Nginx

Presentation : Nginx was launched in 2004 and is today the most widely used webserver. It relies on an async architecture, each request being split into smaller subtasks. Many processes can be launched, offering a bigger throughput than Apache.

For this ft_transcendence project, we leveraged following features:

• security : TLS encryption is handled
• unified entry points for our routes as a reverse proxy
• static file serving
• protocol management betwwen https and WebSockets

Setup and debugging

Tip

Use npx nginx -t inside the container to validate your configuration syntax before restarting the service.

Use cases

Security

• HTTP to HTTPS redirection using a 308 permanent redirect to preserve request method and body

server {
    listen 80;
    server_name localhost;
    return 308 https://$host:4430$request_uri;
}

• Header sanitization : clearing internal x-user-name and x-user-id from incoming requests

Serving static files

• alias and root directives

Reverse proxy

location /api/ {
    proxy_http_version 1.1;
    proxy_pass http://api-gateway:3000;
}

Connection and performance

• worker_connections and epoll to handle sufficient concurrent connections
• the upstream blocks define keepalive pools to reduce latency created by establishing new TCP connections
• proxy_read_timeout and proxy_send_timeout are adjusted to routes

Do's and Don'ts

✅ Do	❌ Don't
Use TLS 1.2 or 1.3 for modern security standards.	Use SSLv3 or TLS 1.0/1.1 as they are deprecated and insecure.
Clear internal headers like x-user-id to prevent header spoofing attacks.	Trust client-provided headers for authentication details.
Enable Gzip compression for text, CSS, and JS to improve performance.	Enable HTTP/2 if it conflicts with WebSocket implementation.
Use proxy_cookie_path to ensure cookies from sub-services are correctly sent by the browser.	-

Useful Resources

Type	Resource	Notes
📄	Official Nginx Documentation	Main reference for all directives.
🛡️	Mozilla SSL Config Generator	Best practices for TLS security.