Index
Enable Nginx Modules
Configure Nginx Directives Serverwide
GeoIP2 Configurations
- client_body_buffer_size
- client_body_timeout
- client_header_buffer_size
- client_header_timeout
- keepalive_requests
- keepalive_timeout
- large_client_header_buffers
- limit_req_zone
- reset_timedout_connection
- send-timeout
- types_hash_max_size
Open File Cache Configurations
- fastcgi_buffering
- fastcgi_buffers
- fastcgi_buffer_size
- fastcgi_busy_buffers_size
- fastcgi_cache_background_update
- fastcgi_cache_path max_size
- fastcgi_cache_revalidate
- fastcgi_connect_timeout
- fastcgi_keep_conn
- fastcgi_read_timeout
- fastcgi_send_timeout
- proxy_buffering
- proxy_buffers
- proxy_buffer_size
- proxy_busy_buffers_size
- proxy_cache_background_update
- proxy_cache_path max_size
- proxy_cache_revalidate
- proxy_connect_timeout
- proxy_keep_conn
- proxy_read_timeout
- proxy_send_timeout
Configure Nginx Per Site
Enable Nginx Modules
Nginx has the ability to add new functionality through its use of modules. There is a huge range of core developed and community developed modules to enhance Nginx. Some of these modules are dynamic and can be enabled and disabled as needed.
GeoIP2 Module
The ngx_http_geoip2_module
creates variables with values from the maxmind geoip2 databases based on the client IP (default) or from a specific variable (supports both IPv4 and IPv6). Using this module you can easily filter traffic by a clients GeoIP based on country or city. Find out more here.
The GeoIp2 module makes use of the free GeoLite2 databases that are available from Maxminds website. Due to recent privacy changes all users must sign up for their own account to download and update these databases, GridPane can no longer distribute versions downloaded from our account. You can sign up for your account here.
Directive: load_module
Config location: /etc/nginx/nginx.conf
Module location: /etc/nginx/modules/ngx_http_geoip2_module.so
Module location: /etc/nginx/modules/ngx_stream_geoip2_module.so
Context: Main
Default state: off
Accepted values: on | off
Required to enable: Maxmind AccountID + Maxmind License Key
gp stack nginx geoip -on {account.id}:{license.key} gp stack nginx geoip -off
Example:
gp stack nginx geoip -on 57679:sd8Hj7kl
The Maxmind account information is only required when you first enable GeoIP2. We autogenerate a maxmind config at /etc/GeoIP.conf
and store your account details in the server ENV
so any subsequent reenabling can use these stored values. The account details allow the maxmind databases to be updated by a weekly cron.
Configure Nginx Serverwide
These changes affect Nginx directives set in the main context
, events context
or http context
, either directly in the nginx.conf
or one of the direct includes to that file. As such these cli commands will make changes that apply to all sites on the server, unless an adjustment has been made to the same directive (if allowed) at a virtual server level specific to a site.
/etc/nginx/nginx.conf
Commands do not automatically reload their changes into Nginx. You will need to run a reload command after making any change. We do not recommend automatically reloading Nginx after any change without first checking Nginx syntax for any errors. To run an Nginx syntax check run:
nginx -t
Assuming everything is correct and the syntax check passes, reload Nginx using the gp-cli
command to activate your changes:
gp ngx reload
GeoIP2 Configurations
Block/Allow countries by GeoIP2 using their ISO 3166-1 country code
Creates an Nginx mapping using the 2 letter ISO 3166-1 country codes like so:
map $geoip2_data_country_code $allowed_country
Countries are passed as a csv list of countries and their respective allowed state, yes or no with a colon delimiter. These are set in the extra.d geoip context conf file. We default to yes, so as standard it is only necessary to set those countries we wish to deny:
KP:no,GB:no
However you can pass default as a value, and change that to No, to only set countries you wish to accept:
default:no,US:yes,GB:yes
Directives: geoip
,map
Config location: /etc/nginx/common/geoip.conf
Config location: /etc/nginx/extra.d/geoip-context.conf
Context: http
Default value: yes | KP no
gp stack nginx geoip -update {iso.code}:{yes.no},{iso.code}:{yes.no}
Example:
gp stack nginx geoip -update US:no,GB:no,FR:no
This directive may only be set in the http
context and will always apply serverwide.
