NGINX Serving large files (mp4), extremely inefficiently - unix

I am currently running nginx/1.0.15 on a Centos 6.6 OS.
The server has the following specs:
Intel(R) Atom(TM) CPU C2750 # 2.40GHz (8 cores)
32GB Ram
5 x 6000 GB 7200 RPM (Raid 10)
The Problem
The server has a 1Gbit/s connection, however it tops out and bottlenecks after 400-500 mbit/s. Service starts to decline at roughly 100 connections.. and the speed with the server drops dramatically (despite having 50% bandwidth still available)
The NGINX server is strictly for serving static .mp4 files. Each file is typically 400-1200MB (700mb being the avg.)
I have tried many many configurations and just about all of them give me the same results.
Is there anything blatantly wrong or misguided in my configuration?
The Configurations
/etc/nginx/nginx.conf
user nginx;
worker_processes 9;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 51200;
use epoll;
}
worker_rlimit_nofile 600000;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
access_log off;
aio on;
sendfile off;
tcp_nopush off;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
output_buffers 1 3m;
#gzip on;
include /etc/nginx/conf.d/*.conf;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
}
/etc/nginx/conf.d/default.conf
server {
listen 80 default_server sndbuf=32k;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
include /etc/nginx/default.d/*.conf;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /Videos/ {
root /home;
gzip off;
gzip_static off;
mp4;
mp4_max_buffer_size 300m;
}
location /stats {
stub_status on;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

Related

uWSGI + NGINx + web2py application not accassable

I am using centos 7 with python 2.7.15 and uwsgi + nginx to host my app.
step by step i am getting closer to make it work.
I had to set the python 2.7.15 to work as python insted of 2.7.5
then I had some uwsgi probmels with emperor service.
but now... the app works when I run uwsgi trough
uwsgi --http :8000 --chdir /opt/web2py -w wsgihandler:application
but when I try to put it together with nginx I cannot access the page
My nginx config ATM is
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
map $request_uri $loggable {
~/engine/getTasks.* 0;
~/static/* 0;
default 1;
}
access_log /var/log/nginx/access.log main if=$loggable;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
client_max_body_size 10M;
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /opt/web2py_cert/web2py.com;
}
location / {
uwsgi_pass unix:/run/uwsgi/web2py.sock;
include uwsgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
And my uwsgi.ini file
[uwsgi]
plugin = python2.7
logto = /opt/web2py/uwsgi.log
chdir = /opt/web2py
http = 0.0.0.0:80
module = wsgihandler:application
master = true
processes = 5
uid = woshi
socket = /run/uwsgi/web2py.sock
chown-socket = woshi:nginx
chmod-socket = 660
vacuum = true
any suggestions???
thank you

I need to configure inbound traffic to translate http to https with nginx and only need trust store from certificates

I am trying to translate inbound traffic from http to https, but i'am new to nginx and certification world, so it's not very clear to me when i was told that i need only trust store for this connection. I have ssl certificate. And forgot to mention. My OS is RHEL and using older version of java keystore(pkcs#7).
Here is my nginx.conf file. Any help would be great:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
#listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
#proxy_pass https://ipaddress:port/;
#proxy_set_header Token $http_token;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name ip_address;
return 301 https://ipaddress:port/;
proxy_connect_timeout 60s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
location / {
proxy_pass https://ipaddress/;
proxy_set_header Token $http_token;
proxy_ssl_trusted_certificate /etc/nginx/ssl/keystore/new.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/nginx.conf;
#
# location / {
# proxy_pass https://40.127.129.131:9444/;
# proxy_ssl_trusted_certificate /etc/nginx/ssl/keystore/novi.pem;
# proxy_ssl_verify on;
# proxy_ssl_verify_depth 2;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
P.S.
In .pem file is certificate and pkcs#7(public key)

How to remove Index of / from search engine results?

The problem
I have a website developed with NextJS, it is running on a server with Nginx. The website files are inside the public_html folder and running on port 3004, and i have a proxy_pass that redirect the requests to the NextJS website on port 3004.
But when I search for my domain or my site on google, it shows up in the results: Index of / (and the files inside)
I would like to remove this (and all the listing of files inside) to just put Home - Domain, for example.
Research and issue photos
My next.conf file
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name computadorsolidario.tec.br www.computadorsolidario.tec.br;
location / {
autoindex off;
proxy_pass http://localhost:3004;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
}
How can i solve this?
You can turn off the feature of nginx where it creates directory listings:
autoindex off;
If you want to replace "index if /" with an actual home page, you would need to create an index.html file in document root directory.
You should also add as a last location in your conf
location ~ /\. {
deny all;
}
to block file access to dot files .env file or other sensitive data

How to authenticate nginx with ldap?

I follow this reference https://github.com/kvspb/nginx-auth-ldap/blob/master/README.md and try to integrate nginx and LDAP.
my nginx.conf setting:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
ldap_server ldap_local {
url "ldap://localhost/cn=Manager,dc=xinhua?uid?sub?(objectClass=posixAccount)";
binddn "cn=Manager,dc=xinhua,dc=org";
binddn_passwd "xxxxxx";
require group "cn=config,ou=People,dc=xinhua,dc=org";
group_attribute "memberUid";
group_attribute_is_dn off;
require valid_user;
satisfy all;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
conf.d/default.conf
server {
listen 8000;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
auth_ldap "Forbidden";
auth_ldap_servers ldap_local;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
My question is how to authenticate the username and password which are in LDAP.
This is my first time to use LDAP.
Now, I don't know what is the username and password.
When I try the username and password in .htpasswd. It doesn't work.
Why not via https://github.com/nginxinc/nginx-ldap-auth ? It's daemon, use something like
location = /auth-proxy {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Ldap-URL "ldap://127.0.0.1:389";
proxy_set_header X-Ldap-Template "(uid=%(username)s)";
proxy_set_header X-Ldap-BaseDN "dc=example,dc=com";
}
location /private-storage {
auth_request /auth-proxy;
proxy_pass http://application-backend;
}

Nginx : multiple download freeze my server

We have a problem with Nginx. We have a converter server it's convert MP4 video to MP3 file and 300 user online, so when they start download their MP3 files at the same time, server time response become so huge like if it is freezed even if %vCPU doesn't exceeds 10% when he start the conversion using mpeg library.
My server Configuration :
16 vCPU.
RAM:30G
Data transfert :5TB.
Nginx Configuration (nginx.conf)
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 20240;
events {
worker_connections 4000;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
client_max_body_size 700m;
connection_pool_size 256;
client_body_buffer_size 1024k;
client_header_buffer_size 8k;
keepalive_timeout 30;
keepalive_requests 100000;
reset_timedout_connection on;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
#include /etc/nginx/conf.d/*.conf;
}
Web site nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
client_max_body_size 700m;
connection_pool_size 256;
client_body_buffer_size 1024k;
client_header_buffer_size 8k;
limit_rate 125k;
limit_req zone=one burst=5;
# Make site accessible from http://localhost/
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Do you know where the problem may come ?

Resources