Mastering Nginx: Installation, Core Configuration, and High‑Availability Setup

What is Nginx?

Nginx (pronounced “engine x”) is a high‑performance HTTP server and reverse‑proxy that consumes little memory and can handle massive concurrency. It is used by large sites such as Baidu, JD.com, Sina, NetEase, Tencent and Taobao.

Key Roles

Web server : serves static files and can run CGI‑based languages (e.g., Perl, PHP). Java applications are typically handled via a servlet container such as Tomcat.

Reverse proxy : forwards client requests to backend services without the client being aware of the backend.

Load balancing : distributes traffic among multiple backend servers to improve reliability and scalability.

Static‑dynamic separation : isolates static resources on a dedicated server or location block, reducing load on application servers.

Required Source Packages

pcre‑8.37.tar.gz

openssl‑1.0.1t.tar.gz

zlib‑1.2.8.tar.gz

nginx‑1.11.1.tar.gz

Build and Install Steps

Extract and compile pcre:

tar -xzvf pcre-8.37.tar.gz
cd pcre-8.37
./configure
make
make install

Install development packages (example for CentOS 6):

rpm -ivh libstdc++-devel-4.4.7-17.el6.x86_64.rpm
rpm -ivh gcc-c++-4.4.7-17.el6.x86_64.rpm

Compile openssl:

tar -xzvf openssl-1.0.1t.tar.gz
cd openssl-1.0.1t
./config
make && make install

Compile zlib:

tar -xzvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make && make install

Compile nginx:

tar -xzvf nginx-1.11.1.tar.gz
cd nginx-1.11.1
./configure
make && make install

Firewall Configuration (CentOS 7 example)

firewall-cmd --list-all

Open HTTP port 80:

firewall-cmd --add-service=http --permanent
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload

Managing the Nginx Service

Start: /usr/local/nginx/sbin/nginx Stop: /usr/local/nginx/sbin/nginx -s stop Reload configuration: /usr/local/nginx/sbin/nginx -s reload To enable auto‑start, add the start command to /etc/rc.d/rc.local.

Core Configuration File ( nginx.conf )

The main file is located at /usr/local/nginx/conf/nginx.conf and consists of three logical blocks.

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}

Global Block

Sets overall server parameters such as the number of worker processes, PID file location, and log paths. The worker_processes directive controls concurrency; more workers increase capacity but are limited by hardware.

Events Block

Defines how Nginx handles network connections. The key directive worker_connections sets the maximum simultaneous connections each worker can handle (e.g., 1024).

HTTP Block

Contains most functional settings: MIME types, default content type, keep‑alive timeout, and server definitions. Inside a server block you configure listening ports, server names, and location blocks that route requests.

Location Directives

Match request URIs and apply specific handling. Common forms:

location = /exact { … }      # exact match, no regex
location ~ \.php$ { … }    # case‑sensitive regex
location ~* \.jpg$ { … }   # case‑insensitive regex
location ^~ /static/ { … } # stop further regex processing

Reverse Proxy Example

server {
    listen       80;
    server_name  localhost;
    location / {
        proxy_pass http://localhost:8001;
    }
    location ~ /demo1 {
        proxy_pass http://localhost:8001;
    }
    location ~ /demo2 {
        proxy_pass http://localhost:8002;
    }
}

Load Balancing Example

http {
    upstream myserver {
        ip_hash;
        server localhost:8080 weight=1;
        server localhost:8081 weight=1;
    }
    server {
        listen 80;
        server_name localhost;
        location / {
            proxy_pass http://myserver;
            proxy_connect_timeout 10;
        }
    }
}

Supported load‑balancing algorithms:

Round‑robin (default)

Weight‑based (higher weight → more requests)

IP‑hash (same client IP always goes to the same backend)

Fair (third‑party module, distributes based on backend response time)

Static‑Dynamic Separation

Two common approaches:

Serve static assets from a separate domain or server.

Use Nginx location blocks to separate static and dynamic requests and set expires headers (e.g., expires 3d;) for caching.

Worker Process Tuning

Each worker runs a single thread and uses asynchronous I/O, allowing one worker to handle thousands of connections. The optimal number of workers equals the number of CPU cores.

# Set number of workers
worker_processes 4;
# Bind workers to CPUs (example for 4 CPUs)
worker_cpu_affinity 0001 0010 0100 1000;

Connection Limits

The theoretical maximum concurrent connections is worker_processes × worker_connections. For HTTP/1.1 browsers that open two connections per request, the effective static‑file concurrency is roughly half that number. When Nginx acts as a reverse proxy, each client request creates two connections (client ↔ Nginx and Nginx ↔ backend), so the practical limit is worker_processes × worker_connections / 2.

High‑Availability Cluster with Keepalived

Two typical HA patterns:

Master‑slave : one active Nginx node and a standby node that takes over the virtual IP via Keepalived.

Dual‑master : two active Nginx nodes share a virtual IP, providing load balancing and failover.