Master Nginx: Status Page, Modules, Variables, Logging, SSL, Rewrite, and Advanced Proxy Techniques

Nginx Status Page

Enable the ngx_http_stub_status_module during compilation with --with-http_stub_status_module and configure a location block to expose active connections, accepts, handled, requests, reading, writing, and waiting metrics.

# nginx -V
configure arguments: ... --with-http_stub_status_module ...

Third‑Party Modules

Install the echo-nginx-module from GitHub, re‑configure Nginx with --add-module=/root/echo-nginx-module, and use directives like echo, echo_sleep, and echo_location in your server blocks.

Variables

Nginx provides built‑in variables such as $remote_addr, $scheme, $request_uri, $server_name, etc., and you can define custom variables using the set directive.

# set $name Darius;
# echo $name;

Logging

Define a default log format with log_format and optionally a JSON format for structured logging. Use access_log to write logs to a file.

log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
log_format access_json '{"@timestamp":"$time_iso8601","host":"$server_addr","clientip":"$remote_addr","size":$body_bytes_sent,"status":"$status"}';

Gzip Compression

Enable gzip with gzip on;, set compression level, minimum length, MIME types, and add Vary: Accept-Encoding header.

gzip on;
 gzip_comp_level 5;
 gzip_types text/plain application/javascript text/css image/jpeg image/png;

HTTPS

Create a self‑signed CA and server certificate, configure ssl_certificate, ssl_certificate_key, and enable listen 443 ssl. Optionally force HTTP to HTTPS with a rewrite.

# openssl req -newkey rsa:4096 -nodes -keyout ca.key -x509 -days 3650 -out ca.crt

Rewrite Rules

Use rewrite with flags permanent, redirect, last, and break to perform URL redirection, internal routing, or conditional handling.

rewrite ^/old/(.*)$ /new/$1 permanent;
if ($scheme = http) { return 301 https://$host$request_uri; }

Anti‑Hotlinking

Validate the Referer header with valid_referers and return 403 for invalid requests.

valid_referers none blocked server_names *.example.com;
if ($invalid_referer) { return 403; }

Reverse Proxy & Caching

Proxy HTTP requests to upstream servers using proxy_pass, hide upstream headers, set custom request headers, and enable caching with proxy_cache_path, proxy_cache, and cache keys.

upstream backend {
    server 192.168.36.110:80;
    server 192.168.36.106:80;
}
location /app {
    proxy_pass http://backend;
    proxy_hide_header Location;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cache mycache;
    proxy_cache_key $request_uri;
    proxy_cache_valid 200 10m;
}

Load Balancing (HTTP)

Define upstream groups with weight, max_fails, fail_timeout, and choose a scheduling method such as least_conn, ip_hash, or consistent hashing.

upstream app1 {
    least_conn;
    server 192.168.36.110:80 weight=1 max_fails=3 fail_timeout=5s;
    server 192.168.36.106:80 weight=1 max_fails=3 fail_timeout=5s;
    server 192.168.36.101:80 backup;
}

TCP/UDP Load Balancing

Use the stream context to load‑balance raw TCP services (e.g., Redis, MySQL) or UDP (DNS). Configure upstreams, health checks, and timeouts.

stream {
    upstream redis_server {
        server 192.168.36.110:6379 max_fails=3 fail_timeout=30s;
    }
    server {
        listen 192.168.36.104:6379;
        proxy_pass redis_server;
    }
}

Examples with Redis and MySQL

Deploy Redis on a backend host, expose it via Nginx TCP proxy, and connect with redis-cli -h 192.168.36.104. Similarly, proxy MySQL traffic using least_conn scheduling.

# redis-cli -h 192.168.36.104 set name darius
# mysql -uroot -p -h 192.168.36.104 -e "SHOW DATABASES;"

This guide provides a complete reference for administrators and developers to configure, secure, and scale Nginx for modern web applications.