Remove countries from GeoIP2 mapping using their ISO 3166-1 country code
Removes countries from the following GeoIP2 mapping:
map $geoip2_data_country_code $allowed_country
Countries are passed as a csv list of countries using their 2 letter ISO 3166-1 country code, they are then removed from the extra.d geoip context conf.
KP,GB,US
Directives: geoip
,map
Config location: /etc/nginx/common/geoip.conf
Config location: /etc/nginx/extra.d/geoip-context.conf
Context: http
gp stack nginx geoip -remove {iso.code},{iso.code},{iso.code}
Example:
gp stack nginx geoip -remove US,GB,FR
This directive may only be set in the http
context and will always apply serverwide.
Configure Nginx Workers
NGINX can run multiple worker processes, each capable of processing a large number of simultaneous connections. worker_processes
is the number of NGINX worker processes. In most cases, running one worker process per CPU core works well, and we follow the recommended practice of setting this directive to auto
which achieves that. You can control how your worker processes handle workloads with the following directives.
Sets the maximum number of simultaneous connections that can be opened by a worker process.
Sets the maximum number of simultaneous connections that can be opened by a worker process. It should be kept in mind that this number includes all connections (e.g. connections with proxied servers, among others), not only connections with clients. Another consideration is that the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files, which can be changed by worker_rlimit_nofile
.
Directive: worker_connections
Config location: /etc/nginx/nginx.conf
Context: events
Default value: 8192
gp stack nginx worker -connections {integer}
Example:
gp stack nginx worker -connections 4096
This directive may only be set in the events
context and will always apply serverwide.
Change the maximum number of possible open files for worker processes
Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without restarting the main process. We default to setting this high.
Directive: worker_rlimit_nofile
Config location: /etc/nginx/nginx.conf
Context: main
Default value: Set at server provision based on available RAM
gp stack nginx worker -rlimit-nofile {integer}
Example:
gp stack nginx worker -rlimit-nofile 789022
This directive may only be set in the main
context and will always apply serverwide.
Server Name Configurations
The following directives will affect how Nginx processes the server_name
directive upon receiving requests.
Enables/disable the use of the primary server name in absolute redirects
Enables or disables the use of the primary server name, specified by the server_name directive, in absolute redirects issued by nginx. Disabling server_name_in_redirects
makes sure the server_name
(specified in each site’s virtual server block) is not used in redirects. It will instead use the name specified in the Host request header field. We default to this more secure implementation.
Directive: server_name_in_redirect
Config location: /etc/nginx/common/basics.conf
Default value: off
Accepted values: on | off
To enable:
gp stack nginx server-name -in-redirect {accepted.value}
Example:
gp stack nginx server-name -in-redirect on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the bucket size for the server names hash tables
Sets the bucket size for the server names hash tables.
Directive: server_name_hash_bucket_size
Config location: /etc/nginx/nginx.conf
Context: http
Default value: 256
Accepted values: integer memory values – 64|128|256|512 etc
gp stack nginx server-name -hash-bucket-size {accepted.integer}
Example:
gp stack nginx server-name -hash-bucket-size 512
This directive may only be set in the http
context and will always apply serverwide.
Limits Configurations
The following directives will set different limits for a variety of Nginx features.
Sets buffer size for reading client request body
Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file.
Directive: client_body_buffer_size
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: KB
Default value: 128
Accepted values: integers
gp stack nginx limits -client-body-buffer-size {accepted.integer}
Example:
gp stack nginx limits -client-body-buffer-size 64
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Define a timeout for reading client request body.
Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the request is terminated with the 408 (Request Time-out) error.
Directive: client_body_timeout
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: Seconds
Default value: 30
Accepted values: integers
gp stack nginx limits -client-body-timeout {accepted.integer}
Example:
gp stack nginx limits -client-body-timeout 60
This directive may also be adjusted in the server
context, to be applied on a site by site basis. You will need to do this manually using an include.
Sets buffer size for reading client request header
Sets buffer size for reading client request header. If a request line or a request header field does not fit into this buffer then larger buffers, configured by the large_client_header_buffers
directive, are allocated.
Directive: client_header_buffer_size
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: KB
Default value: 13
Accepted values: integers
gp stack nginx limits -client-header-buffer-size {accepted.integer}
Example:
gp stack nginx limits -client-header-buffer-size 4
This directive may also be adjusted in the server
context, to be applied on a site by site basis. You will need to do this manually using an include.
Define a timeout for reading client request header.
Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the request is terminated with the 408 (Request Time-out) error.
Directive: client_header_timeout
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: Seconds
Default value: 30
Accepted values: integers
gp stack nginx limits -client-header-timeout {accepted.integer}
Example:
gp stack nginx limits -client-header-timeout 60
This directive may also be adjusted in the server
context, to be applied on a site by site basis. You will need to do this manually using an include.
Set the maximum number of requests that can be served through one keep-alive connection
Sets the maximum number of requests that can be served through one keep-alive connection. After the maximum number of requests are made, the connection is closed. Closing connections periodically is necessary to free per-connection memory allocations.
Directive: keepalive_requests
Config location: /etc/nginx/common/limits.conf
Context: http
Default value: 5000
Accepted values: integers
gp stack nginx limits -keepalive-requests {accepted.integer}
Example:
gp stack nginx limits -keepalive-requests 500
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set a timeout during which a keep-alive client connection will stay open on the server side.
Sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. An optional second parameter can be added to set a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ. This would need to be done manually.
Directive: keepalive_timeout
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: Seconds
Default value: 30
Accepted values: integers
gp stack nginx limits -keepalive-timeout {accepted.integer}
Example:
gp stack nginx limits -keepalive-timeout 60
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the maximum number and size of buffers used for reading large client request header.
Sets the maximum number and size of buffers used for reading large client request header. A request line cannot exceed the size of one buffer, or the 414 (Request-URI Too Large) error is returned to the client. A request header field cannot exceed the size of one buffer as well, or the 400 (Bad Request) error is returned to the client. Buffers are allocated only on demand. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are released.
Directive: large_client_header_buffers
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: Buffer quantity and KB (buffer size)
Default value: 4 52
Accepted values: integers
gp stack nginx limits -large-client-header-buffers {b.quantity} {b.size}
Example:
gp stack nginx limits -large-client-header-buffers 8 28
This directive may also be adjusted in the server
context, to be applied on a site by site basis. You will need to do this manually using an include.
Set parameters for a shared memory zone to store the current number of excessive requests.
Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state stores the current number of excessive requests. GridPane servers come with 2 preconfigured zones being used to limit requests to site urls:
- Zone One: Defaults to a 10 megabyte key limit with an average request processing rate for that cannot exceed 3 request per second. This zone is used to protect the WordPress login URL primarily.
- Zone WP: Defaults to a 10 megabyte key limit with an average request processing rate for that cannot exceed 3 request per second. This zone is used to protect the WordPress admin URL, in particular the Admin-AJAX endpoint.
It is usually not necessary to adjust these request rate, as a queue and burst rate can be adjusted on a per site basis to allow for heavier request rates that may be required by some plugins. Please adjust the specific zones limit_req
using a site cli command to achieve this.
