Nginx, pronounced "engine-X", is the second most common web server among the top 100,000 websites. Nginx also functions well as a reverse proxy to handle requests and pass back responses for Python WSGI servers or even other web servers such as Apache.
Nginx is commonly used as a web server to serve static assets such as images, CSS and JavaScript to web browser clients.
Nginx is also typically configured as a reverse proxy, which passes appropriate incoming HTTP requests to a WSGI server. The WSGI server produces dynamic content by running Python code. When the WSGI server passes its response, which is often in the HTML, JSON or XML format, the reverse proxy then responds to the client with that result.
The request and response cycle with a reverse proxy server and the WSGI server can be seen in the following diagram.
Typically the client will not know or need to know that a Python web application generated the result. The result could have instead been generated by one or more backend systems written in any programming language, not just Python.
Let's be clear about these two "competing" servers: they are both fantastic open source projects and either will serve your web application deployment well. In fact, many of the top global web applications use both servers in their deployments to function in many steps throughout the HTTP request-response cycle.
I personally use Nginx more frequently than Apache because Nginx's configuration feel easier to write, with less boilerplate than alternatives.
There's also a bit of laziness in the usage: Nginx works well, it never causes me problems. So I stick with my battle-tested Ansible configuration management files that set up Nginx with HTTPS and SSL/TLS certificates
Nginx's default configuration after a standard installation through a system package manager or compiling from source is a good base for security. However, setting up ciphers and redirects can be confusing the first few times you try it. It's a really good idea to read some of these tutorials to make sure you are avoiding the most common security errors that plague HTTP(S) configurations.
HTTPS with Let's Encrypt and nginx walks through installing a free SSL certificate from Let's Encrypt to secure HTTP connects to your nginx server via HTTPS.
The Nginx Config tool can generate strong encryption configurations and ciphers for Nginx.
Gixy is a static analyzer for your Nginx configuration and can tell you issues with how you are setup.
Strong SSL Security on Nginx shows how to mitigate high profile SSL attacks like Logjam and Heartbleed.
Nginx can be used without Python so there are a massive number of fantastic resources available for installing, configuring and optimizing this web server implementation. The following resources are ones that I collected during my own struggle while learning how to use Nginx after I had used Apache HTTP Server for several years.
The Nginx chapter in the Architecture of Open Source Applications book has a great chapter devoted to why Nginx is built to scale a certain way and lessons learned along the development journey.
nginx-quick-reference provides fantastic tactical advice for improving Nginx performance, handling security and many other critical aspects.
Inside Nginx: How we designed for performance and scale is a blog post from the developers behind Nginx on why they believe their architecture model is more performant and scalable than other approaches used to build web servers.
Test-driving web server configuration tells a good story for how to iteratively apply configuration changes, such as routing traffic to Matoma for web analytics, reverse proxying to backend application servers and terminately TLS connections appropriately. It is impressive to read a well-written softare development article like this from a government agency, although UK's Government Digital Service as well as USA's 18F and US Digital Service foster a far more credible culture than most typical agencies.
Hacker News broke our site – how Nginx and PageSpeed fixed the problem is primarily about optimizing Nginx's configuration for more efficient SSL connections. The post also covers configuration management with Ansible as well as the Pagespeed module that Google released for both Nginx and the Apache HTTP Server.
A faster Web server: ripping out Apache for Nginx explains how Nginx can be used instead of Apache in some cases for better performance.
Nginx vs Apache: Our view is a first-party perspective written by the developers behind Nginx as to the differences between the web servers.
Rate Limiting with Nginx covers how to mitigate against brute force password guessing attempts using Nginx rate limits.
Nginx with dynamic upstreams is an important note for setting up your upstream WSGI server(s) if you're using Nginx as a reverse proxy with hostnames that change.
Nginx Caching shows how
to set up Nginx for caching HTTP requests, which is often done by Varnish
but can also be handled by Nginx with the proxy_cache
and related
directives.
Dynamic log formats in nginx explains how to use the HttpSetMiscModule module to transform variables in Nginx and map input to controlled output in the logs. The author uses this technique for pixel tracking but there are other purposes this method could be used for such as advanced debugging.
Detecting Bots in Apache & Nginx Logs is an awesome tutorial that shows how to filter web crawlers and bots from your traffic logs when using them for web traffic analytics.