ngnix code

Create Ngnix server with docker

docker pull nginx

docker run -p 80:80 -d nginx

le fichier de conf de l'image docker ngnix par défaut:
situé à /etc/ngnix/ngnix.conf

docker commit  "Nom du stapshot"
=> renvoie id
docker run -p 80:80 -d id

Fichier de conf nginx.conf

user  ngnix;
#Defines which Linux system user will own and run the Nginx server top process

worker_processes  4;
#max process number. Generally set to be equal to the number of CPUs cores.

error_log  /var/logs/ngnix/error.log; #error_log  logs/error.log  notice;
#Specifies the file where server logs is located. 
# less /var/logs/ngnix/error.log to see error logs
access_log /var/logs/ngnix/access.log;
# less /var/logs/ngnix/access.log to see error logs
#tail /var/logs/ngnix/access.log

pid  /var/run/;
#nginx will write its master process ID (PID).

Ngnix as Reverse Proxy

Reverse proxy can:
* hide existence of original backend servers
* protect backend servers from web based attackes, DOS ...
* provide caching fonctionalities
* optimize the content by using compression
* act as SSL Terminaison proxy
* Route requests

Reverse proxy configuration: proxy_pass directive
proxy_pass directive forwards the request to the proxied server specified along with the directive:

X-Real-IP & Proxy Host Header

Lorsque ngnix est utilisé comme reverse proxy, les serveurs derrière ngnix doivent recevoir l'IP du client, pour que ces serveurs renseignent en retour ngnix sur l'IP à laquelle forwarder la réponse. (par défaut, les backend serveurs reçoivent l'ip d'ngnix)

En effet lors que 3 clients distincts requêtent ngnix, ngnix doit alors donner la réponse appropriée à chaque client.
pour que les backends serveurs revoivent la vraie ip du client:

Ngnix as Load Balancer

Répartir les requêtes sur plusieurs serveurs backend:

upstream backend {

server {
 listen 80;
  location {
   proxy_pass http:// backend;
   proxy_set_header ...;

la première requête sera transmise à
la seconde à

Health care:
the load balancer has to know when a backend server is up or down
there are 2 types of Heath check: Active Heath checks (only in Ngnix X paid version) and Passive heath check

Ngnix caching

Cache control Headers:

  • Do not store any kind of cache at all
  • Store the cahche but verify with webserver whether file is modified
  • Store the cache for 24h
  • ...

various cache control headers:

  • Cache-Control: no-store
  • Cache-Control: no-cache
  • Cache-Control: no-store, no-cache must-revalidate
  • Cache-Control: public
  • Cache-Control: private
  • ...

Cache-Control: no-cache

Ngnix staic Assets

server {

           location / {
            proxy_pass http://;

           location ~* \.(css|js|jp?g|JPG|png)  {
               root /var/www/assets          
              try_files $uri $uri/;


Whitelist IP in NGINX for URL

# ...
 server {
     listen 80;

     location /accounts/login {
        deny all;

     location /api {
         limit_except GET {
             auth_basic "NGINX Plus API";
             auth_basic_user_file /path/to/passwd/file;

         api   write=on;

         deny  all;

sudo nginx -t
sudo service nginx reload #debian/ubuntu
systemctl restart nginx #redhat/centos

Ngnix Spf daddy dockerfile :)

# Use the Python3.7.2 image
FROM nginx

# Set the working directory to /app

RUN apt-get update
RUN apt-get upgrade
RUN apt-get -y install curl
RUN apt-get -y install libncurses5-dev libncursesw5-dev libncurses5

# Copy the current directory contents into the container at /app 
ADD ./spf /app/spf
ADD ./help.txt /app/help.txt

RUN mv /app/spf /bin/spf
RUN mv /app/help.txt /bin/help.txt
RUN chmod +x /bin/spf

RUN mkdir /app/html
ADD ./html/index.html /app/html/index.html

RUN rm /etc/nginx/conf.d/default.conf

Docker compose to run Php & Python in same domain

version: '3'

    image: nginx
    restart: unless-stopped
    container_name: web-nginx
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/html:/usr/share/nginx/html:ro
      - "80:80"
      - "443:443"
    image: php:fpm-alpine
    container_name: web-php
      - ./data/docker-web/www:/script:ro
    build: ./data/flask
    container_name: flask
    restart: always
      - APP_NAME=MyFlaskApp
      - FLASK_ENV=development
      - FLASK_DEBUG=1



from app import app

if __name__ == "__main__":


wsgi-file =
callable = app
socket = :8080
processes = 4
threads = 2
master = true
chmod-socket = 660
vacuum = true
die-on-term = true


# Use the Python3.7.2 image
FROM python:3.7.2-stretch

# Set the working directory to /app

# Copy the current directory contents into the container at /app 
ADD . /app

# Install the dependencies
#RUN pip install -r requirements.txt
RUN pip install flask uwsgi

#VOLUME /app

# run the command to start uWSGI
CMD ["uwsgi", "app.ini"]


from flask import Flask

app = Flask(__name__)

from app import views


from app import app
import os

def index():

    # Use os.getenv("key") to get environment variables
    app_name = os.getenv("APP_NAME")

    if app_name:
        return f"Hello from python {app_name} running in a Docker container behind Nginx!"

    return "Hello from Flask"