[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-70834":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":16,"starSnapshotCount":16,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},70834,"nginx-admins-handbook","trimstray\u002Fnginx-admins-handbook","trimstray","How to improve NGINX performance, security, and other important things.","",null,"Shell",14180,1123,347,3,0,9,34,44.15,"MIT License",false,"master",[24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"best-practices","cheatsheet","hacks","handbook","http","https","nginx","nginx-configuration","nginx-proxy","notes","openresty","performance","reference","security","snippets","ssllabs","tengine","2026-06-12 02:02:44","\u003Cdiv align=\"center\">\n \u003Ch1>Nginx Admin's Handbook\u003C\u002Fh1>\n\u003C\u002Fdiv>\n\n\u003Cdiv align=\"center\">\n \u003Cb>\u003Ccode>My notes on NGINX administration basics, tips & tricks, caveats, and gotchas.\u003C\u002Fcode>\u003C\u002Fb>\n\u003C\u002Fdiv>\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fwww.hostingadvice.com\u002Fhow-to\u002Fnginx-vs-apache\u002F\">\n \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Ftrimstray\u002Fnginx-admins-handbook\u002Fblob\u002Fmaster\u002Fstatic\u002Fimg\u002Fnginx_meme.png\" alt=\"Meme\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Csup>\n \u003Ci>\n Hi-diddle-diddle, he played on his\u003Cbr>\n fiddle and danced with lady pigs.\u003Cbr>\n Number three said, \"Nicks on tricks!\u003Cbr>\n I'll build my house with \u003Cb>EN-jin-EKS\u003C\u002Fb>!\".\u003Cbr>\n \u003Ca href=\"https:\u002F\u002Fg.co\u002Fkgs\u002FHCcQVz\">The Three Little Pigs: Who's Afraid of the Big Bad Wolf?\u003C\u002Fa>\n \u003C\u002Fi>\n \u003C\u002Fsup>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftrimstray\u002Fnginx-admins-handbook\u002Fpulls\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg?longCache=true\" alt=\"Pull Requests\">\n \u003C\u002Fa>\n \u003Ca href=\"LICENSE.md\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-lightgrey.svg?longCache=true\" alt=\"MIT License\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n****\n\n# Table of Contents\n\n- **[Introduction](#introduction)**\u003Ca id=\"toc-introduction\">\u003C\u002Fa>\n * [Prologue](#prologue)\n * [Why I created this handbook](#why-i-created-this-handbook)\n * [Who this handbook is for](#who-this-handbook-is-for)\n * [Before you start](#before-you-start)\n * [Contributing & Support](#contributing--support)\n * [RSS Feed & Updates](#rss-feed--updates)\n * [Checklist to rule them all](#checklist-to-rule-them-all)\n- **[Bonus Stuff](#bonus-stuff)**\u003Ca id=\"toc-bonus-stuff\">\u003C\u002Fa>\n * [Configuration reports](#configuration-reports)\n * [SSL Labs](#ssl-labs)\n * [Mozilla Observatory](#mozilla-observatory)\n * [Printable hardening cheatsheets](#printable-hardening-cheatsheets)\n * [Fully automatic installation](#fully-automatic-installation)\n * [Static error pages generator](#static-error-pages-generator)\n * [Server names parser](#server-names-parser)\n- **[Books](#books)**\u003Ca id=\"toc-books\">\u003C\u002Fa>\n * [Nginx Essentials](#nginx-essentials)\n * [Nginx Cookbook](#nginx-cookbook)\n * [Nginx HTTP Server](#nginx-http-server)\n * [Nginx High Performance](#nginx-high-performance)\n * [Mastering Nginx](#mastering-nginx)\n * [ModSecurity 3.0 and NGINX: Quick Start Guide](#modsecurity-30-and-nginx-quick-start-guide)\n * [Cisco ACE to NGINX: Migration Guide](#cisco-ace-to-nginx-migration-guide)\n- **[External Resources](#external-resources)**\u003Ca id=\"toc-external-resources\">\u003C\u002Fa>\n * [Nginx official](#nginx-official)\n * [Nginx distributions](#nginx-distributions)\n * [Comparison reviews](#comparison-reviews)\n * [Cheatsheets & References](#cheatsheets--references)\n * [Performance & Hardening](#performance--hardening)\n * [Presentations & Videos](#presentations--videos)\n * [Playgrounds](#playgrounds)\n * [Config generators](#config-generators)\n * [Config parsers](#config-parsers)\n * [Config managers](#config-managers)\n * [Static analyzers](#static-analyzers)\n * [Log analyzers](#log-analyzers)\n * [Performance analyzers](#performance-analyzers)\n * [Builder tools](#builder-tools)\n * [Benchmarking tools](#benchmarking-tools)\n * [Debugging tools](#debugging-tools)\n * [Security & Web testing tools](#security--web-testing-tools)\n * [Development](#development)\n * [Online & Web tools](#online--web-tools)\n * [Other stuff](#other-stuff)\n- **[What's next?](#whats-next)**\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Other chapters\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n- **[HTTP Basics](doc\u002FHTTP_BASICS.md#http-basics)**\u003Ca id=\"toc-http-basics\">\u003C\u002Fa>\n * [Introduction](doc\u002FHTTP_BASICS.md#introduction-1)\n * [Features and architecture](doc\u002FHTTP_BASICS.md#features-and-architecture)\n * [HTTP\u002F2](doc\u002FHTTP_BASICS.md#http2)\n * [How to debug HTTP\u002F2?](doc\u002FHTTP_BASICS.md#how-to-debug-http2)\n * [HTTP\u002F3](doc\u002FHTTP_BASICS.md#http3)\n * [URI vs URL](doc\u002FHTTP_BASICS.md#uri-vs-url)\n * [Connection vs request](doc\u002FHTTP_BASICS.md#connection-vs-request)\n * [HTTP Headers](doc\u002FHTTP_BASICS.md#http-headers)\n * [Header compression](#header-compression)\n * [HTTP Methods](doc\u002FHTTP_BASICS.md#http-methods)\n * [Request](doc\u002FHTTP_BASICS.md#request)\n * [Request line](doc\u002FHTTP_BASICS.md#request-line)\n * [Methods](doc\u002FHTTP_BASICS.md#methods)\n * [Request URI](doc\u002FHTTP_BASICS.md#request-uri)\n * [HTTP version](doc\u002FHTTP_BASICS.md#http-version)\n * [Request header fields](doc\u002FHTTP_BASICS.md#request-header-fields)\n * [Message body](doc\u002FHTTP_BASICS.md#message-body)\n * [Generate requests](doc\u002FHTTP_BASICS.md#generate-requests)\n * [Response](doc\u002FHTTP_BASICS.md#response)\n * [Status line](doc\u002FHTTP_BASICS.md#status-line)\n * [HTTP version](doc\u002FHTTP_BASICS.md#http-version-1)\n * [Status codes and reason phrase](doc\u002FHTTP_BASICS.md#status-codes-and-reason-phrase)\n * [Response header fields](doc\u002FHTTP_BASICS.md#response-header-fields)\n * [Message body](doc\u002FHTTP_BASICS.md#message-body-1)\n * [HTTP client](doc\u002FHTTP_BASICS.md#http-client)\n * [IP address shortcuts](doc\u002FHTTP_BASICS.md#ip-address-shortcuts)\n * [Back-End web architecture](doc\u002FHTTP_BASICS.md#back-end-web-architecture)\n * [Useful video resources](doc\u002FHTTP_BASICS.md#useful-video-resources)\n- **[SSL\u002FTLS Basics](doc\u002FSSL_TLS_BASICS.md#ssltls-basics)**\u003Ca id=\"toc-ssltls-basics\">\u003C\u002Fa>\n * [Introduction](doc\u002FSSL_TLS_BASICS.md#introduction-2)\n * [TLS versions](doc\u002FSSL_TLS_BASICS.md#tls-versions)\n * [TLS handshake](doc\u002FSSL_TLS_BASICS.md#tls-handshake)\n * [In which layer is TLS situated within the TCP\u002FIP stack?](doc\u002FSSL_TLS_BASICS.md#in-which-layer-is-tls-situated-within-the-tcpip-stack)\n * [RSA and ECC keys\u002Fcertificates](doc\u002FSSL_TLS_BASICS.md#rsa-and-ecc-keyscertificates)\n * [Cipher suites](doc\u002FSSL_TLS_BASICS.md#cipher-suites)\n * [Authenticated encryption (AEAD) cipher suites](doc\u002FSSL_TLS_BASICS.md#authenticated-encryption-aead-cipher-suites)\n * [Why cipher suites are important?](doc\u002FSSL_TLS_BASICS.md#why-cipher-suites-are-important)\n * [What does insecure, weak, secure and recommended mean?](doc\u002FSSL_TLS_BASICS.md#what-does-insecure-weak-secure-and-recommended-mean)\n * [NGINX and TLS 1.3 Cipher Suites](doc\u002FSSL_TLS_BASICS.md#nginx-and-tls-13-cipher-suites)\n * [Diffie-Hellman key exchange](doc\u002FSSL_TLS_BASICS.md#diffie-hellman-key-exchange)\n * [What exactly is the purpose of these DH Parameters?](doc\u002FSSL_TLS_BASICS.md#what-exactly-is-the-purpose-of-these-dh-parameters)\n * [Certificates](doc\u002FSSL_TLS_BASICS.md#certificates)\n * [Chain of Trust](doc\u002FSSL_TLS_BASICS.md#chain-of-trust)\n * [What is the main purpose of the Intermediate CA?](doc\u002FSSL_TLS_BASICS.md#what-is-the-main-purpose-of-the-intermediate-ca)\n * [Single-domain](doc\u002FSSL_TLS_BASICS.md#single-domain)\n * [Multi-domain](doc\u002FSSL_TLS_BASICS.md#multi-domain)\n * [Wildcard](doc\u002FSSL_TLS_BASICS.md#wildcard)\n * [Wildcard SSL doesn't handle root domain?](doc\u002FSSL_TLS_BASICS.md#wildcard-ssl-doesnt-handle-root-domain)\n * [HTTPS with self-signed certificate vs HTTP](doc\u002FSSL_TLS_BASICS.md#https-with-self-signed-certificate-vs-http)\n * [TLS Server Name Indication](doc\u002FSSL_TLS_BASICS.md#tls-server-name-indication)\n * [Verify your SSL, TLS & Ciphers implementation](doc\u002FSSL_TLS_BASICS.md#verify-your-ssl-tls--ciphers-implementation)\n * [Useful video