| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.
nginx -V for the following:
...
TLS SNI support enabled
| upstream warehouse_inventory { | |
| zone inventory_service 64k; | |
| server 10.0.0.1:80; | |
| server 10.0.0.2:80; | |
| server 10.0.0.3:80; | |
| } | |
| upstream warehouse_pricing { | |
| zone pricing_service 64k; | |
| server 10.0.0.7:80; |
| -- Tit Petric, Monotek d.o.o., Tue 03 Jan 2017 06:54:56 PM CET | |
| -- | |
| -- Delete nginx cached assets with a PURGE request against an endpoint | |
| -- supports extended regular expression PURGE requests (/upload/.*) | |
| -- combine single,all,match three mode | |
| -- updated by nosun [email protected] | |
| local md5 = require 'md5' | |
| function file_exists(name) |
For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |