[TriLUG] Help with proxy setup
Matt Pusateri
mpusateri at wickedtrails.com
Thu Dec 5 09:51:18 EST 2013
Late to this party, glad you got it resolved. I recently at previous job ran Nginx as a proxy server and the things I didn’t like about it were. 1. No dynamic modules, you have to recompile each time if you need a new module, not a big deal, but more work. 2. And more important, it was extremely difficult to get good stats out of Nginx. I much preferred HA-Proxy.
Matt P.
On Dec 3, 2013, at 10:06 PM, Ron Kelley <rkelleyrtp at gmail.com> wrote:
> Thanks again, Igor, for the wonderful information. Let me sift through the list of additional optimization and see if I can make any headway.
>
> -Ron
>
>
> On Dec 3, 2013, at 6:40 PM, Igor Partola <igor at igorpartola.com> wrote:
>
> Ron,
>
> The only thing I see that I wouldn't do here i the "server_name _" part. I
> think you can just omit that, or actually specify the hostnames that this
> will serve. Otherwise, looks good to me.
>
> Also, you can certainly do some optimization here if you care to:
>
> 1. Tune the number of nginx worker processes and connections per worker
> (and the open file limits) to match your processing power
> 2. Add cache headers bases on request type. For example, you could probably
> automatically add something like 30 days expiration on certain static
> resources, though obviously be careful not to have users cache stuff that
> is bound to change.
> 3. Enable proxy_cache. This stuff is wonderful. It can be the difference
> between 10 and 1000 concurrent users, assuming you can cache the content
> you are serving. This is easily the biggest optimization you can add.
> 4. Add custom error pages.
> 5. Add HTTPS/TLS, and ditch HTTP. If you are accessing /wp-admin/ over
> HTTP, your password is in cleartext on the internet.
> 6. Add a maintenance page: when a specific HTML file exists on disk, serve
> that and a 503 status code. This lets you take sites down for maintenance
> nicely.
> 7. Add some way to normalize/filter the $host variable. This can probably
> be done on the backends as well. For example, you might want to add or
> remove the "www." prefix.
> 8. Add gzip compression for textual responses (careful with HTML + gzip +
> SSL. There is a recent vulnerability in SSL that can be exploited through
> this.)
>
> No problem. Glad I got someone else to use of of my favorite pieces of
> software.
>
> Igor
> --
> This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
> --
> This message was sent to: M. Pusateri <mpusateri at wickedtrails.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/mpusateri%40wickedtrails.com
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list