Mercurial > hg > nginx-site

view xml/en/index.xml @ 2769:16f6fa718be2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated TLSv1.3 support notes. Previous notes described some early development snapshot of OpenSSL 1.1.1 with disabled TLSv1.3 by default. It was then enabled in the first alpha. Further, the updated text covers later major releases such as OpenSSL 3.0.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 30 Sep 2021 16:29:20 +0300
parents 5a7d41e3cb83
children 91aaf82442e9
line wrap: on
line source

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE article SYSTEM "../../dtd/article.dtd">

<article name="nginx"
         link="/en/"
         lang="en"
         rev="133">


<section>

<para>
nginx [engine x] is an HTTP and reverse proxy server,
a mail proxy server,
and a generic TCP/UDP proxy server,
originally written by <link url="http://sysoev.ru/en/">Igor Sysoev</link>.
For a long time, it has been running
on many heavily loaded Russian sites including
<link url="http://www.yandex.ru">Yandex</link>,
<link url="http://mail.ru">Mail.Ru</link>,
<link url="http://vk.com">VK</link>, and
<link url="http://www.rambler.ru">Rambler</link>.
According to Netcraft, nginx served or proxied
<link url="https://news.netcraft.com/archives/2021/08/25/august-2021-web-server-survey.html">22.38%
busiest sites in August 2021</link>.
Here are some of the success stories:
<link url="https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/">Dropbox</link>,
<link url="https://openconnect.netflix.com/en/software/">Netflix</link>,
<link url="https://www.nginx.com/case-studies/nginx-wordpress-com/">Wordpress.com</link>,
<link url="http://blog.fastmail.fm/2007/01/04/webimappop-frontend-proxies-changed-to-nginx/">FastMail.FM</link>.
</para>

<para>
The sources and documentation are distributed under the
<link url="../LICENSE">2-clause BSD-like license</link>.
</para>

<para>
Commercial support is available from
<link url="https://www.nginx.com">Nginx, Inc.</link>
</para>

</section>


<section id="basic_http_features"
        name="Basic HTTP server features">

<para>
<list type="bullet">

<listitem>
Serving static and
<link doc="docs/http/ngx_http_index_module.xml">index</link>
files,
<link doc="docs/http/ngx_http_autoindex_module.xml">autoindexing</link>;
<link doc="docs/http/ngx_http_core_module.xml"
       id="open_file_cache">open file descriptor cache</link>;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_proxy_module.xml">Accelerated
reverse proxying with caching</link>;
<link doc="docs/http/ngx_http_upstream_module.xml">load balancing
and fault tolerance</link>;
</listitem>

<listitem>
Accelerated support with caching of
<link doc="docs/http/ngx_http_fastcgi_module.xml">FastCGI</link>,
<link doc="docs/http/ngx_http_uwsgi_module.xml">uwsgi</link>,
<link doc="docs/http/ngx_http_scgi_module.xml">SCGI</link>, and
<link doc="docs/http/ngx_http_memcached_module.xml">memcached</link>
servers;
<link doc="docs/http/ngx_http_upstream_module.xml">load balancing
and fault tolerance</link>;
</listitem>

<listitem>
Modular architecture.
Filters include
<link doc="docs/http/ngx_http_gzip_module.xml">gzipping</link>,
byte ranges, chunked responses,
<link doc="docs/http/ngx_http_xslt_module.xml">XSLT</link>,
<link doc="docs/http/ngx_http_ssi_module.xml">SSI</link>,
and <link doc="docs/http/ngx_http_image_filter_module.xml">image
transformation</link> filter.
Multiple SSI inclusions within a single page can be processed in
parallel if they are handled by proxied or FastCGI/uwsgi/SCGI servers;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_ssl_module.xml">SSL and
TLS SNI support</link>;
</listitem>

<listitem>
Support for <link doc="docs/http/ngx_http_v2_module.xml">HTTP/2</link>
with weighted and dependency-based prioritization.
</listitem>

</list>
</para>

</section>


<section id="other_http_features"
        name="Other HTTP server features">

<para>
<list type="bullet">

<listitem>
Name-based and IP-based
<link doc="docs/http/request_processing.xml">virtual servers</link>;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_core_module.xml"
       id="keepalive_timeout">Keep-alive</link>
and pipelined connections support;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_log_module.xml" id="log_format">Access
log formats</link>,
<link doc="docs/http/ngx_http_log_module.xml" id="access_log">buffered
log writing</link>,
<link doc="docs/control.xml" id="logs">fast log rotation</link>, and
<link doc="docs/syslog.xml">syslog logging</link>;
</listitem>

