Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the request is terminated with the 408(Request Time-out) error. Default 60s.
Jeśli klient wysyła headery i czas ich wysyłania jest dłuższy niż 60s, połączenie zostanie przerwane z kodem błędu 408.
Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmitt anything with this time, the request is terminated with the 408(Request Time-out) error. Default 60s.
Jeśli klient wysyła body i przerwa pomiędzy pierwszym “porcją” i kolejną wynosi więcej niż 60s, połączenie zostanie przerwane z kodem błędu 408.
Sets a timeout for transmitting a resoponse to the client. The timeout is set only between two succesive write operations, not for the transmission of the whole response. If the client does not receive anything with this time, the connection is closed. Defautl 60s.
Jeśli klient wysyła request, nginx przesyła request do backendu, backend odpowiada i jeśli klient przy odbieraniu kolejnych “porcji” już od nginx czeka dłużej niż 60s, nginx przerwie połącznie z kodem błędy 408.
The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ. Default 75s.
When lingering_close is in effect, this directive specifies the maximum waiting time for more client data to arrive. If data are not received during this time the connection is closed. Otherwise, the data are read and ignored, and nginx starts waiting for more data again. The “wait-read-ignore” cycle is repeated, but no longer specified by the lingering_time directive.
Służy do czystego zamknięcia połączenia.
Sets a timeot for name resolution. 30s. Jeśli nginx nie może znaleźć servera backendu, po 30s zakończy połączenie od klineta.
Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds. Jeśli serwery są blisko, czas powinien być zmniejszony np. do 3s.
Sets a timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything with tihs time, connection is closed. (60s?)
Defines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operation, not for the transmission of the whole response. If the proxied server does not transmit anything with this time the connection is closed. (60s?)
Set a timeout during which an idle keepalive connection to an upstream server will stay open.
Limits the time during which a request can be passed to the next server. The 0 value turns off this limitation. Default 0.
Allows an attacker to overhelm a target server by opening and maintaining many simultaneous HTTP connections between the attacker ant the target.
http {
server {
listen 80;
root /home/chodkows/Git/nginx/; # here is index.html
}
location /Pictures {
root /home/chodkows/; # when localhost/Pictures will go to ~/Pictures
}
location ~ .jpg$ { # ~ means regexp, so every file which ends with jpg
return 403;
}
server {
listen 8888;
location / {
proxy_pass http://localhost:80/; # redirect to localhost:80
}
location /img {
proxy_pass http://localhost:80/Pictures/;
}
}
}
events{}
docker run -d -p 2222:9999 -e APID=2222 nodeapp
docker run -d -p 3333:9999 -e APID=3333 nodeapp
docker run -d -p 4444:9999 -e APID=4444 nodeapp
docker run -d -p 5555:9999 -e APID=5555 nodeapphttp {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
location / {
proxy_pass http://allbackend/;
}
}
}
events {}
http {
upstream allbackend {
ip_hash; # request from one ip will always go to one backend - sticky session
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
location / {
proxy_pass http://allbackend/;
}
}
}
events {}
http {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
upstream app1backend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
}
upstream app2backend {
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
location / {
proxy_pass http://allbackend/;
}
location /app1 {
proxy_pass http://app1backend/;
}
location /app2 {
proxy_pass http://app2backend/;
}
}
}
events {}
location is not allowed in layer 4. Layer 4 don’t know which protocol is used.
stream {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
proxy_pass allbackend;
}
}
events {}
Need to run nginx as sudo TLS checker - site where we can check certificate
http {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/nginxtest.ddns.net/fulchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nginxtest.ddns.net/privkey.pem;
location / {
proxy_pass http://allbackend/;
}
}
}
events {}
http {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/nginxtest.ddns.net/fulchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nginxtest.ddns.net/privkey.pem;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://allbackend/;
}
}
}
events {}
http {
upstream allbackend {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/nginxtest.ddns.net/fulchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nginxtest.ddns.net/privkey.pem;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://allbackend/;
}
}
}
events {}
GET /chat HTTP/1.1 Host: server.example.com Upgrade: websockets Connection: Upgrade Sec-WebSocket-Key: faij4213gadfu21HFA3jj== Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Origin: http://example.com
HTTP/1.1 101 Switching Protocols Upgrade: websockets Connection: Upgrade Sec-WebSocket-Accept: HSfgasfj321dJLKJ7sfa== Sec-WebSocket-Protocol: chat
npm init
npm i websocketconst http = require("http")
const WebSocketServer = require("websocket").server;
const httpServer = http.createServer()
const websocketServer = new WebSocketServer(
{httpServer}
)
const PORT = process.argv[2] || 8080;
let connection = null;
httpServer.listen(PORT, () => console.log(`Listening on port ${PORT}`))
websocketServer.on("request", request => {
connection = request.accept(null, request.origin)
connection.on("message", data => {
console.log(`Hey I received a message ${data.utf8Data}`)
connection.send(`Hey Client! Received your message ${data.utf8Data} on ${PORT}`)
})
})node index.js 8080let ws = new WebSocket("ws://localhost:8080")
ws.onmessage = e => console.log(e.data)
ws.send("Hello!")stream {
upstream wsbackends {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 8080;
proxy_pass wsbackends;
}
}
events {}
http {
upstream wsapp {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
}
upstream wschat {
server 127.0.0.1:4444;
server 127.0.0.1:5555;
}
server {
listen 8080;
location / {
root /home/chodkows/Git/nginx/websocket/; # address to index.html
}
location /wsapp {
proxy_pass http://wsapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /wschat {
proxy_pass http://wschat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
}
events {}