resources](doc\u002FSSL_TLS_BASICS.md#useful-video-resources)\n- **[NGINX Basics](doc\u002FNGINX_BASICS.md#nginx-basics)**\u003Ca id=\"toc-nginx-basics\">\u003C\u002Fa>\n * [Directories and files](doc\u002FNGINX_BASICS.md#directories-and-files)\n * [Commands](doc\u002FNGINX_BASICS.md#commands)\n * [Processes](doc\u002FNGINX_BASICS.md#processes)\n * [CPU pinning](doc\u002FNGINX_BASICS.md#cpu-pinning)\n * [Shutdown of worker processes](doc\u002FNGINX_BASICS.md#shutdown-of-worker-processes)\n * [Configuration syntax](doc\u002FNGINX_BASICS.md#configuration-syntax)\n * [Comments](doc\u002FNGINX_BASICS.md#comments)\n * [End of lines](doc\u002FNGINX_BASICS.md#end-of-lines)\n * [Variables, Strings, and Quotes](doc\u002FNGINX_BASICS.md#variables-strings-and-quotes)\n * [Directives, Blocks, and Contexts](doc\u002FNGINX_BASICS.md#directives-blocks-and-contexts)\n * [External files](doc\u002FNGINX_BASICS.md#external-files)\n * [Measurement units](doc\u002FNGINX_BASICS.md#measurement-units)\n * [Regular expressions with PCRE](doc\u002FNGINX_BASICS.md#regular-expressions-with-pcre)\n * [Enable syntax highlighting](doc\u002FNGINX_BASICS.md#enable-syntax-highlighting)\n * [Connection processing](doc\u002FNGINX_BASICS.md#connection-processing)\n * [Event-Driven architecture](doc\u002FNGINX_BASICS.md#event-driven-architecture)\n * [Multiple processes](doc\u002FNGINX_BASICS.md#multiple-processes)\n * [Simultaneous connections](doc\u002FNGINX_BASICS.md#simultaneous-connections)\n * [HTTP Keep-Alive connections](doc\u002FNGINX_BASICS.md#http-keep-alive-connections)\n * [sendfile, tcp_nodelay, and tcp_nopush](doc\u002FNGINX_BASICS.md#sendfile-tcp_nodelay-and-tcp_nopush)\n * [Request processing stages](doc\u002FNGINX_BASICS.md#request-processing-stages)\n * [Server blocks logic](doc\u002FNGINX_BASICS.md#server-blocks-logic)\n * [Handle incoming connections](doc\u002FNGINX_BASICS.md#handle-incoming-connections)\n * [Matching location](doc\u002FNGINX_BASICS.md#matching-location)\n * [rewrite vs return](doc\u002FNGINX_BASICS.md#rewrite-vs-return)\n * [URL redirections](doc\u002FNGINX_BASICS.md#url-redirections)\n * [try_files directive](doc\u002FNGINX_BASICS.md#try_files-directive)\n * [if, break, and set](doc\u002FNGINX_BASICS.md#if-break-and-set)\n * [root vs alias](doc\u002FNGINX_BASICS.md#root-vs-alias)\n * [internal directive](doc\u002FNGINX_BASICS.md#internal-directive)\n * [External and internal redirects](doc\u002FNGINX_BASICS.md#external-and-internal-redirects)\n * [allow and deny](doc\u002FNGINX_BASICS.md#allow-and-deny)\n * [uri vs request_uri](doc\u002FNGINX_BASICS.md#uri-vs-request_uri)\n * [Compression and decompression](doc\u002FNGINX_BASICS.md#compression-and-decompression)\n * [What is the best NGINX compression gzip level?](doc\u002FNGINX_BASICS.md#what-is-the-best-nginx-compression-gzip-level)\n * [Hash tables](doc\u002FNGINX_BASICS.md#hash-tables)\n * [Server names hash table](doc\u002FNGINX_BASICS.md#server-names-hash-table)\n * [Log files](doc\u002FNGINX_BASICS.md#log-files)\n * [Conditional logging](doc\u002FNGINX_BASICS.md#conditional-logging)\n * [Manually log rotation](doc\u002FNGINX_BASICS.md#manually-log-rotation)\n * [Error log severity levels](doc\u002FNGINX_BASICS.md#error-log-severity-levels)\n * [How to log the start time of a request?](doc\u002FNGINX_BASICS.md#how-to-log-the-start-time-of-a-request)\n * [How to log the HTTP request body?](doc\u002FNGINX_BASICS.md#how-to-log-the-http-request-body)\n * [NGINX upstream variables returns 2 values](doc\u002FNGINX_BASICS.md#nginx-upstream-variables-returns-2-values)\n * [Reverse proxy](doc\u002FNGINX_BASICS.md#reverse-proxy)\n * [Passing requests](doc\u002FNGINX_BASICS.md#passing-requests)\n * [Trailing slashes](doc\u002FNGINX_BASICS.md#trailing-slashes)\n * [Passing headers to the backend](doc\u002FNGINX_BASICS.md#passing-headers-to-the-backend)\n * [Importance of the Host header](doc\u002FNGINX_BASICS.md#importance-of-the-host-header)\n * [Redirects and X-Forwarded-Proto](doc\u002FNGINX_BASICS.md#redirects-and-x-forwarded-proto)\n * [A warning about the X-Forwarded-For](doc\u002FNGINX_BASICS.md#a-warning-about-the-x-forwarded-for)\n * [Improve extensibility with Forwarded](doc\u002FNGINX_BASICS.md#improve-extensibility-with-forwarded)\n * [Response headers](doc\u002FNGINX_BASICS.md#response-headers)\n * [Load balancing algorithms](doc\u002FNGINX_BASICS.md#load-balancing-algorithms)\n * [Backend parameters](doc\u002FNGINX_BASICS.md#backend-parameters)\n * [Upstream servers with SSL](doc\u002FNGINX_BASICS.md#upstream-servers-with-ssl)\n * [Round Robin](doc\u002FNGINX_BASICS.md#round-robin)\n * [Weighted Round Robin](doc\u002FNGINX_BASICS.md#weighted-round-robin)\n * [Least Connections](doc\u002FNGINX_BASICS.md#least-connections)\n * [Weighted Least Connections](doc\u002FNGINX_BASICS.md#weighted-least-connections)\n * [IP Hash](doc\u002FNGINX_BASICS.md#ip-hash)\n * [Generic Hash](doc\u002FNGINX_BASICS.md#generic-hash)\n * [Other methods](doc\u002FNGINX_BASICS.md#other-methods)\n * [Rate limiting](doc\u002FNGINX_BASICS.md#rate-limiting)\n * [Variables](doc\u002FNGINX_BASICS.md#variables)\n * [Directives, keys, and zones](doc\u002FNGINX_BASICS.md#directives-keys-and-zones)\n * [Burst and nodelay parameters](doc\u002FNGINX_BASICS.md#burst-and-nodelay-parameters)\n * [NAXSI Web Application Firewall](doc\u002FNGINX_BASICS.md#naxsi-web-application-firewall)\n * [OWASP ModSecurity Core Rule Set (CRS)](doc\u002FNGINX_BASICS.md#owasp-modsecurity-core-rule-set-crs)\n * [Core modules](doc\u002FNGINX_BASICS.md#core-modules)\n * [ngx_http_geo_module](doc\u002FNGINX_BASICS.md#ngx_http_geo_module)\n * [3rd party modules](doc\u002FNGINX_BASICS.md#3rd-party-modules)\n * [ngx_set_misc](doc\u002FNGINX_BASICS.md#ngx_set_misc)\n * [ngx_http_geoip_module](doc\u002FNGINX_BASICS.md#ngx_http_geoip_module)\n- **[Helpers](doc\u002FHELPERS.md#helpers)**\u003Ca id=\"toc-helpers\">\u003C\u002Fa>\n * [Installing from prebuilt packages](doc\u002FHELPERS.md#installing-from-prebuilt-packages)\n * [RHEL7 or CentOS 7](doc\u002FHELPERS.md#rhel7-or-centos-7)\n * [Debian or Ubuntu](doc\u002FHELPERS.md#debian-or-ubuntu)\n * [FreeBSD](doc\u002FHELPERS.md#freebsd)\n * [Installing from source](doc\u002FHELPERS.md#installing-from-source)\n * [Automatic installation on RHEL\u002FDebian\u002FBSD](doc\u002FHELPERS.md#automatic-installation-on-rheldebianbsd)\n * [Nginx package](doc\u002FHELPERS.md#nginx-package)\n * [Dependencies](doc\u002FHELPERS.md#dependencies)\n * [Patches](doc\u002FHELPERS.md#patches)\n * [3rd party modules](doc\u002FHELPERS.md#3rd-party-modules)\n * [Configure options](doc\u002FHELPERS.md#cconfigure-options)\n * [Compiler and linker](doc\u002FHELPERS.md#compiler-and-linker)\n * [Debugging Symbols](doc\u002FHELPERS.md#debugging-symbols)\n * [SystemTap](doc\u002FHELPERS.md#systemtap)\n * [stapxx](doc\u002FHELPERS.md#stapxx)\n * [Installation Nginx on CentOS 7](doc\u002FHELPERS.md#installation-nginx-on-centos-7)\n * [Pre installation tasks](doc\u002FHELPERS.md#pre-installation-tasks)\n * [Dependencies](doc\u002FHELPERS.md#dependencies)\n * [Get Nginx sources](doc\u002FHELPERS.md#get-nginx-sources)\n * [Download 3rd party modules](doc\u002FHELPERS.md#download-3rd-party-modules)\n * [Build Nginx](doc\u002FHELPERS.md#build-nginx)\n * [Post installation tasks](doc\u002FHELPERS.md#post-installation-tasks)\n * [Installation OpenResty on CentOS 7](doc\u002FHELPERS.md#installation-openresty-on-centos-7)\n * [Installation Tengine on Ubuntu 18.04](doc\u002FHELPERS.md#installation-tengine-on-ubuntu-1804)\n * [Installation Nginx on FreeBSD 11.3](doc\u002FHELPERS.md#installation-nginx-on-freebsd-113)\n * [Installation Nginx on FreeBSD 11.3 (from ports)](doc\u002FHELPERS.md#installation-nginx-on-freebsd-113-from-ports)\n * [Analyse configuration](doc\u002FHELPERS.md#analyse-configuration)\n * [Monitoring](doc\u002FHELPERS.md#monitoring)\n * [GoAccess](doc\u002FHELPERS.md#goaccess)\n * [Build and install](doc\u002FHELPERS.md#build-and-install)\n * [Analyse log file and enable all recorded statistics](doc\u002FHELPERS.md#analyse-log-file-and-enable-all-recorded-statistics)\n * [Analyse compressed log file](doc\u002FHELPERS.md#analyse-compressed-log-file)\n * [Analyse log file remotely](doc\u002FHELPERS.md#analyse-log-file-remotely)\n * [Analyse log file and generate html report](doc\u002FHELPERS.md#analyse-log-file-and-generate-html-report)\n * [Ngxtop](doc\u002FHELPERS.md#ngxtop)\n * [Analyse log file](doc\u002FHELPERS.md#analyse-log-file)\n * [Analyse log file and print requests with 4xx and 5xx](doc\u002FHELPERS.md#analyse-log-file-and-print-requests-with-4xx-and-5xx)\n * [Analyse log file remotely](doc\u002FHELPERS.md#analyse-log-file-remotely-1)\n * [Testing](doc\u002FHELPERS.md#testing)\n * [Build OpenSSL 1.0.2-chacha version](doc\u002FHELPERS.md#build-openssl-102-chacha-version)\n * [Send request and show response headers](doc\u002FHELPERS.md#send-request-and-show-response-headers)\n * [Send request with http method, user-agent, follow redirects and show response headers](doc\u002FHELPERS.md#send-request-with-http-method-user-agent-follow-redirects-and-show-response-headers)\n * [Send multiple requests](doc\u002FHELPERS.md#send-multiple-requests)\n * [Testing SSL connection](doc\u002FHELPERS.md#testing-ssl-connection)\n * [Testing SSL connection (debug mode)](doc\u002FHELPERS.md#testing-ssl-connection-debug-mode)\n * [Testing SSL connection with SNI support](doc\u002FHELPERS.md#testing-ssl-connection-with-sni-support)\n * [Testing SSL connection with specific SSL version](doc\u002FHELPERS.md#testing-ssl-connection-with-specific-ssl-version)\n * [Testing SSL connection with specific cipher](doc\u002FHELPERS.md#testing-ssl-connection-with-specific-cipher)\n * [Testing OCSP Stapling](doc\u002FHELPERS.md#testing-ocsp-stapling)\n * [Verify 0-RTT](doc\u002FHELPERS.md#verify-0-rtt)\n * [Testing SCSV](doc\u002FHELPERS.md#testing-scsv)\n * [Load testing with ApacheBench (ab)](doc\u002FHELPERS.md#load-testing-with-apachebench-ab)\n * [Standard test](doc\u002FHELPERS.md#standard-test)\n * [Test with Keep-Alive header](doc\u002FHELPERS.md#test-with-keep-alive-header)\n * [Load testing with wrk2](doc\u002FHELPERS.md#load-testing-with-wrk2)\n * [Standard scenarios](doc\u002FHELPERS.md#standard-scenarios)\n * [POST call (with Lua)](doc\u002FHELPERS.md#post-call-with-lua)\n * [Random paths (with Lua)](doc\u002FHELPERS.md#random-paths-with-lua)\n * [Multiple paths (with Lua)](doc\u002FHELPERS.md#multiple-paths-with-lua)\n * [Random server address to each thread (with Lua)](doc\u002FHELPERS.md#random-server-address-to-each-thread-with-lua)\n * [Multiple json requests (with Lua)](doc\u002FHELPERS.md#multiple-json-requests-with-lua)\n * [Debug mode (with Lua)](doc\u002FHELPERS.md#debug-mode-with-lua)\n * [Analyse data pass to and from the threads](doc\u002FHELPERS.md#analyse-data-pass-to-and-from-the-threads)\n * [Parsing wrk result and generate report](doc\u002FHELPERS.md#parsing-wrk-result-and-generate-report)\n * [Load testing with locust](doc\u002FHELPERS.md#load-testing-with-locust)\n * [Multiple paths](doc\u002FHELPERS.md#multiple-paths)\n * [Multiple paths with different user sessions](doc\u002FHELPERS.md#multiple-paths-with-different-user-sessions)\n * [TCP SYN flood Denial of Service attack](doc\u002FHELPERS.md#tcp-syn-flood-denial-of-service-attack)\n * [HTTP Denial of Service attack](doc\u002FHELPERS.md#tcp-syn-flood-denial-of-service-attack)\n * [Debugging](doc\u002FHELPERS.md#debugging)\n * [Show information about processes](doc\u002FHELPERS.md#show-information-about-nginx-processes)\n * [Check memory usage](doc\u002FHELPERS.md#check-memoryusage)\n * [Show open files](doc\u002FHELPERS.md#show-open-files)\n * [Check segmentation fault messages](doc\u002FHELPERS.md#check-segmentation-fault-messages)\n * [Dump configuration](doc\u002FHELPERS.md#dump-configuration)\n * [Get the list of configure arguments](doc\u002FHELPERS.md#get-the-list-of-configure-arguments)\n * [Check if the module has been compiled](doc\u002FHELPERS.md#check-if-the-module-has-been-compiled)\n * [Show the most accessed IP addresses](doc\u002FHELPERS.md#show-the-most-accessed-ip-addresses)\n * [Show the most accessed IP addresses (ip and url)](doc\u002FHELPERS.md#show-the-most-accessed-ip-addresses-ip-and-url)\n * [Show the most accessed IP addresses (method, code, ip, and url)](doc\u002FHELPERS.md#show-the-most-accessed-ip-addresses-method-code-ip-and-url)\n * [Show the top 5 visitors (IP addresses)](doc\u002FHELPERS.md#show-the-top-5-visitors-ip-addresses)\n * [Show the most requested urls](doc\u002FHELPERS.md#show-the-most-requested-urls)\n * [Show the most requested urls containing 'string'](doc\u002FHELPERS.md#show-the-most-requested-urls-containing-string)\n * [Show the most requested urls with http methods](doc\u002FHELPERS.md#show-the-most-requested-urls-with-http-methods)\n * [Show the most accessed response codes](doc\u002FHELPERS.md#show-the-most-accessed-response-codes)\n * [Analyse web server log and show only 2xx http codes](doc\u002FHELPERS.md#analyse-web-server-log-and-show-only-2xx-http-codes)\n * [Analyse web server log and show only 5xx http codes](doc\u002FHELPERS.md#analyse-web-server-log-and-show-only-5xx-http-codes)\n * [Show requests which result 502 and sort them by number per requests by url](doc\u002FHELPERS.md#show-requests-which-result-502-and-sort-them-by-number-per-requests-by-url)\n * [Show requests which result 404 for php files and sort them by number per requests by url](doc\u002FHELPERS.md#show-requests-which-result-404-for-php-files-and-sort-them-by-number-per-requests-by-url)\n * [Calculating amount of http response codes](doc\u002FHELPERS.md#calculating-amount-of-http-response-codes)\n * [Calculating requests per second](doc\u002FHELPERS.md#calculating-requests-per-second)\n * [Calculating requests per second with IP addresses](doc\u002FHELPERS.md#calculating-requests-per-second-with-ip-addresses)\n * [Calculating requests per second with IP addresses and urls](doc\u002FHELPERS.md#calculating-requests-per-second-with-ip-addresses-and-urls)\n * [Get entries within last n hours](doc\u002FHELPERS.md#get-entries-within-last-n-hours)\n * [Get entries between two timestamps (range of dates)](doc\u002FHELPERS.md#get-entries-between-two-timestamps-range-of-dates)\n * [Get line rates from web server log](doc\u002FHELPERS.md#get-line-rates-from-web-server-log)\n * [Trace network traffic for all processes](doc\u002FHELPERS.md#trace-network-traffic-for-all-nginx-processes)\n * [List all files accessed by a NGINX](doc\u002FHELPERS.md#list-all-files-accessed-by-a-nginx)\n * [Check that the gzip_static module is working](doc\u002FHELPERS.md#check-that-the-gzip_static-module-is-working)\n * [Which worker processing current request](doc\u002FHELPERS.md#which-worker-processing-current-request)\n * [Capture only http packets](doc\u002FHELPERS.md#capture-only-http-packets)\n * [Extract User Agent from the http packets](doc\u002FHELPERS.md#extract-user-agent-from-the-http-packets)\n * [Capture only http GET and POST packets](doc\u002FHELPERS.md#capture-only-http-get-and-post-packets)\n * [Capture requests and filter by source ip and destination port](doc\u002FHELPERS.md#capture-requests-and-filter-by-source-ip-and-destination-port)\n * [Capture HTTP requests\u002Fresponses in real time, filter by GET, HEAD and save to a file](doc\u002FHELPERS.md#capture-http-requests--responses-in-real-time-filter-by-get-head-and-save-to-a-file)\n * [Dump a process's memory](doc\u002FHELPERS.md#dump-a-processs-memory)\n * [GNU Debugger (gdb)](doc\u002FHELPERS.md#gnu-debugger-gdb)\n * [Dump configuration from a running process](doc\u002FHELPERS.md#dump-configuration-from-a-running-process)\n * [Show debug log in memory](doc\u002FHELPERS.md#show-debug-log-in-memory)\n * [Core dump backtrace](doc\u002FHELPERS.md#core-dump-backtrace)\n * [Debugging socket leaks](doc\u002FHELPERS.md#debugging-socket-leaks)\n * [Shell aliases](doc\u002FHELPERS.md#shell-aliases)\n * [Configuration snippets](doc\u002FHELPERS.md#configuration-snippets)\n * [Nginx server header removal](doc\u002FHELPERS.md#nginx-server-header-removal)\n * [Custom log formats](doc\u002FHELPERS.md#custom-log-formats)\n * [Log only 4xx\u002F5xx](doc\u002FHELPERS.md#log-only-4xx5xx)\n * [Restricting access with basic authentication](doc\u002FHELPERS.md#restricting-access-with-basic-authentication)\n * [Restricting access with client certificate](doc\u002FHELPERS.md#restricting-access-with-client-certificate)\n * [Restricting access by geographical location](doc\u002FHELPERS.md#restricting-access-by-geographical-location)\n * [GeoIP 2 database](doc\u002FHELPERS.md#geoip-2-database)\n * [Dynamic error pages with SSI](doc\u002FHELPERS.md#dynamic-error-pages-with-ssi)\n * [Blocking\u002Fallowing IP addresses](doc\u002FHELPERS.md#blockingallowing-ip-addresses)\n * [Blocking referrer spam](doc\u002FHELPERS.md#blocking-referrer-spam)\n * [Limiting referrer spam](doc\u002FHELPERS.md#limiting-referrer-spam)\n * [Blocking User-Agent](doc\u002FHELPERS.md#blocking-user-agent)\n * [Limiting User-Agent](doc\u002FHELPERS.md#limiting-user-agent)\n * [Limiting the rate of requests with burst mode](doc\u002FHELPERS.md#limiting-the-rate-of-requests-with-burst-mode)\n * [Limiting the rate of requests with burst mode and nodelay](doc\u002FHELPERS.md#limiting-the-rate-of-requests-with-burst-mode-and-nodelay)\n * [Limiting the rate of requests per IP with geo and map](doc\u002FHELPERS.md#limiting-the-rate-of-requests-per-ip-with-geo-and-map)\n * [Limiting the number of connections](doc\u002FHELPERS.md#limiting-the-number-of-connections)\n * [Using trailing slashes](doc\u002FHELPERS.md#using-trailing-slashes)\n * [Properly redirect all HTTP requests to HTTPS](doc\u002FHELPERS.md#properly-redirect-all-http-requests-to-https)\n * [Adding and removing the www prefix](doc\u002FHELPERS.md#adding-and-removing-the-www-prefix)\n * [Proxy\u002Frewrite and keep the original URL](doc\u002FHELPERS.md#proxyrewrite-and-keep-the-original-url)\n * [Proxy\u002Frewrite and keep the part of original URL](doc\u002FHELPERS.md#proxyrewrite-and-keep-the-part-of-original-url)\n * [Proxy\u002Frewrite without changing the original URL (in browser)](doc\u002FHELPERS.md#proxyrewrite-without-changing-the-original-url-in-browser)\n * [Modify 301\u002F302 response body](doc\u002FHELPERS.md#modify-301302-response-body)\n * [Redirect POST request with payload to external endpoint](doc\u002FHELPERS.md#redirect-post-request-with-payload-to-external-endpoint)\n * [Route to different backends based on HTTP method](doc\u002FHELPERS.md#route-to-different-backends-based-on-HTTP-method)\n * [Allow multiple cross-domains using the CORS headers](doc\u002FHELPERS.md#allow-multiple-cross-domains-using-the-cors-headers)\n * [Set correct scheme passed in X-Forwarded-Proto](doc\u002FHELPERS.md#set-correct-scheme-passed-in-x-forwarded-proto)\n * [Other snippets](doc\u002FHELPERS.md#other-snippets)\n * [Recreate base directory](doc\u002FHELPERS.md#recreate-base-directory)\n * [Create a temporary static backend](doc\u002FHELPERS.md#create-a-temporary-static-backend)\n * [Create a temporary static backend with SSL support](doc\u002FHELPERS.md#create-a-temporary-static-backend-with-ssl-support)\n * [Generate password file with htpasswd command](doc\u002FHELPERS.md#generate-password-file-with-htpasswd-command)\n * [Generate private key without passphrase](doc\u002FHELPERS.md#generate-private-key-without-passphrase)\n * [Generate private key with passphrase](doc\u002FHELPERS.md#generate-private-key-with-passphrase)\n * [Remove passphrase from private key](doc\u002FHELPERS.md#remove-passphrase-from-private-key)\n * [Encrypt existing private key with a passphrase](doc\u002FHELPERS.md#encrypt-existing-private-key-with-a-passphrase)\n * [Generate CSR](doc\u002FHELPERS.md#generate-csr)\n * [Generate CSR (metadata from existing certificate)](doc\u002FHELPERS.md#generate-csr-metadata-from-existing-certificate)\n * [Generate CSR with -config param](doc\u002FHELPERS.md#generate-csr-with--config-param)\n * [Generate private key and CSR](doc\u002FHELPERS.md#generate-private-key-and-csr)\n * [List available EC curves](doc\u002FHELPERS.md#list-available-ec-curves)\n * [Print ECDSA private and public keys](doc\u002FHELPERS.md#print-ecdsa-private-and-public-keys)\n * [Generate ECDSA private key](doc\u002FHELPERS.md#generate-ecdsa-private-key)\n * [Generate private key and CSR (ECC)](doc\u002FHELPERS.md#generate-private-key-and-csr-ecc)\n * [Generate self-signed certificate](doc\u002FHELPERS.md#generate-self-signed-certificate)\n * [Generate self-signed certificate from existing private key](doc\u002FHELPERS.md#generate-self-signed-certificate-from-existing-private-key)\n * [Generate self-signed certificate from existing private key and csr](doc\u002FHELPERS.md#generate-self-signed-certificate-from-existing-private-key-and-csr)\n * [Generate multidomain certificate (Certbot)](doc\u002FHELPERS.md#generate-multidomain-certificate-certbot)\n * [Generate wildcard certificate (Certbot)](doc\u002FHELPERS.md#generate-wildcard-certificate-certbot)\n * [Generate certificate with 4096 bit private key (Certbot)](doc\u002FHELPERS.md#generate-certificate-with-4096-bit-private-key-certbot)\n * [Generate DH public parameters](doc\u002FHELPERS.md#generate-dh-public-parameters)\n * [Display DH public parameters](doc\u002FHELPERS.md#display-dh-public-parameters)\n * [Extract private key from pfx](doc\u002FHELPERS.md#extract-private-key-from-pfx)\n * [Extract private key and certs from pfx](doc\u002FHELPERS.md#extract-private-key-and-certs-from-pfx)\n * [Extract certs from p7b](doc\u002FHELPERS.md#extract-certs-from-p7b)\n * [Convert DER to PEM](doc\u002FHELPERS.md#convert-der-to-pem)\n * [Convert PEM to DER](doc\u002FHELPERS.md#convert-pem-to-der)\n * [Verification of the certificate's supported purposes](doc\u002FHELPERS.md#verification-of-the-certificates-supported-purposes)\n * [Check private key](doc\u002FHELPERS.md#check-private-key)\n * [Verification of the private key](doc\u002FHELPERS.md#verification-of-the-private-key)\n * [Get public key from private key](doc\u002FHELPERS.md#get-public-key-from-private-key)\n * [Verification of the public key](doc\u002FHELPERS.md#verification-of-the-public-key)\n * [Verification of the certificate](doc\u002FHELPERS.md#verification-of-the-certificate)\n * [Verification of the CSR](doc\u002FHELPERS.md#verification-of-the-csr)\n * [Check the private key and the certificate are match](doc\u002FHELPERS.md#check-the-private-key-and-the-certificate-are-match)\n * [Check the private key and the CSR are match](doc\u002FHELPERS.md#check-the-private-key-and-the-csr-are-match)\n [TLSv1.3 and CCM ciphers](doc\u002FHELPERS.md#tlsv13-and-ccm-ciphers)\n- **[Base Rules (16)](doc\u002FRULES.md#base-rules)**\u003Ca id=\"toc-base-rules\">\u003C\u002Fa>\n * [Organising Nginx configuration](doc\u002FRULES.md#beginner-organising-nginx-configuration)\n * [Format, prettify and indent your Nginx code](doc\u002FRULES.md#beginner-format-prettify-and-indent-your-nginx-code)\n * [Use reload option to change configurations on the fly](doc\u002FRULES.md#beginner-use-reload-option-to-change-configurations-on-the-fly)\n * [Separate listen directives for 80 and 443 ports](doc\u002FRULES.md#beginner-separate-listen-directives-for-80-and-443-ports)\n * [Define the listen directives with address:port pair](doc\u002FRULES.md#beginner-define-the-listen-directives-with-addressport-pair)\n * [Prevent processing requests with undefined server names](doc\u002FRULES.md#beginner-prevent-processing-requests-with-undefined-server-names)\n * [Never use a hostname in a listen or upstream directives](doc\u002FRULES.md#beginner-never-use-a-hostname-in-a-listen-or-upstream-directives)\n * [Set the HTTP headers with add_header and proxy_*_header directives properly](doc\u002FRULES.md#beginner-set-the-http-headers-with-add_header-and-proxy__header-directives-properly)\n * [Use only one SSL config for the listen directive](doc\u002FRULES.md#beginner-use-only-one-ssl-config-for-the-listen-directive)\n * [Use geo\u002Fmap modules instead of allow\u002Fdeny](doc\u002FRULES.md#beginner-use-geomap-modules-instead-of-allowdeny)\n * [Map all the things...](doc\u002FRULES.md#beginner-map-all-the-things)\n * [Set global root directory for unmatched locations](doc\u002FRULES.md#beginner-set-global-root-directory-for-unmatched-locations)\n * [Use return directive for URL redirection (301, 302)](doc\u002FRULES.md#beginner-use-return-directive-for-url-redirection-301-302)\n * [Configure log rotation policy](doc\u002FRULES.md#beginner-configure-log-rotation-policy)\n * [Use simple custom error pages](doc\u002FRULES.md#beginner-use-simple-custom-error-pages)\n * [Don't duplicate index directive, use it only in the http block](doc\u002FRULES.md#beginner-dont-duplicate-index-directive-use-it-only-in-the-http-block)\n- **[Debugging (5)](doc\u002FRULES.md#debugging)**\u003Ca id=\"toc-debugging\">\u003C\u002Fa>\n * [Use custom log formats](doc\u002FRULES.md#beginner-use-custom-log-formats)\n * [Use debug mode to track down unexpected behaviour](doc\u002FRULES.md#beginner-use-debug-mode-to-track-down-unexpected-behaviour)\n * [Improve debugging by disable daemon, master process, and all workers except one](doc\u002FRULES.md#beginner-improve-debugging-by-disable-daemon-master-process-and-all-workers-except-one)\n * [Use core dumps to figure out why NGINX keep crashing](doc\u002FRULES.md#beginner-use-core-dumps-to-figure-out-why-nginx-keep-crashing)\n * [Use mirror module to copy requests to another backend](doc\u002FRULES.md#beginner-use-mirror-module-to-copy-requests-to-another-backend)\n- **[Performance (13)](doc\u002FRULES.md#performance)**\u003Ca id=\"toc-performance\">\u003C\u002Fa>\n * [Adjust worker processes](doc\u002FRULES.md#beginner-adjust-worker-processes)\n * [Use HTTP\u002F2](doc\u002FRULES.md#beginner-use-http2)\n * [Maintaining SSL sessions](doc\u002FRULES.md#beginner-maintaining-ssl-sessions)\n * [Enable