Zone One
Directive: limit_req_zone
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: MB (key store size) and Rate (requests/s)
Default value: 10 3
Accepted values: integers
gp stack nginx limits -req-zone-one {store.size.mb} {req.per.sec}
Example:
gp stack nginx limits -req-zone-one 5 2
Zone WP
Directive: limit_req_zone
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: MB (key store size) and Rate (requests/s)
Default value: 10 3
Accepted values: integers
gp stack nginx limits -req-zone-wp {store.size.mb} {req.per.sec}
Example:
gp stack nginx limits -req-zone-wp 15 6
Enable/disable the resetting of timed out connections.
Enables or disables resetting timed out connections and connections closed with the non-standard code 444 (1.15.2). The reset is performed as follows. Before closing a socket, the SO_LINGER option is set on it with a timeout value of 0. When the socket is closed, TCP RST is sent to the client, and all memory occupied by this socket is released. This helps avoid keeping an already closed socket with filled buffers in a FIN_WAIT1 state for a long time.
It should be noted that timed out keep-alive connections are closed normally.
Directive: reset_timedout_connection
Config location: /etc/nginx/common/limits.conf
Context: http
Default value: on
Accepted values: on | off
gp stack nginx limits -reset-timedout-connection {accepted.value}
Example:
gp stack nginx limits -reset-timedout-connection on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set a timeout for transmitting a response to the client.
Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.
Directive: send_timeout
Config location: /etc/nginx/common/limits.conf
Context: http
Unit: Seconds
Default value: 60
Accepted values: integer
gp stack nginx limits -send-timeout {accepted.value}
Example:
gp stack nginx limits -send-timeout 45
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the maximum size of the types hash tables.
Sets the maximum size of the types hash tables.
Directive: types_hash_max_size
Config location: /etc/nginx/common/limits.conf
Context: http
Default value: 2048
Accepted values: integer
gp stack nginx limits -types-hash-max-size {accepted.value}
Example:
gp stack nginx limits -types-hash-max-size 1024
This directive may also be adjusted in the server
context, to be applied on a site by site basis. You will need to do this manually using an include.
Open File Cache Configurations
The following directives will configure different aspects of the Nginx open file cache.
Enable and configure the open file cache
Configures an nginx cache that can store:
- open file descriptors, their sizes and modification times;
- information on existence of directories;
- file lookup errors, such as “file not found”, “no read permission”, and soon.
Caching of errors should be enabled separately by the open_file_cache_errors directive. The directive has the following parameters:
- max sets the maximum number of elements in the cache; on cache overflow the least recently used (LRU) elements are removed;
- inactive defines a timeout after which an element is removed from the cache if it has not been accessed during this time; by default, it is 60 seconds;
Directive: open_file_cache
Config location: /etc/nginx/common/limits.conf
Context: http
Units: Files (max.elements) Seconds (inactive.timeout) Default values: 5000 60
Accepted values: integer
gp stack nginx open-file-cache -max {elements} -inactive {timeout}
Example:
gp stack nginx open-file-cache -max 1000 -inactive 60
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Enable/disables the caching of file lookup errors by the open file cache.
Enables or disables caching of file lookup errors by open_file_cache
.
Directive: open_file_cache_errors
Config location: /etc/nginx/common/limits.conf
Context: http
Default values: off
Accepted values: on | off
gp stack nginx open-file-cache -errors {accepted.value}
Example:
gp stack nginx open-file-cache -errors on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Sets the minimum number of file accesses during the period configured by the open file cache.
Sets the minimum number of file accesses during the period configured by the inactive parameter of the open_file_cache
directive, required for a file descriptor to remain open in the cache.
Directive: open_file_cache_min_uses
Config location: /etc/nginx/common/limits.conf
Context: http
Default value: 1
Accepted values: integers
gp stack nginx open-file-cache -min-uses {accepted.value}
Example:
gp stack nginx open-file-cache -min-uses 2
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Sets a time after which open file cache elements should be revalidated.
Sets a time after which open_file_cache
elements should be validated.
