Read on Twitter
Want to know powerful ways to supercharge your NGINX server and improve its performance?These are some of the changes that I did to improve the performance and security of my microstartups http://visalist.io and http://simpleops.io
1/ You can get these performance benefits easily. You don’t need to be a DevOps expert to make these optimizations. Anyone who is new to web applications and is using NGINX can use these steps. All you have to do is edit your NGINX config file.
2/ Improve Performance with HTTP/2 Support: HTTP/2 has a lot of benefits over HTTP, like allowing the browser to download files in parallel, and allowing the server to push resources, among others. All you have to do is to replace http with http2 in your default server block.
3/ Reduce Scrapping / Attacks: Limiting the requests to the server is critical, as this can easily deplete the resources and can result in huge billings. It's also important to fend off those who want to scrape and attack the servers.
4/ Client-side Caching: Caching static files on the browser is easy, and it saves a lot of requests to the server. All you have to do is add these two code blocks and specify the expiration as you please. You can include any other static file extension you deem worthy of caching.
5/ Microcaching: Microcaching is a caching technique in which content is cached for a very short period of time, perhaps as little as 1 second. This effectively means that updates to the site are delayed by no more than a second, which in many cases is perfectly acceptable.
6/ Redirect WWW: Google prefers that you choose a domain without www instead. It’s better to choose the naked domain as its smaller and removes the redundant www . You can now redirect all www users to your naked domain by adding these below directives.
7/ Content Compression: Here comes Brotli, which is the latest encoding algorithm by Google. Brotli is ~20% more efficient than Gzip. Just keep in mind you should send content in Gzip where Brotli is not supported. Brotli works best with static files rather than dynamic content.
8/ Improve Security: NGINX doesn't have all the important security headers required which are pretty straightforward actually. These prevent clickjacking attacks, cross-site scripting attacks, and other code injection attacks. HSTS also protects from protocol downgrade attacks.
9/ Optimize SSL and Sessions: Use on TLS and disable SSL. SSL is pretty old and outdated and has a lot of vulnerabilities. Optimize cipher suites, as they are the core of TLS. This is where encryption happens.
10/ So the final NGINX config and domain config looks something like this:
https://gist.github.com/1hakr/01cb00dfce8c92a15c0d9faee9052042
Now all you have to do is reload your NGINX config file and you have supercharged your NGINX server.
https://gist.github.com/1hakr/01cb00dfce8c92a15c0d9faee9052042
Now all you have to do is reload your NGINX config file and you have supercharged your NGINX server.
11/ If you find this beyond your reach, then there is a simple website that can get the final config file for you https://www.digitalocean.com/community/tools/nginx#