OCSP Stapling](doc\u002FRULES.md#beginner-enable-ocsp-stapling)\n * [Use exact names in a server_name directive if possible](doc\u002FRULES.md#beginner-use-exact-names-in-a-server_name-directive-if-possible)\n * [Avoid checks server_name with if directive](doc\u002FRULES.md#beginner-avoid-checks-server_name-with-if-directive)\n * [Use $request_uri to avoid using regular expressions](doc\u002FRULES.md#beginner-use-request_uri-to-avoid-using-regular-expressions)\n * [Use try_files directive to ensure a file exists](doc\u002FRULES.md#beginner-use-try_files-directive-to-ensure-a-file-exists)\n * [Use return directive instead of rewrite for redirects](doc\u002FRULES.md#beginner-use-return-directive-instead-of-rewrite-for-redirects)\n * [Enable PCRE JIT to speed up processing of regular expressions](doc\u002FRULES.md#beginner-enable-pcre-jit-to-speed-up-processing-of-regular-expressions)\n * [Activate the cache for connections to upstream servers](doc\u002FRULES.md#beginner-activate-the-cache-for-connections-to-upstream-servers)\n * [Make an exact location match to speed up the selection process](doc\u002FRULES.md#beginner-make-an-exact-location-match-to-speed-up-the-selection-process)\n * [Use limit_conn to improve limiting the download speed](doc\u002FRULES.md#beginner-use-limit_conn-to-improve-limiting-the-download-speed)\n- **[Hardening (31)](doc\u002FRULES.md#hardening)**\u003Ca id=\"toc-hardening\">\u003C\u002Fa>\n * [Always keep NGINX up-to-date](doc\u002FRULES.md#beginner-always-keep-nginx-up-to-date)\n * [Run as an unprivileged user](doc\u002FRULES.md#beginner-run-as-an-unprivileged-user)\n * [Disable unnecessary modules](doc\u002FRULES.md#beginner-disable-unnecessary-modules)\n * [Protect sensitive resources](doc\u002FRULES.md#beginner-protect-sensitive-resources)\n * [Take care about your ACL rules](doc\u002FRULES.md#beginner-take-care-about-your-acl-rules)\n * [Hide Nginx version number](doc\u002FRULES.md#beginner-hide-nginx-version-number)\n * [Hide Nginx server signature](doc\u002FRULES.md#beginner-hide-nginx-server-signature)\n * [Hide upstream proxy headers](doc\u002FRULES.md#beginner-hide-upstream-proxy-headers)\n * [Remove support for legacy and risky HTTP request headers](doc\u002FRULES.md#beginner-remove-support-for-legacy-and-risky-http-request-headers)\n * [Use only the latest supported OpenSSL version](doc\u002FRULES.md#beginner-use-only-the-latest-supported-openssl-version)\n * [Force all connections over TLS](doc\u002FRULES.md#beginner-force-all-connections-over-tls)\n * [Use min. 2048-bit for RSA and 256-bit for ECC](doc\u002FRULES.md#beginner-use-min-2048-bit-for-rsa-and-256-bit-for-ecc)\n * [Keep only TLS 1.3 and TLS 1.2](doc\u002FRULES.md#beginner-keep-only-tls-13-and-tls-12)\n * [Use only strong ciphers](doc\u002FRULES.md#beginner-use-only-strong-ciphers)\n * [Use more secure ECDH Curve](doc\u002FRULES.md#beginner-use-more-secure-ecdh-curve)\n * [Use strong Key Exchange with Perfect Forward Secrecy](doc\u002FRULES.md#beginner-use-strong-key-exchange-with-perfect-forward-secrecy)\n * [Prevent Replay Attacks on Zero Round-Trip Time](doc\u002FRULES.md#beginner-prevent-replay-attacks-on-zero-round-trip-time)\n * [Defend against the BEAST attack](doc\u002FRULES.md#beginner-defend-against-the-beast-attack)\n * [Mitigation of CRIME\u002FBREACH attacks](doc\u002FRULES.md#beginner-mitigation-of-crimebreach-attacks)\n * [Enable HTTP Strict Transport Security](doc\u002FRULES.md#beginner-enable-http-strict-transport-security)\n * [Reduce XSS risks (Content-Security-Policy)](doc\u002FRULES.md#beginner-reduce-xss-risks-content-security-policy)\n * [Control the behaviour of the Referer header (Referrer-Policy)](doc\u002FRULES.md#beginner-control-the-behaviour-of-the-referer-header-referrer-policy)\n * [Provide clickjacking protection (X-Frame-Options)](doc\u002FRULES.md#beginner-provide-clickjacking-protection-x-frame-options)\n * [Prevent some categories of XSS attacks (X-XSS-Protection)](doc\u002FRULES.md#beginner-prevent-some-categories-of-xss-attacks-x-xss-protection)\n * [Prevent Sniff Mimetype middleware (X-Content-Type-Options)](doc\u002FRULES.md#beginner-prevent-sniff-mimetype-middleware-x-content-type-options)\n * [Deny the use of browser features (Feature-Policy)](doc\u002FRULES.md#beginner-deny-the-use-of-browser-features-feature-policy)\n * [Reject unsafe HTTP methods](doc\u002FRULES.md#beginner-reject-unsafe-http-methods)\n * [Prevent caching of sensitive data](doc\u002FRULES.md#beginner-prevent-caching-of-sensitive-data)\n * [Limit concurrent connections](doc\u002FRULES.md#beginner-limit-concurrent-connections)\n * [Control Buffer Overflow attacks](doc\u002FRULES.md#beginner-control-buffer-overflow-attacks)\n * [Mitigating Slow HTTP DoS attacks (Closing Slow Connections)](doc\u002FRULES.md#beginner-mitigating-slow-http-dos-attacks-closing-slow-connections)\n- **[Reverse Proxy (8)](doc\u002FRULES.md#reverse-proxy)**\u003Ca id=\"toc-reverse-proxy\">\u003C\u002Fa>\n * [Use pass directive compatible with backend protocol](doc\u002FRULES.md#beginner-use-pass-directive-compatible-with-backend-protocol)\n * [Be careful with trailing slashes in proxy_pass directive](doc\u002FRULES.md#beginner-be-careful-with-trailing-slashes-in-proxy_pass-directive)\n * [Set and pass Host header only with $host variable](doc\u002FRULES.md#beginner-set-and-pass-host-header-only-with-host-variable)\n * [Set properly values of the X-Forwarded-For header](doc\u002FRULES.md#beginner-set-properly-values-of-the-x-forwarded-for-header)\n * [Don't use X-Forwarded-Proto with $scheme behind reverse proxy](doc\u002FRULES.md#beginner-dont-use-x-forwarded-proto-with-scheme-behind-reverse-proxy)\n * [Always pass Host, X-Real-IP, and X-Forwarded headers to the backend](doc\u002FRULES.md#beginner-always-pass-host-x-real-ip-and-x-forwarded-headers-to-the-backend)\n * [Use custom headers without X- prefix](doc\u002FRULES.md#beginner-use-custom-headers-without-x--prefix)\n * [Always use $request_uri instead of $uri in proxy_pass](doc\u002FRULES.md#beginner-always-use-request_uri-instead-of-uri-in-proxy_pass)\n- **[Load Balancing (2)](doc\u002FRULES.md#load-balancing)**\u003Ca id=\"toc-load-balancing\">\u003C\u002Fa>\n * [Tweak passive health checks](doc\u002FRULES.md#beginner-tweak-passive-health-checks)\n * [Don't disable backends by comments, use down parameter](doc\u002FRULES.md#beginner-dont-disable-backends-by-comments-use-down-parameter)\n- **[Others (4)](doc\u002FRULES.md#others)**\u003Ca id=\"toc-others\">\u003C\u002Fa>\n * [Set the certificate chain correctly](doc\u002FRULES.md#beginner-set-the-certificate-chain-correctly)\n * [Enable DNS CAA Policy](doc\u002FRULES.md#beginner-enable-dns-caa-policy)\n * [Define security policies with security.txt](doc\u002FRULES.md#beginner-define-security-policies-with-securitytxt)\n * [Use tcpdump to diagnose and troubleshoot the HTTP issues](doc\u002FRULES.md#beginner-use-tcpdump-to-monitor-http-traffic)\n- **[Configuration Examples](doc\u002FEXAMPLES.md#configuration-examples)**\u003Ca id=\"toc-configuration-examples\">\u003C\u002Fa>\n * [Reverse Proxy](doc\u002FEXAMPLES.md#reverse-proxy)\n * [Installation](doc\u002FEXAMPLES.md#installation)\n * [Configuration](doc\u002FEXAMPLES.md#configuration)\n * [Import configuration](doc\u002FEXAMPLES.md#import-configuration)\n * [Set bind IP address](doc\u002FEXAMPLES.md#set-bind-ip-address)\n * [Set your domain name](doc\u002FEXAMPLES.md#set-your-domain-name)\n * [Regenerate private keys and certs](doc\u002FEXAMPLES.md#regenerate-private-keys-and-certs)\n * [Update modules list](doc\u002FEXAMPLES.md#update-modules-list)\n * [Generating the necessary error pages](doc\u002FEXAMPLES.md#generating-the-necessary-error-pages)\n * [Add new domain](doc\u002FEXAMPLES.md#add-new-domain)\n * [Test your configuration](doc\u002FEXAMPLES.md#test-your-configuration)\n\n\u003C\u002Fdetails>\n\n# Introduction\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fwww.nginx.com\u002F\">\n \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Ftrimstray\u002Fnginx-admins-handbook\u002Fblob\u002Fmaster\u002Fstatic\u002Fimg\u002Fnginx_admins_handbook_logo.png\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n > Before you start playing with NGINX please read an official **[Beginner’s Guide](http:\u002F\u002Fnginx.org\u002Fen\u002Fdocs\u002Fbeginners_guide.html)**. It's a great introduction for everyone.\n\n**Nginx** (_\u002Fˌɛndʒɪnˈɛks\u002F EN-jin-EKS_, stylized as NGINX or nginx) is an open source HTTP and reverse proxy server, a mail proxy server, and a generic TCP\u002FUDP proxy server with a strong focus on high concurrency, performance and low memory usage. It is originally written by [Igor Sysoev](http:\u002F\u002Fsysoev.ru\u002Fen\u002F).