Directive: open_file_cache_valid
Config location: /etc/nginx/common/limits.conf
Context: http
Units: Seconds Default values: 60
Accepted values: integer
gp stack nginx open-file-cache -valid {accepted.value}
Example:
gp stack nginx open-file-cache -valid 120
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
FastCGI Configurations
GridPane uses Nginx with FastCGI proxying to process client PHP requests by proxying them to a PHP-FPM server for processing. FastCGI is a protocol based on the earlier CGI, or common gateway interface, protocol that greatly improves performance by not running each request as a separate process.
The directive that Nginx uses to define the actual server to proxy to using the FastCGI protocol is fastcgi_pass
. The primary method of passing extra information when using the FastCGI protocol is with parameters, using the fastcgi_param
directive.
Fastcgi directives are configured in the following file:
/etc/nginx/conf.d/fastcgi.conf
Fastcgi parameters are configured in the following file:
/etc/nginx/fastcgi_params
The following directives will configure different aspects of the fastcgi proxying process and its management.
Enable/disable buffering of responses from the FastCGI server.
Enables or disables buffering of responses from the FastCGI server. When buffering is enabled, nginx receives a response from the FastCGI server as soon as possible, saving it into the buffers set by the fastcgi_buffer_size
and fastcgi_buffers
directives.
When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the FastCGI server. The maximum size of the data that nginx can receive from the server at a time is set by the fastcgi_buffer_size
directive.
Directive: fastcgi_buffering
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx fastcgi -buffering {accepted.value}
Example:
gp stack nginx fastcgi -buffering off
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the number and size of buffers used for reading responses from the FastCGI server.
Sets the number and size of the buffers used for reading a response from the FastCGI server, for a single connection.
Directive: fastcgi_buffers
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Units: Number (buffer.quantity) K (buffer.size)
Default values: 8 64
Accepted values: integers
gp stack nginx fastcgi -buffers {b.quantity} {b.size}
Example:
gp stack nginx fastcgi -buffers 8 16
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the buffer size used for reading the first part of the response from the FastCGI server.
Sets the size of the buffer used for reading the first part of the response received from the FastCGI server. This part usually contains a small response header.
Directive: fastcgi_buffer_size
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Units: K
Default values: 128
Accepted values: integer
gp stack nginx fastcgi -buffer-size {accepted.value}
Example:
gp stack nginx fastcgi -buffer-size 16
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Limit the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.
When buffering of responses from the FastCGI server is enabled, limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file.
Directive: fastcgi_busy_buffers_size
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Units: K
Default values: 256
Accepted values: integer
gp stack nginx fastcgi -busy-buffers-size {accepted.value}
Example:
gp stack nginx fastcgi -busy-buffers-size 64
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Update FastCGI cache in background while stale response is served.
Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to allow the usage of a stale cached response when it is being updated, we do this by using the fastcgi_cache_use_stale updating;
directive. It can also be enabled using the Cache-control: stale-*
headers.
Directive: fastcgi_cache_background_update
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx fastcgi -cache-background-update {accepted.value}
Example:
gp stack nginx fastcgi -cache-background-update off
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the maximum size of the FastCGI cache in RAM
Define the maximum amount of RAM to be used by Nginx FastCGI Caching. Sets the max_size
parameter of the fastcgi_cache_path
directive.
Directive: fastcgi_cache_path max_size
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Unit: MB Accepted value: Integer
gp stack nginx fastcgi -max-cache-size {accepted.value}
Example:
gp stack nginx fastcgi -max-cache-size 512
Enable revalidation of expired cache items using conditional requests
Enables revalidation of expired cache items using conditional requests with the If-Modified-Since
and If-None-Match
header fields.
Directive: fastcgi_cache_revalidate
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx fastcgi -cache-revalidate {accepted.value}
Example:
gp stack nginx fastcgi -cache-revalidate off
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Defines a timeout for establishing a connection with a FastCGI server.
