nginx enables many additional features over Apache’s httpd server, which allows a much more secure SSL configuration, enabling features such as Perfect Forward Secrecy (PFS) which cannot be enabled using default Apache installs from repository.
Below is a guide on how to enable a very secure SSL configuration for your nginx server, including using Diffie–Hellman for key exchange, enabling Online Certificate Status Protocol (OCSP) features and making use of higher security ciphers and protocols only.
Continue reading “nginx SSL best practice including PFS and OCSP”
The Apache HTTP Server is a very flexible server that can be used with almost all open source projects with little to no customisation due to Apache’s ubiquity within the community, however being a jack of all trades unfortunately means it isn’t necessarily a master of everything. One of the more commonly cited issues with Apache HTTP, is that its resource usage is more considerable compared to other options available, which can lead to issues when under heavy load.
In order to obtain the benefits of lower resource usage, there are plenty of other options available such as the choice for this article of nginx as well as others such as Apache Traffic Server or lighttpd, however making use of these options as your server software of choice may lead to compatibility issues with your applications. To avoid any of these issues, this article outlines how to add nginx into the mix, without losing Apache.
Continue reading “Adding nginx to the LAMP stack for performance”
mod_pagespeed is an Open Source module published by Google which automatically configures various different optimisations within your configuration to enable faster site performance. Given the benefits and ease at which it can be installed, it should be high on the priority list to configure.
Continue reading “Installing mod_pagespeed for performance increase on RHEL/Centos for Apache”
Continue reading “Configuring content caching for speed optimisation”
Although the below works in the majority of cases, it is important to test your site after completing the change to ensure there are no issues and you may need to make some changes to the files you are allowing to be compressed if you do see any issues.
First off, check that mod_deflate is enabled within your Apache configuration. The easiest way to do this is to output the configuration of Apache and check for “deflate_module” using the following command:
# apachectl -M | grep deflate
If this does not show, you will need to pre-append “LoadModule deflate_module modules/mod_deflate.so” to the below content.
The below directives should be added to your Apache configuration. The best way to manage this is to create a new configuration file within the Apache directory (the below locations may need to be adjusted for your environment).
# vi /etc/httpd/conf.d/deflate.conf
Then add the below:
AddType text/css .css
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0 no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
Once this file is saved, check that the Apache configuration is still valid, before restarting Apache.
# apachectl -t
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Now this is complete, you can test your site to check for compression and what should be a drastically improved load time.