\n\nFor a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. At this moment some high-profile companies using NGINX include Cisco, DuckDuckGo, Facebook, GitLab, Google, Twitter, Apple, Intel, and many more. In the September 2019 it was the most commonly used HTTP server (see [Netcraft survey](https:\u002F\u002Fnews.netcraft.com\u002Farchives\u002Fcategory\u002Fweb-server-survey\u002F)).\n\nNGINX is a fast, light-weight and powerful web server that can also be used as a:\n\n- fast HTTP reverse proxy\n- reliable load balancer\n- high performance caching server\n- full-fledged web platform\n\nSo, to be brief, it provides the core of complete web stacks and is designed to help build scalable web applications. When it comes to performance, NGINX can easily handle a huge amount of traffic. The other main advantage of the NGINX is that allows you to do the same thing in different ways.\n\nUnlike traditional HTTP servers, NGINX doesn't rely on threads to handle requests and it was written with a different architecture in mind - one which is much more suitable for nonlinear scalability in both the number of simultaneous connections and requests per second.\n\nNGINX is also known as a _Apache Killer_ (mainly because of its lightness and much less RAM consumption). It is event-based, so it does not follow Apache's style of spawning new processes or threads for each web page request. Generally, it was created to solve the [C10K problem](http:\u002F\u002Fwww.kegel.com\u002Fc10k.html).\n\nFor me, it is a one of the best and most important service that I used in my SysAdmin career.\n\n----\n\nThese essential documents should be the main source of knowledge for you:\n\n- **[Getting Started](https:\u002F\u002Fwww.nginx.com\u002Fresources\u002Fwiki\u002Fstart\u002F)**\n- **[NGINX Documentation](https:\u002F\u002Fnginx.org\u002Fen\u002Fdocs\u002F)**\n- **[Development guide](http:\u002F\u002Fnginx.org\u002Fen\u002Fdocs\u002Fdev\u002Fdevelopment_guide.html)**\n- **[Security Controls](https:\u002F\u002Fdocs.nginx.com\u002Fnginx\u002Fadmin-guide\u002Fsecurity-controls\u002F)**\n\nIn addition, I would like to recommend three great docs focuses on the concept of the HTTP protocol:\n\n- **[HTTP Made Really Easy](https:\u002F\u002Fwww.jmarshall.com\u002Feasy\u002Fhttp\u002F)**\n- **[Hypertext Transfer Protocol Specification](https:\u002F\u002Fwww.w3.org\u002FProtocols\u002F)**\n- **[Web technology for developers - HTTP](https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP)**\n\nIf you love security keep your eye on this one: [Cryptology ePrint Archive](https:\u002F\u002Feprint.iacr.org\u002F). It provides access to recent research in cryptology and explores many subjects of security (e.g. Ciphers, Algorithms, SSL\u002FTLS protocols). A great introduction that covers core concepts of cryptography is [Practical Cryptography for Developers](https:\u002F\u002Fcryptobook.nakov.com\u002F). I also recommend to read the [Bulletproof SSL and TLS](https:\u002F\u002Fwww.feistyduck.com\u002Fbooks\u002Fbulletproof-ssl-and-tls\u002F). Yep, it's definitely the most comprehensive book about deploying TLS for me.\n\nAn obligatory source of knowledge is also the [OWASP Cheat Sheet Series](https:\u002F\u002Fcheatsheetseries.owasp.org\u002F). You should ought treat it as an excellent security guidance. [Burp Scanner - Issue Definitions](https:\u002F\u002Fportswigger.net\u002Fkb\u002Fissues) introduces you to the web apps and security vulnerabilities. Finally, [The Web Security Academy](https:\u002F\u002Fportswigger.net\u002Fweb-security) is a free online training center for web application security with high-quality reading materials and interactive labs of varying levels of difficulty. All are really good source to start learning about web application security.\n\nAnd, of course, always browse official [Nginx Security Advisories](http:\u002F\u002Fnginx.org\u002Fen\u002Fsecurity_advisories.html) and CVE databases like [CVE Details](https:\u002F\u002Fwww.cvedetails.com\u002Fvendor\u002F10048\u002FNginx.html) or [CVE - The MITRE Corporation](https:\u002F\u002Fcve.mitre.org\u002Fcgi-bin\u002Fcvekey.cgi?keyword=NGINX) - to stay Up-to-Date on NGINX vulnerabilities.\n\n## Prologue\n\nWhen I was studying architecture of HTTP servers I became interested in NGINX. As I was going through research, I kept notes. I found a lot of information about it, e.g. forum posts on the web about every conceivable problem was great. However, I've never found one guide that covers the most important things in a suitable form. I was a little disappointed.\n\nI was interested in everything: NGINX internals, functions, security best practices, performance optimisations, tips & tricks, hacks and rules, but for me some of the documents treated the subject lightly.\n\nOf course, [NGINX Official Documentation](https:\u002F\u002Fnginx.org\u002Fen\u002Fdocs\u002F) is the best place but I know that we also have other great resources:\n\n- [agentzh's Nginx Tutorials](https:\u002F\u002Fopenresty.org\u002Fdownload\u002Fagentzh-nginx-tutorials-en.html)\n- [Nginx Guts](http:\u002F\u002Fwww.nginxguts.com\u002F)\n- [Nginx discovery journey](http:\u002F\u002Fwww.nginx-discovery.com\u002F)\n- [Nginx Secure Web Server](https:\u002F\u002Fcalomel.org\u002Fnginx.html)\n- [Emiller’s Guide To Nginx Module Development](https:\u002F\u002Fwww.evanmiller.org\u002Fnginx-modules-guide.html)\n- [Emiller’s Advanced Topics In Nginx Module Development](https:\u002F\u002Fwww.evanmiller.org\u002Fnginx-modules-guide-advanced.html)\n\nThese are definitely the best assets for us and in the first place you should seek help there. Moreover, in order to improve your knowledge, please see [Books](#books) chapter - it contains top literature on NGINX.\n\n## Why I created this handbook\n\nFor me, however, there hasn't been a truly in-depth and reasonably simple cheatsheet which describe a variety of configurations and important cross-cutting topics for HTTP servers. Configuration of the NGINX can be tricky sometimes and you really need to get into the syntax and concepts to get an understanding tricks, loopholes, and mechanisms. The documentation isn't as pretty as other projects and should certainly include more robust examples.\n\n > This handbook is a set of rules and recommendations for the NGINX Open Source HTTP server. It also contains the best practices, notes, and helpers with countless examples. Many of them refer to external resources.\n\nThere are a lot of things you can do to improve in your NGINX instance and this guide will attempt to cover as many of them as possible. For the most part, it contains the most important things about NGINX for me. I think the configuration you provided should work without any talisman. That's why I created this repository.\n\nWith this handbook you will explore the many features and capabilities of the NGINX. You'll find out, for example, how to testing the performance or how to resolve debugging problems. You will learn configuration guidelines, security design patterns, ways to handle common issues and how to stay out of them. I explained here a few best tips to avoid pitfalls and configuration mistakes.\n\nI added set of guidelines and examples has also been produced to help you administer of the NGINX. They give us insight into NGINX internals also.\n\nMostly, I apply the rules presented here on the NGINX working as a reverse proxy. However, does not to prevent them being implemented for NGINX as a standalone server.\n\n## Who this handbook is for\n\nIf you do not have the time to read hundreds of articles (just like me) this multipurpose handbook may be useful. I created it in the hope that it will be useful especially for System Administrators and Experts of Web-based applications.\n\nThis handbook does not get into all aspects of NGINX. What's more, some of the things described in this guide may be rather basic because most of us do not configure NGINX every day and it is easy to forget about basic\u002Ftrivial things. On the other hand, also discusses heavyweight topics so there is something for advanced users. I tried to put external resources in many places in this handbook in order to dispel any suspicion that may exist.\n\nI did my best to make this handbook a single and consistent (but now I know that is really hard). It's organized in an order that makes logical sense to me. I think it can also be a good complement to official documentation and other great documents. Many of the topics described here can certainly be done better or different. Of course, I still have a lot [to improve and to do](#contributing--support). I hope you enjoy and have fun with it.