Defines a timeout for establishing a connection with a FastCGI server. It should be noted that this timeout cannot usually exceed 75 seconds.
Directive: fastcgi_connect_timeout
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Unit: Seconds
Default values: 60
Accepted values: 1 – 75
gp stack nginx fastcgi -connect-timeout {accepted.value}
Example:
gp stack nginx fastcgi -connect-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Instruct the FastCGI server to keep connnections open to Nginx.
By default, a FastCGI server will close a connection right after sending the response. However, when this directive is set to the value on, nginx will instruct a FastCGI server to keep connections open. This is necessary, in particular, for keepalive connections to FastCGI servers to function.
Directive: fastcgi_keep_conn
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx fastcgi -keep-connections {accepted.value}
Example:
gp stack nginx fastcgi -keep-connections on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Define a timeout for reading a response from the FastCGI server.
Defines a timeout for reading a response from the FastCGI server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the FastCGI server does not transmit anything within this time, the connection is closed.
Directive: fastcgi_read_timeout
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Unit: Seconds
Default value: 60
Accepted value: Integer
gp stack nginx fastcgi -read-timeout {accepted.value}
Example:
gp stack nginx fastcgi -read-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Define a timeout for transmitting a request to the FastCGI server.
Sets a timeout for transmitting a request to the FastCGI server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the FastCGI server does not receive anything within this time, the connection is closed.
Directive: fastcgi_send_timeout
Config location: /etc/nginx/conf.d/fastcgi.conf
Context: http
Unit: Seconds
Default value: 60
Accepted value: Integer
gp stack nginx fastcgi -send-timeout {accepted.value}
Example:
gp stack nginx fastcgi -send-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Proxy Configurations
Nginx can be set up in a reverse proxy configuration that will allow an Nginx server to sit infront of another webserver and request will be passed from Nginx to the other webserver. This configuration is usually reserved for fusion stacks that have Nginx sitting infront of Apache2 or working as a load balancer. However at GridPane we use this configuration for any sites where the ModSec firewall is enabled. We run Nginx as a caching reverse proxy infront of an Nginx FastCGI instance that is filtering request through the ModSec firewall. This vastly increases the performance of sites running the ModSec firewall by only filtering requests that miss the cache, as recommended by TrustWave.
The directive that Nginx uses to define the actual server to proxy to is proxy_pass
.
Proxy directives are configured in the following file:
/etc/nginx/conf.d/proxy.conf
The following directives will configure different aspects of the Nginx caching reverse proxy and its management.
Enable/disable buffering of responses from the Proxy server.
Enables or disables buffering of responses from the Proxy server. When buffering is enabled, nginx receives a response from the Proxy server as soon as possible, saving it into the buffers set by the proxy_buffer_size
and proxy_buffers
directives.
When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the Proxy server. The maximum size of the data that nginx can receive from the server at a time is set by the proxy_buffer_size
code> directive.
Directive: proxy_buffering
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx proxy -buffering {accepted.value}
Example:
gp stack nginx proxy -buffering off
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the number and size of buffers used for reading responses from the proxy server.
Sets the number and size of the buffers used for reading a response from the proxy server, for a single connection.
Directive: proxy_buffers
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Units: Number (buffer.quantity) K (buffer.size)
Default values: 8 64
Accepted values: integers
gp stack nginx proxy -buffers {b.quantity} {b.size}
Example:
gp stack nginx proxy -buffers 8 16
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the buffer size used for reading the first part of the response from the proxy server.
Sets the size of the buffer used for reading the first part of the response received from the proxy server. This part usually contains a small response header.
Directive: proxy_buffer_size
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Units: K
Default values: 128
Accepted values: integer
gp stack nginx proxy -buffer-size {accepted.value}
Example:
gp stack nginx proxy -buffer-size 16
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Limit the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.
When buffering of responses from the proxy server is enabled, limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file.
