What is nginx?
nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 12.77% busiest sites in January 2013. Here are some of the success stories: Netflix, Wordpress.com, FastMail.FM.
The sources and documentation are distributed under the 2-clause BSD-like license.
Basic HTTP features
- Serving static and index files, autoindexing; open file descriptor cache;
- Accelerated reverse proxying with caching; simple load balancing and fault tolerance;
- Accelerated support with caching of FastCGI, uwsgi, SCGI, and memcached servers; simple load balancing and fault tolerance;
- Modular architecture. Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, and image transformation filter. Multiple SSI inclusions within a single page can be processed in parallel if they are handled by proxied or FastCGI servers;
- SSL and TLS SNI support.
Other HTTP features
- Name-based and IP-based virtual servers
- Keep-alive and pipelined connections support;
- Flexible configuration;
- Reconfiguration and upgrade of an executable without interruption of the client servicing;
- Access log formats, buffered log writing, and fast log rotation;
- 3xx-5xx error codes redirection;
- The rewrite module: URI changing using regular expressions;
- Executing different functions depending on the client address;
- Access control based on client IP address and HTTP Basic authentication;
- Validation of HTTP referer;
- The PUT, DELETE, MKCOL, COPY, and MOVE methods;
- FLV and MP4 streaming;
- Response rate limiting;
- Limiting the number of simultaneous connections or requests coming from one address;
- Embedded Perl.
Mail proxy server features
- User redirection to IMAP/POP3 backend using an external HTTP authentication server;
- User authentication using an external HTTP authentication server and connection redirection to an internal SMTP server;
- Authentication methods:
- POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5;
- IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5;
- SMTP: AUTH LOGIN/PLAIN/CRAM-MD5;
- SSL support;
- STARTTLS and STLS support.
Architecture and scalability
- One master process and several workers processes. The workers run as unprivileged user;
- The notification methods: kqueue (FreeBSD 4.1+), epoll (Linux 2.6+), rt signals (Linux 2.2.19+), /dev/poll (Solaris 7 11/99+), event ports (Solaris 10), select, and poll;
- The support of the various kqueue features including EV_CLEAR, EV_DISABLE (to disable event temporalily), NOTE_LOWAT, EV_EOF, number of available data, error codes;
- sendfile (FreeBSD 3.1+, Linux 2.2+, Mac OS X 10.5), sendfile64 (Linux 2.4.21+), and sendfilev (Solaris 8 7/01+) support;
- File AIO (FreeBSD 4.3+, Linux 2.6.22+);
- Accept-filters (FreeBSD 4.1+) and TCP_DEFER_ACCEPT (Linux 2.4+) support;
- 10,000 inactive HTTP keep-alive connections take about 2.5M memory;
- Data copy operations are kept to a minimum.
Tested OS and Platforms
- FreeBSD 3 — 10 / i386; FreeBSD 5 — 10 / amd64;
- Linux 2.2 — 3 / i386; Linux 2.6 — 3 / amd64;
- Solaris 9 / i386, sun4u; Solaris 10 / i386, amd64, sun4v;
- AIX 7.1 / powerpc;
- HP-UX 11.31 / ia64;
- Mac OS X / ppc, i386;
- Windows XP, Windows Server 2003.