Master Nginx: Installation, Configuration, Load Balancing & Caching
This guide walks you through setting up Nginx on CentOS, explains its core features such as event‑driven architecture, lightweight modules, and CPU affinity, then demonstrates practical scenarios like static asset serving, browser caching, cross‑origin handling, anti‑hotlinking, reverse proxy, load balancing algorithms, and proxy caching with detailed configuration examples.
Environment Preparation
Server: CentOS 7.2. Ensure network connectivity, yum availability, firewalld stopped, and SELinux set to permissive.
# Check firewalld status
systemctl status firewalld.service
# Stop firewalld temporarily
systemctl stop firewalld.service
# Check SELinux status
getenforce
# Set SELinux to permissive temporarily
setenforce 0
# Install required tools
yum -y install gcc gcc-c++ autoconf pcre pcre-devel make automake wget httpd-tools vimWhat is Nginx?
Nginx is an open‑source, high‑performance HTTP server and reverse‑proxy middleware. It uses an event‑driven architecture (epoll) and supports modular extensions.
Key Advantages
Event‑driven I/O (epoll) – efficiently handles many concurrent connections.
Lightweight core – only essential HTTP modules are built‑in; additional features are added as dynamic modules.
CPU affinity – worker processes can be bound to specific CPU cores to reduce cache misses.
Installation (LNMP package)
The LNMP one‑click package installs Nginx, PHP and MySQL.
wget -c http://soft.vpser.net/lnmp/lnmp1.4.tar.gz && \
tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && \
./install.sh lnmp
# Default installation prefix
/usr/localBasic nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
access_log /usr/local/access.log main;
server {
listen 80;
server_name localhost;
location / {
root /path/to/your/site;
index index.html index.htm;
}
error_page 500 504 /50x.html;
location = /50x.html {
root /path/to/error/pages;
}
}
}Multiple server blocks can be defined inside the http block to host virtual hosts.
Static Asset Service
Serve HTML, CSS, JS, images, video, and generic files directly.
location ~ \.(html|htm)$ {
expires 12h;
}Browser Caching
Use expires or Cache‑Control headers. Nginx automatically adds ETag and Last‑Modified. Subsequent requests with If-Modified-Since or If-None-Match may receive 304 Not Modified.
Cross‑Origin Resource Sharing (CORS)
location ~ \.(html|htm)$ {
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS";
# add_header Access-Control-Allow-Credentials "true"; # use specific origin when enabled
}Anti‑Hotlinking
location ~ \.(jpg|gif|png)$ {
valid_referers none blocked 127.0.0.1;
if ($invalid_referer) {
return 403;
}
}Reverse Proxy
server {
listen 80;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
}
}Load Balancing
upstream backend {
server 127.0.0.2;
server 127.0.0.3;
# optional parameters: weight=5, max_fails=3, fail_timeout=30s, backup, down
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
include proxy.conf;
}
}Supported scheduling algorithms: round‑robin (default), weighted round‑robin, ip_hash, least_conn, hash $request_uri (url_hash).
Proxy Caching
http {
proxy_cache_path /var/www/cache levels=1:2 keys_zone=test_cache:10m \
max_size=10g inactive=60m use_temp_path=off;
server {
location / {
proxy_cache test_cache;
proxy_cache_valid 200 304 12h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
add_header X-Cache-Status $upstream_cache_status;
}
}
}To bypass caching for login or registration URLs:
if ($request_uri ~ ^/(login|register)) { set $nocache 1; }
location / {
proxy_no_cache $nocache $arg_nocache $arg_comment $http_pragma $http_authorization;
}Slice Module (large file chunking)
Available from Nginx 1.9. Use the slice directive to split large files into smaller chunks.
slice 1m; # each chunk 1 MiBCommon Configuration Questions
Duplicate server_name
If multiple server blocks define the same server_name, Nginx uses the configuration that is read last (order of include files matters).
Location Matching Priority
= # exact match
^~ # prefix match, stop further search
~ # case‑sensitive regex
~* # case‑insensitive regexUsing try_files
location / {
try_files $uri $uri/ /index.php;
}alias vs root
# root example
location /request_path/image/ {
root /local_path/image/; # maps to /request_path/image/local_path/image/...
}
# alias example
location /request_path/image/ {
alias /local_path/image/; # maps directly to /local_path/image/...
}Preserving Real Client IP
# First proxy
set $x_real_ip $remote_addr;
# Last proxy
real_ip $x_real_ip;Typical Error Codes
413 – Request Entity Too Large (adjust client_max_body_size)
503 – Bad Gateway (backend not responding)
504 – Gateway Timeout (backend timed out)
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
ITPUB
Official ITPUB account sharing technical insights, community news, and exciting events.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.