Mastering Nginx: Installation, Reverse Proxy, Load Balancing, and HTTPS Configuration

What is Nginx?

Nginx (Engine X) is a lightweight web server, reverse‑proxy server, and mail (IMAP/POP3) proxy.

Installation

Download the official package from http://nginx.org (Linux or Windows) or compile from source.

./configure
make
sudo make install

By default Nginx is installed to /usr/local/nginx. Compilation options can change the install path.

Windows installation (example for version 0.8.54):

cd C:\
cd nginx-0.8.54
start nginx

Windows builds run as a console program, not as a service.

Basic command‑line controls

nginx -s stop  Quickly stop Nginx without graceful shutdown.

nginx -s quit  Gracefully stop, preserving logs.

nginx -s reload Reload configuration after changes.

nginx -s reopen Reopen log files.

nginx -c filename Specify an alternative configuration file.

nginx -t  Test configuration syntax without starting.

nginx -v  Show Nginx version.

nginx -V  Show version, compiler, and configure parameters.

HTTP reverse‑proxy configuration

A minimal reverse‑proxy configuration (saved as nginx.conf) looks like this:

# Global settings
worker_processes 1;
error_log   logs/error.log;
pid         logs/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '[${remote_addr}] - [${remote_user}] [${time_local}] "${request}" ${status} ${body_bytes_sent} "${http_referer}" "${http_user_agent}" "${http_x_forwarded_for}"';
    access_log   logs/access.log  main;
    sendfile        on;

    upstream zp_server1 {
        server 127.0.0.1:8089;
    }

    server {
        listen       80;
        server_name  www.helloworld.com;
        index        index.html;
        root         /path/to/webapp;
        charset      utf-8;

        # Reverse‑proxy rule
        location / {
            proxy_pass http://zp_server1;
        }

        # Static file handling
        location ~ ^/(images|javascript|js|css|flash|media|static)/ {
            root /path/to/webapp;
            expires 30d;
        }
    }
}

Load‑balancing across multiple servers

Distribute traffic among several backend servers using an upstream block with optional weight parameters.

http {
    include       mime.types;
    default_type  application/octet-stream;
    access_log    /var/log/nginx/access.log;

    upstream load_balance_server {
        server 192.168.1.11:80 weight=5;
        server 192.168.1.12:80 weight=1;
        server 192.168.1.13:80 weight=6;
    }

    server {
        listen 80;
        server_name www.helloworld.com;

        location / {
            proxy_pass http://load_balance_server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_connect_timeout 90;
            proxy_send_timeout    90;
            proxy_read_timeout    90;
            proxy_buffer_size     4k;
            proxy_buffers         4 32k;
            client_max_body_size  10m;
            client_body_buffer_size 128k;
        }
    }
}

Routing multiple web applications

When a site hosts several independent apps (e.g., /finance, /product, /admin) each bound to a different port, Nginx can proxy requests based on URL prefixes.

http {
    upstream product_server { server www.helloworld.com:8081; }
    upstream admin_server   { server www.helloworld.com:8082; }
    upstream finance_server { server www.helloworld.com:8083; }

    server {
        listen 80;
        server_name www.helloworld.com;

        location / { proxy_pass http://product_server; }
        location /product/ { proxy_pass http://product_server; }
        location /admin/   { proxy_pass http://admin_server; }
        location /finance/ { proxy_pass http://finance_server; }
    }
}

HTTPS (SSL) reverse‑proxy

Configure a server block that listens on port 443 and references the certificate and key files.

server {
    listen 443 ssl;
    server_name www.helloworld.com;

    ssl_certificate     cert.pem;
    ssl_certificate_key cert.key;
    ssl_session_cache   shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        root   /root;
        index  index.html index.htm;
    }
}

Static site serving

For a pure static site, point the root directive to the directory containing the compiled assets.

worker_processes 1;

events { worker_connections 1024; }

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    gzip on;
    gzip_types text/plain application/javascript text/css image/jpeg image/gif image/png;

    server {
        listen 80;
        server_name static.zp.cn;
        location / {
            root   /app/dist;
            index  index.html;
        }
    }
}

CORS (Cross‑Origin Resource Sharing) solution

Include a snippet (e.g., enable-cors.conf) that sets the appropriate Access-Control-* headers.

# enable-cors.conf
set $ACAO '*';
if ($http_origin ~* (www\.helloworld\.com)$) {
    set $ACAO $http_origin;
}
if ($request_method = 'OPTIONS') {
    add_header Access-Control-Allow-Origin $ACAO;
    add_header Access-Control-Allow-Credentials 'true';
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}

Include the file in the main configuration for the API location:

server {
    listen 80;
    server_name www.helloworld.com;

    location ~ ^/api/ {
        include enable-cors.conf;
        proxy_pass http://api_server;
        rewrite "^/api/(.*)$" /$1 break;
    }

    location / {
        proxy_pass http://front_server;
    }
}

These examples cover the essential steps for installing Nginx, managing it via the command line, configuring HTTP/HTTPS reverse proxy, load balancing, static content serving, and CORS handling.