<listitem>
3xx-5xx error codes
<link doc="docs/http/ngx_http_core_module.xml"
       id="error_page">redirection</link>;
</listitem>

<listitem>
The rewrite module:
<link doc="docs/http/ngx_http_rewrite_module.xml">URI changing
using regular expressions</link>;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_rewrite_module.xml" id="if">Executing
different functions</link> depending on the
<link doc="docs/http/ngx_http_geo_module.xml">client address</link>;
</listitem>

<listitem>
Access control based on
<link doc="docs/http/ngx_http_access_module.xml">client IP address</link>,
<link doc="docs/http/ngx_http_auth_basic_module.xml">by password (HTTP
Basic authentication)</link> and by the
<link doc="docs/http/ngx_http_auth_request_module.xml">result of
subrequest</link>;
</listitem>

<listitem>
Validation of
<link doc="docs/http/ngx_http_referer_module.xml">HTTP referer</link>;
</listitem>

<listitem>
The <link doc="docs/http/ngx_http_dav_module.xml">PUT, DELETE, MKCOL, COPY,
and MOVE</link> methods;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_flv_module.xml">FLV</link>
and
<link doc="docs/http/ngx_http_mp4_module.xml">MP4</link>
streaming;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_core_module.xml"
       id="limit_rate">Response rate limiting</link>;
</listitem>

<listitem>
Limiting the number of simultaneous
<link doc="docs/http/ngx_http_limit_conn_module.xml">connections</link>
or
<link doc="docs/http/ngx_http_limit_req_module.xml">requests</link>
coming from one address;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_geoip_module.xml">IP-based geolocation</link>;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_split_clients_module.xml">A/B testing</link>;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_mirror_module.xml">Request mirroring</link>;
</listitem>

<listitem>
Embedded <link doc="docs/http/ngx_http_perl_module.xml">Perl</link>;
</listitem>

<listitem>
<link doc="docs/njs/index.xml">njs</link> scripting language.
</listitem>

</list>
</para>

</section>


<section id="mail_proxy_server_features"
        name="Mail proxy server features">

<para>
<list type="bullet">

<listitem>
User redirection to
<link doc="docs/mail/ngx_mail_imap_module.xml">IMAP</link>
or
<link doc="docs/mail/ngx_mail_pop3_module.xml">POP3</link>
server using an external HTTP
<link doc="docs/mail/ngx_mail_auth_http_module.xml">authentication</link>
server;
</listitem>

<listitem>
User authentication using an external HTTP
<link doc="docs/mail/ngx_mail_auth_http_module.xml">authentication</link>
server and connection redirection to an internal
<link doc="docs/mail/ngx_mail_smtp_module.xml">SMTP</link> server;
</listitem>

<listitem>
Authentication methods:

<list type="bullet">

<listitem>
<link doc="docs/mail/ngx_mail_pop3_module.xml" id="pop3_auth">POP3</link>:
USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5;
</listitem>

<listitem>
<link doc="docs/mail/ngx_mail_imap_module.xml" id="imap_auth">IMAP</link>:
LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5;
</listitem>

<listitem>
<link doc="docs/mail/ngx_mail_smtp_module.xml" id="smtp_auth">SMTP</link>:
AUTH LOGIN/PLAIN/CRAM-MD5;
</listitem>

</list>
</listitem>

<listitem>
<link doc="docs/mail/ngx_mail_ssl_module.xml">SSL</link> support;
</listitem>

<listitem>
<link doc="docs/mail/ngx_mail_ssl_module.xml" id="starttls">STARTTLS
and STLS</link> support.
</listitem>

</list>
</para>

</section>


<section id="generic_proxy_server_features"
        name="TCP/UDP proxy server features">

<para>
<list type="bullet">

<listitem>
<link doc="docs/stream/ngx_stream_proxy_module.xml">Generic proxying</link>
of TCP and UDP;
</listitem>

<listitem>
<link doc="docs/stream/ngx_stream_ssl_module.xml">SSL</link> and
TLS <link doc="docs/stream/ngx_stream_ssl_preread_module.xml">SNI</link> support
for TCP;
</listitem>

<listitem>
<link doc="docs/stream/ngx_stream_upstream_module.xml">Load balancing
and fault tolerance</link>;
</listitem>

<listitem>
Access control based on
<link doc="docs/stream/ngx_stream_access_module.xml">client address</link>;
</listitem>

<listitem>
Executing different functions depending on the
<link doc="docs/stream/ngx_stream_geo_module.xml">client address</link>;
</listitem>

<listitem>
Limiting the number of simultaneous
<link doc="docs/stream/ngx_stream_limit_conn_module.xml">connections</link>
coming from one address;
</listitem>

<listitem>
<link doc="docs/stream/ngx_stream_log_module.xml" id="log_format">Access
log formats</link>,
<link doc="docs/stream/ngx_stream_log_module.xml" id="access_log">buffered
log writing</link>,
<link doc="docs/control.xml" id="logs">fast log rotation</link>, and
<link doc="docs/syslog.xml">syslog logging</link>;
</listitem>

<listitem>
<link doc="docs/stream/ngx_stream_geoip_module.xml">IP-based geolocation</link>;
</listitem>

<listitem>
<link doc="docs/stream/ngx_stream_split_clients_module.xml">A/B testing</link>;
</listitem>

<listitem>
<link doc="docs/njs/index.xml">njs</link> scripting language.
</listitem>

</list>
</para>

</section>


<section id="architecture_and_scalability"
        name="Architecture and scalability">

<para>
<list type="bullet">

<listitem>
One master and several worker processes;
worker processes run under an unprivileged user;
</listitem>

<listitem>
<link doc="docs/example.xml">Flexible configuration</link>;
</listitem>

<listitem>
<link doc="docs/control.xml" id="reconfiguration">Reconfiguration</link>
and <link doc="docs/control.xml" id="upgrade">upgrade of an
executable</link> without interruption of the client servicing;
</listitem>

<listitem>
<link doc="docs/events.xml">Support</link> for
kqueue (FreeBSD 4.1+),
epoll (Linux 2.6+),
/dev/poll (Solaris 7 11/99+), event ports (Solaris 10),
select, and poll;
</listitem>

<listitem>
The support of the various kqueue features including EV_CLEAR, EV_DISABLE
(to temporarily disable events), NOTE_LOWAT, EV_EOF, number of available data,
error codes;
</listitem>

<listitem>
The support of various epoll features including
EPOLLRDHUP (Linux 2.6.17+, glibc 2.8+) and
EPOLLEXCLUSIVE (Linux 4.5+, glibc 2.24+);
</listitem>

<listitem>
sendfile (FreeBSD 3.1+, Linux 2.2+, macOS 10.5+), sendfile64 (Linux 2.4.21+),
and sendfilev (Solaris 8 7/01+) support;
</listitem>

<listitem>
<link doc="docs/http/ngx_http_core_module.xml" id="aio">File AIO</link>
(FreeBSD 4.3+, Linux 2.6.22+);
</listitem>

<listitem>
<link doc="docs/http/ngx_http_core_module.xml" id="directio">DIRECTIO</link>
(FreeBSD 4.4+, Linux 2.4+, Solaris 2.6+, macOS);
</listitem>

<listitem>
Accept-filters (FreeBSD 4.1+, NetBSD 5.0+) and TCP_DEFER_ACCEPT (Linux 2.4+)
<link doc="docs/http/ngx_http_core_module.xml" id="listen">support</link>;
</listitem>

<listitem>
10,000 inactive HTTP keep-alive connections take about 2.5M memory;
</listitem>

<listitem>
Data copy operations are kept to a minimum.
</listitem>

</list>
</para>

</section>


<section id="tested_os_and_platforms"
        name="Tested OS and platforms">

<para>
<list type="bullet">

<listitem>
FreeBSD 3&mdash;12 / i386;
FreeBSD 5&mdash;12 / amd64;
FreeBSD 11 / ppc;
FreeBSD 12 / ppc64;
</listitem>

<listitem>
Linux 2.2&mdash;4 / i386;
Linux 2.6&mdash;5 / amd64;
Linux 3&mdash;4 / armv6l, armv7l, aarch64, ppc64le;
</listitem>

<listitem>
Solaris 9 / i386, sun4u;
Solaris 10 / i386, amd64, sun4v;
Solaris 11 / x86;
</listitem>

<listitem>
AIX 7.1 / powerpc;
</listitem>

<listitem>
HP-UX 11.31 / ia64;
</listitem>

<listitem>
macOS / ppc, i386, x86_64;
</listitem>

<listitem>
Windows XP,
Windows Server 2003,
Windows 7,
Windows 10.
</listitem>

</list>
</para>

</section>

</article>