Directive: proxy_busy_buffers_size
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Units: K
Default values: 256
Accepted values: integer
gp stack nginx proxy -busy-buffers-size {accepted.value}
Example:
gp stack nginx proxy -busy-buffers-size 64
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Update proxy cache in background while stale response is served.
Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to allow the usage of a stale cached response when it is being updated, we do this by using the proxy_cache_use_stale updating;
directive. It can also be enabled using the Cache-control: stale-*
headers.
Directive: proxy_cache_background_update
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx proxy -cache-background-update {accepted.value}
Example:
gp stack nginx proxy -cache-background-update off
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Set the maximum size of the proxy cache in RAM
Define the maximum amount of RAM to be used by Nginx Proxy Caching. Sets the max_size
parameter of the proxy_cache_path
directive.
Directive: proxy_cache_path max_size
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Unit: MB Accepted value: Integer
gp stack nginx proxy -max-cache-size {accepted.value}
Example:
gp stack nginx proxy -max-cache-size 512
Enables revalidation of expired cache items using conditional requests.
Enables revalidation of expired cache items using conditional requests with the If-Modified-Since
and If-None-Match
header fields.
Directive: proxy_cache_revalidate
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Default values: off
Accepted values: on | off
gp stack nginx proxy -cache-revalidate {accepted.value}
Example:
gp stack nginx proxy -cache-revalidate on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Defines a timeout for establishing a connection with a proxy server.
Defines a timeout for establishing a connection with a proxy server. It should be noted that this timeout cannot usually exceed 75 seconds.
Directive: proxy_connect_timeout
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Unit: Seconds
Default values: 60
Accepted values: 1 – 75
gp stack nginx proxy -connect-timeout {accepted.value}
Example:
gp stack nginx proxy -connect-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Instruct the Proxied server to keep connnections open to Nginx.
By default, a proxy server will close a connection right after sending the response. However, when this directive is set to the value on, nginx will instruct a proxied server to keep connections open. This is necessary, in particular, for keepalive connections to proxy servers to function.
Directive: proxy_keep_conn
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Default values: on
Accepted values: on | off
gp stack nginx proxy -keep-connections {accepted.value}
Example:
gp stack nginx proxy -keep-connections on
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Define a timeout for reading a response from the proxy server.
Defines a timeout for reading a response from the proxy server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxy server does not transmit anything within this time, the connection is closed.
Directive: proxy_read_timeout
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Unit: Seconds
Default value: 60
Accepted value: Integer
gp stack nginx proxy -read-timeout {accepted.value}
Example:
gp stack nginx proxy -read-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Define a timeout for transmitting a request to the proxy server.
Sets a timeout for transmitting a request to the proxy server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxy server does not receive anything within this time, the connection is closed.
Directive: proxy_send_timeout
Config location: /etc/nginx/conf.d/proxy.conf
Context: http
Unit: Seconds
Default value: 60
Accepted value: Integer
gp stack nginx proxy -send-timeout {accepted.value}
Example:
gp stack nginx proxy -send-timeout 30
This directive may also be adjusted in the server
and location
contexts, to be applied on a site by site or location by location basis. You will need to do this manually using an include.
Configure Nginx per Site
These changes affect Nginx directives set in the server context
, either directly in site specific configurations files included into the sites virtual server. As such these cli commands will make changes only to individual sites.
Site virtual server files are located here:
/etc/nginx/sites-available/{site.url}
And symlinked into here to become active:
/etc/nginx/sites-available/{site.url}
Sites also have common configuration files that are found here:
/etc/nginx/common/{site.url}-{config-name}.conf
Site Nginx Limits Configurations
The following directives will set different limits for a variety of Nginx features on a per site basis.
Set the maximum burst size request queue for when a zone rate limit has been hit.
Sets the maximum burst size of requests to queue when a zone rate limit has been hit. If the requests rate exceeds the rate configured for a zone, a queue is created from the burst number and processed with nodelay
. Any requests that exceed this rate limit and burst are dropped with a 503
error code.