\n\nDo not treat this handbook and notes written here as revealed knowledge. You should take a scientific approach when reading this document. If you have any doubts and disagree with me, please point out my mistakes. You should to discover cause and effect relationships by asking questions, carefully gathering and examining the evidence, and seeing if all the available information can be combined in to a logical answer.\n\nI create this handbook for one more reason. Rather than starting from scratch in, I putting together a plan for answering your questions to help you find the best way to do things and ensure that you don't repeat my mistakes from the past.\n\nSo, what's most important:\n\n- ask a questions about something that you observe\n- do background research\n- do tests with an experiments\n- analyze and draw conclusions\n- communicate results (for us!)\n\nFinally, you should know I'm not a NGINX expert but I love to know how stuff works and why work the way they do. [I’m not a crypto expert... but I do know the term \"elliptic curve\"](https:\u002F\u002Ftwitter.com\u002FErikVoorhees\u002Fstatus\u002F1004313761224757248) (I really like this quote!). Don't need to be an expert to figure out the reason just got to have used this and not this or why something works this way and not another. It feels good to understand the recommendations and nuances of a topic you’re passionate about.\n\n## Before you start\n\nRemember about the following most important things:\n\n > **`Blindly deploying of the rules described here can damage your web application!`**\n\n > **`Do not follow guides just to get 100% of something. Think about what you actually do at your server!`**\n\n > **`Copy-and-paste is not the best way to learn. Think twice before adopting rules from this handbook.`**\n\n > **`There are no settings that are perfect for everyone.`**\n\n > **`Always think about what is better and more important for you: security vs usability\u002Fcompatibility.`**\n\n > **`Security mainly refers to minimise the risk.`**\n\n > **`Change one thing may open a whole new set of problems.`**\n\n > **`Read about how things work and what values are considered secure enough (and for what purposes).`**\n\n > **`The only correct approach is to understand your exposure, measure and tune.`**\n\n```diff\n+ Security is important for ethical reasons. Compliance is important for legal reasons.\n+ The key to workplace contentment is understanding they are unrelated to each other.\n+ Both are important, but one does not lead to the other (compliance != security).\nauthor: unknown\n\n+ Security is always needed, no matter what type of website it is. It can be static HTML\n+ or fully dynamic, an attacker can still inject hostile content into the page in transit\n+ to attack the user.\nauthor: Scott Helme\n\n+ Don’t enable older deprecated protocols just because Karen in Florida is still using\n+ a PC that she bought back in 2001.\nauthor: thisinterestsmeblog\n```\n\nI think, in the age of phishing, cyber attacks, ransomware, etc., you should take care of security of your infrastructure as hard as possible but don't ever forget about this one...\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Ftrimstray\u002Fnginx-admins-handbook\u002Fblob\u002Fmaster\u002Fstatic\u002Fimg\u002Fcrypto_nerds.png\">\n\u003C\u002Fp>\n\nLastly, I would like to quote two very important comments found on the web about compliance with the standards and regulations, and essence of a human factor in security:\n\n > _Regulations that make sense are often not descriptive - capturing the intent and scope of a rule often requires technical expertise. More than that, it's the type of expertise most organisations do not have. And instead of improving themselves, these companies, who may form the grand majority of the industry, petition the regulators to provide a safe checklist of technical mitigations that can be implemented to remain compliant. [...] Instead of doing the right thing and meeting the planned intent, companies are instead ticking nonsensical boxes that the regulators and their auditors demand. Blindly. Mindlessly. Divorced from reality._ - by [bostik](https:\u002F\u002Fnews.ycombinator.com\u002Fuser?id=bostik)\n\n > _Whenever considering security, the human factor is nearly always as important or more important than just the technical aspects. Policy and procedures need to consider the human element and try to ensure that these policies and procedures are structured in such a way as to help enable staff to do the right thing, even when they may not fully understand why they need to do it._ - by [Tim X](https:\u002F\u002Fsecurity.stackexchange.com\u002Fusers\u002F13958\u002Ftim-x)\n\n## Contributing & Support\n\n > _A real community, however, exists only when its members interact in a meaningful way that deepens their understanding of each other and leads to learning._\n\nIf you find something which doesn't make sense, or something doesn't seem right, please make a pull request and please add valid and well-reasoned explanations about your changes or comments.\n\nBefore adding a pull request, please see the **[contributing guidelines](.github\u002FCONTRIBUTING.md)**.\n\n## Code Contributors\n\nThis project exists thanks to all the people who contribute.\n\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftrimstray\u002Fnginx-admins-handbook\u002Fgraphs\u002Fcontributors\">\u003Cimg src=\"https:\u002F\u002Fopencollective.com\u002Fnginx-admins-handbook\u002Fcontributors.svg?width=890&button=false\">\u003C\u002Fa>\n\n### ToDo\n\nWhat needs to be done? Look at the following ToDo list:\n\nNew chapters:\n\n- [x] **Bonus Stuff**\n- [x] **HTTP Basics**\n- [x] **SSL\u002FTLS Basics**\n- [x] **Reverse Proxy**\n- [ ] **Caching**\n- [x] **Core modules**\n- [x] **3rd party modules**\n- [ ] **Web Application Firewall**\n- [ ] **ModSecurity**\n- [x] **Debugging**\n\nExisting chapters:\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Introduction\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - [x] _Prologue_\n - [x] _Why I created this handbook_\n - [x] _Who this handbook is for_\n - [x] _Before you start_\n - [x] _Contributing & Support_\n - [x] _RSS Feed & Updates\n - [x] _Checklist to rule them all_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Bonus Stuff\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - [x] _Fully automatic installation_\n - [x] _Static error pages generator_\n - [x] _Server names parser_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Books\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - [x] _ModSecurity 3.0 and NGINX: Quick Start Guide_\n - [x] _Cisco ACE to NGINX: Migration Guide_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>External Resources\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - _Nginx official_\n - [x] _Nginx Forum_\n - [x] _Nginx Mailing List_\n - [x] _NGINX-Demos_\n - _Presentations & Videos_\n - [x] _NGINX: Basics and Best Practices_\n - [x] _NGINX Installation and Tuning_\n - [x] _Nginx Internals (by Joshua Zhu)_\n - [x] _Nginx internals (by Liqiang Xu)_\n - [x] _How to secure your web applications with NGINX_\n - [x] _Tuning TCP and NGINX on EC2_\n - [x] _Extending functionality in nginx, with modules!_\n - [x] _Nginx - Tips and Tricks._\n - [x] _Nginx Scripting - Extending Nginx Functionalities with Lua_\n - [x] _How to handle over 1,200,000 HTTPS Reqs\u002FMin_\n - [x] _Using ngx_lua \u002F lua-nginx-module in pixiv_\n - _Cheatsheets & References_\n - [x] _Nginx configurations for most popular CMS\u002FCMF\u002FFrameworks based on PHP_\n - _Performance & Hardening_\n - [x] _Memorable site for testing clients against bad SSL configs_\n - _Config parsers_\n - [x] _Quick and reliable way to convert NGINX configurations into JSON and back_\n - [x] _Parses nginx configuration with Pyparsing_\n - _Config managers_\n - [x] _Ansible role to install and manage nginx configuration_\n - [x] _Ansible Role - Nginx_\n - [x] _Ansible role for NGINX_\n - [x] _Puppet Module to manage NGINX on various UNIXes_\n - _Static analyzers_\n - [x] _nginx-minify-conf_\n - _Comparison reviews_\n - [x] _NGINX vs. Apache (Pro\u002FCon Review, Uses, & Hosting for Each)_\n - [x] _Web cache server performance benchmark: nuster vs nginx vs varnish vs squid_\n - _Builder tools_\n - [x] _Nginx-builder_\n - _Benchmarking tools_\n - [x] _wrk2_\n - [x] _httperf_\n - [x] _slowloris_\n - [x] _slowhttptest_\n - [x] _GoldenEye_\n - _Debugging tools_\n - [x] _strace_\n - [x] _GDB_\n - [x] _SystemTap_\n - [x] _stapxx_\n - [x] _htrace.sh_\n - _Security & Web testing tools_\n - [x] _Burp Suite_\n - [x] _w3af_\n - [x] _nikto_\n - [x] _ssllabs-scan_\n - [x] _http-observatory_\n - [x] _testssl.sh_\n - [x] _sslyze_\n - [x] _cipherscan_\n - [x] _O-Saft_\n - [x] _Nghttp2_\n - [x] _h2spec_\n - [x] _http2fuzz_\n - [x] _Arjun_\n - [x] _Corsy_\n - [x] _XSStrike_\n - _Online & Web tools_\n - [x] _ssltools_\n - _Other stuff_\n - [x] _OWASP Cheat Sheet Series_\n - [x] _Mozilla Web Security_\n - [x] _Application Security Wiki_\n - [x] _OWASP ASVS 4.0_\n - [x] _The System Design Primer_\n - [x] _awesome-scalability_\n - [x] _Web Architecture 101_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>HTTP Basics\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - [x] _Features and architecture_\n - [x] _HTTP\u002F2_\n - [x] _How to debug HTTP\u002F2?