance Tweaks

Enable keepalive connections (e.g., keepalive 32; )

Set proxy_http_version 1.1 for persistent connections

Use proxy_set_header "" to clear the Connection header

Configure sendfile on , tcp_nopush on , and tcp_nodelay on for efficient file transmission

Gzip Compression

gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript image/jpeg image/gif image/png;

CORS (Cross‑Origin Resource Sharing)

add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;

Anti‑Hotlinking

valid_referers none blocked *.imooc.com;
if ($invalid_referer) { return 404; }

The article also mentions combining LVS, Keepalived, and Nginx for high‑availability clusters, dynamic upstream updates with Consul+upsync, and provides numerous practical snippets for real‑world deployments.