- Zone One: Defaults to a 1 request burst queue when the rate limit of 1 request per second has been exceeded. This zone protects the wp-login url. We do not recommend adjusting this zone burst. Consider it your login guard.
- Zone WP: Defaults to a 6 request burst queue when the rate limit of 3 request per second has been exceeded. This zone protects the wp-admin and specifically the admin-ajax endpoint. Certain plugins that hit this endpoint at a rapid rate may need this increasing temporarily to handle the rate. We recommend lowering the burst rate again once the process has been completed.
Zone One
Directive: limit_req
Config location: /etc/nginx/common/{site.url}-wpcommon.conf
Context: server
Accepted values: integer, fqdn
gp stack nginx limits -site-zone-one-burst {queue.size} {site.url}
Example:
gp stack nginx limits -site-zone-one-burst 1 gridpane.com
Zone WP
Directive: limit_req
Config location: /etc/nginx/common/{site.url}-wpcommon.conf
Context: server
Accepted values: integer, fqdn
gp stack nginx limits -site-zone-wp-burst {queue.size} {site.url}
Example:
gp stack nginx limits -site-zone-wp-burst 20 gridpane.com
Set the maximum allowed size of the client request body
Sets the maximum allowed size of the client request body, specified in the Content-Length
request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size.
Directive: client_max_body_size
Config location: /etc/nginx/common/{site.url}-wpcommon.conf
Context: server
Unit: MB
Default value: 512
Accepted value: Integer
gp stack nginx limits -site-max-body-size {accepted.value} {site.url}
Example:
gp stack nginx limits -site-max-body-size 1024 gridpane.url
This directive may also be adjusted in the location
context, to be applied on a location by location basis. You will need to do this manually using an include.
Site FastCGI Configurations
The following directives will adjust Fastcgi settings on a site per site basis.
Sets caching expiry time for all successful requests going into FastCGI cache.
Sets caching time for all requests that return a 200
success code on a per site basis.
Directive: fastcgi_cache_valid
Config location: /etc/nginx/common/{site.url}-fcgi-cache-var.conf
Context: server
Unit: Seconds
Default value: 1
Accepted value: Integer
gp stack nginx fastcgi -site-cache-valid {accepted.value} {site.url}
Example:
gp stack nginx fastcgi -site-cache-valid 1800 gridpane.url
This directive may also be adjusted in the location
context, to be applied on a location by location basis. You will need to do this manually using an include.
Site Proxy Configurations
The following directives will adjust Proxy settings on a site per site basis.
Sets caching expiry time for all successful requests going into Proxy cache.
Sets caching time for all requests that return a 200
success code on a per site basis.
Directive: proxy_cache_valid
Config location: /etc/nginx/common/{site.url}-proxy-cache-var.conf
Context: server
Unit: Seconds
Default value: 1
Accepted value: Integer
gp stack nginx proxy -site-cache-valid {accepted.value} {site.url}
Example:
gp stack nginx proxy -site-cache-valid 1800 gridpane.com
This directive may also be adjusted in the location
context, to be applied on a location by location basis. You will need to do this manually using an include.
Sets caching expiry time for all successful requests going into Redis SRCache page cache.
Sets caching time for all requests that return a 200
success code on a per site basis.
Directive: redis2_query expire $key $cache_ttl
Config location: /etc/nginx/common/{site.url}-wp-redis.conf
Config location: /etc/nginx/common/{site.url}-proxy-http-rediscache.conf
Config location: /etc/nginx/common/{site.url}-proxy-https-rediscache.conf
Context: server
Unit: Seconds
Default value: 2592000
Accepted value: Integer
gp stack nginx redis -site-cache-valid {accepted.value} {site.url}
Example:
gp stack nginx redis -site-cache-valid 1200000 gridpane.com
This directive may also be adjusted in the location
context, to be applied on a location by location basis. You will need to do this manually using an include.