_\n - [x] _HTTP\u002F3_\n - [x] _URI vs URL_\n - [x] _Connection vs request_\n - [x] _HTTP Headers_\n - [x] _Header compression_\n - [x] _HTTP Methods_\n - [x] _Request_\n - [x] _Request line_\n - [x] _Methods_\n - [x] _Request URI_\n - [x] _HTTP version_\n - [x] _Request header fields_\n - [x] _Message body_\n - [x] _Generate requests_\n - [x] _Response_\n - [x] _Status line_\n - [x] _HTTP version_\n - [x] _Status codes and reason phrase_\n - [x] _Response header fields_\n - [x] _Message body_\n - [x] _HTTP client_\n - [x] _IP address shortcuts_\n - [x] _Back-End web architecture_\n - [x] _Useful video resources_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>SSL\u002FTLS Basics\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - [x] _TLS versions_\n - [x] _TLS handshake_\n - [x] _In which layer is TLS situated within the TCP\u002FIP stack?_\n - [x] _RSA and ECC keys\u002Fcertificates_\n - [x] _Cipher suites_\n - [x] _Authenticated encryption (AEAD) cipher suites_\n - [x] _Why cipher suites are important?_\n - [x] _NGINX and TLS 1.3 Cipher Suites_\n - [x] _Diffie-Hellman key exchange_\n - [x] _Certificates_\n - [x] _Chain of Trust_\n - [x] _What is the main purpose of the Intermediate CA?_\n - [x] _Single-domain_\n - [x] _Multi-domain_\n - [x] _Wildcard_\n - [x] _Wildcard SSL doesn't handle root domain?_\n - [x] _TLS Server Name Indication_\n - [x] _Verify your SSL, TLS & Ciphers implementation_\n - [x] _Useful video resources_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>NGINX Basics\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - _Processes_\n - [x] _CPU pinning_\n - [x] _Shutdown of worker processes_\n - _Configuration syntax_\n - [x] _Comments_\n - [x] _End of lines_\n - [x] _Variables, Strings, and Quotes_\n - [x] _Directives, Blocks, and Contexts_\n - [x] _External files_\n - [x] _Measurement units_\n - [x] _Regular expressions with PCRE_\n - [x] _Enable syntax highlighting_\n - _Connection processing_\n - [x] _Event-Driven architecture_\n - [x] _Multiple processes_\n - [x] _Simultaneous connections_\n - [x] _HTTP Keep-Alive connections_\n - [x] _sendfile, tcp_nodelay, and tcp_nopush_\n - _Server blocks logic_\n - [x] _Matching location_\n - [ ] _if in location_\n - [ ] _Nested locations_\n - [x] _rewrite vs return_\n - [x] _try_files directive_\n - [x] _if, break and set_\n - [x] _root vs alias_\n - [x] _internal directive_\n - [x] _External and internal redirects_\n - [x] _allow and deny_\n - [x] _uri vs request_uri_\n - _Compression and decompression_\n - [x] _What is the best NGINX compression gzip level?_\n - _Hash tables_\n - [x] _Server names hash table_\n - _Log files_\n - [x] _Conditional logging_\n - [x] _Manually log rotation_\n - [x] _NGINX upstream variables returns 2 values_\n - _Reverse proxy_\n - [x] _Passing requests_\n - [x] _Trailing slashes_\n - [ ] _Processing headers_\n - [x] _Passing headers_\n - [x] _Importance of the Host header_\n - [x] _Redirects and X-Forwarded-Proto_\n - [x] _A warning about the X-Forwarded-For_\n - [x] _Improve extensibility with Forwarded_\n - [x] _Response headers_\n - _Load balancing algorithms_\n - [x] _Backend parameters_\n - [x] _Upstream servers with SSL_\n - [x] _Round Robin_\n - [x] _Weighted Round Robin_\n - [x] _Least Connections_\n - [x] _Weighted Least Connections_\n - [x] _IP Hash_\n - [x] _Generic Hash_\n - [ ] _Fair module_\n - [x] _Other methods_\n - _Rate Limiting_\n - [x] _Variables_\n - [x] _Directives, keys, and zones_\n - [x] _Burst and nodelay parameters_\n - _NAXSI Web Application Firewall_\n - _OWASP ModSecurity Core Rule Set (CRS)_\n - _Other subjects_\n - [ ] _Secure Distribution of SSL Private Keys with NGINX_\n - _Core modules_\n - [x] _ngx_http_geo_module_\n - _3rd party modules_\n - [x] _ngx_set_misc_\n - [x] _ngx_http_geoip_module_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Helpers\u003C\u002Fb>\u003C\u002Fsummary>\u003Cbr>\n\n - _Installing from source_\n - [x] _Automatic installation on RHEL\u002FDebian\u002FBSD_\n - [x] _Compiler and linker_\n - [x] _Debugging Symbols_\n - [x] _SystemTap_\n - [x] _stapxx_\n - [x] _Separation and improvement of installation methods_\n - [x] _Installation Nginx on CentOS 7_\n - [x] _Installation OpenResty on CentOS 7_\n - [x] _Installation Tengine on Ubuntu 18.04_\n - [x] _Installation Nginx on FreeBSD 11.3_\n - [x] _Installation Nginx on FreeBSD 11.3 (from ports)_\n - _Monitoring_\n - [ ] _CollectD, Prometheus, and Grafana_\n - [ ] _nginx-vts-exporter_\n - [ ] _CollectD, InfluxDB, and Grafana_\n - [ ] _Telegraf, InfluxDB, and Grafana_\n - _Testing_\n - [x] _Build OpenSSL 1.0.2-chacha version_\n - [x] _Send request and show response headers_\n - [x] _Send request with http method, user-agent, follow redirects and show response headers_\n - [x] _Send multiple requests_\n - [x] _Testing SSL connection_\n - [x] _Testing SSL connection (debug mode)_\n - [x] _Testing SSL connection with SNI support_\n - [x] _Testing SSL connection with specific SSL version_\n - [x] _Testing SSL connection with specific cipher_\n - [x] _Verify 0-RTT_\n - [x] _Testing SCSV_\n - _Load testing with ApacheBench (ab)_\n - [x] _Standard test_\n - [x] _Test with Keep-Alive header_\n - _Load testing with wrk2_\n - [x] _Standard scenarios_\n - [x] _POST call (with Lua)_\n - [x] _Random paths (with Lua)_\n - [x] _Multiple paths (with Lua)_\n - [x] _Random server address to each thread (with Lua)_\n - [x] _Multiple json requests (with Lua)_\n - [x] _Debug mode (with Lua)_\n - [x] _Analyse data pass to and from the threads_\n - [x] _Parsing wrk result and generate report_\n - _Load testing with locust_\n - [x] _Multiple paths_\n - [x] _Multiple paths with different user sessions_\n - [x] _TCP SYN flood Denial of Service attack_\n - [x] _HTTP Denial of Service attack_\n - _Debugging_\n - [x] _Show information about processes_\n - [x] _Check memory usage_\n - [x] _Show open files_\n - [x] _Check segmentation fault messages_\n - [x] _Dump configuration_\n - [x] _Get the list of configure arguments_\n - [x] _Check if the module has been compiled_\n - [x] _Show the most accessed IP addresses (ip and url)_\n - [x] _Show the most requested urls with http methods_\n - [x] _Show the most accessed response codes_\n - [x] _Calculating requests per second with IP addresses and urls_\n - [x] _Check that the gzip_static module is working_\n - [x] _Which worker processing current request_\n - [x] _Capture only http packets_\n - [x] _Extract User Agent from the http packets_\n - [x] _Capture only http GET and POST packets_\n - [x] _Capture requests and filter by source ip and destination port_\n - [x] _Capture HTTP requests\u002Fresponses in real time, filter by GET, HEAD and save to a file_\n - [ ] _Server Side Include (SSI) debugging_\n - [x] _Dump a process's memory_\n - _GNU Debugger (gdb)_\n - [x] _Dump configuration from a running process_\n - [x] _Show debug log in memory_\n - [x] _Core dump backtrace_\n - [x] _Debugging socket leaks_\n - _SystemTap cheatsheet_\n - [x] _stapxx_\n - _Errors & Issues_\n - [ ] _Common errors_\n - _Configuration snippets_\n - [x] _Nginx server header removal_\n - [x] _Custom log formats_\n - [x] _Log only 4xx\u002F5xx_\n - [x] _Restricting access with client certificate_\n - [x] _Restricting access by geographical location_\n - [x] _GeoIP 2 database_\n - [ ] _Custom error pages_\n - [x] _Dynamic error pages with SSI_\n - [x] _Limiting the rate of requests per IP with geo and map_\n - [x] _Using trailing slashes_\n - [x] _Properly redirect all HTTP requests to HTTPS_\n - [x] _Adding and removing the www prefix_\n - [x] _Proxy\u002Frewrite and keep the original URL_\n - [x] _Proxy\u002Frewrite and keep the part of original URL_\n - [x] _Pro","Nginx Admin's Handbook 是一个专注于提升 Nginx 性能、安全性和其他重要事项的指南。该项目提供了详尽的基础管理知识、技巧、注意事项及陷阱,覆盖了从基础配置到高级优化的各个方面,并且包含一系列实用工具如 SSL 配置报告生成器、静态错误页面生成器等。特别适合需要深入理解和优化 Nginx 服务器设置的管理员和技术人员使用。",2,"2026-06-11 03:34:27","high_star"]