Best config for nginx reverse proxy on running phoenix app

Hi,

I am trying to figure out on which configuration would be best suited for me, if I were to accept a high load of connection with Nginx.

I see the some of the configuration that phoenix uses with having nginx reverse proxy like cogini-nginx-conf and dennisreimann-nginx-conf. But I am wondering, does both of these conf setups will limit the number of connection to my server by 512/1024 only per CPU core as stated in the nginx-default-worker-conf?

I myself am not familiar with doing the nginx worker process config, etc, but I think from the released blog of how phoenix able to reach 2 million conneciton. I am assuming that the having nginx to handle 512/1024 is too small compared to what it can handle.

So normally what is the best config, can a developer use to host phoenix app behind an nginx reverse proxy, to allow it to handle big connection load?

Any special reason to have Nginx in front of Phoenix instead of just have Phoenix handling directly the traffic?

I am not sure on how to setup the traffic to be handled directly to phoenix efficiently. The normal tutorials and guide I have read only suggest nginx as it also easen the TLS with Lets Encrypt

In that case tutorials are doing you a disservice, because you can have Phoenix directly facing the Internet traffic, and LetsEncrypt is easy to tackle with @sasajuric library:

You can also read this article:

https://progressplum.app/blog/ssl-migration-from-nginx-to-cowboy-2-in-phoenix-1-4/

The docs for https:

https://hexdocs.pm/phoenix/using_ssl.html

And this example from myself in another post:

Please bear in mind that I posted it in 2018, therefore the ciphers must be updated to match current security standards.

Also bear in mind that when configuring https you need to pass all the configuration, not just the keys you are interested in configuring, because at the core the configuration is not merged, only replaced, thus you can end-up without https or with a less secure configuration.

4 Likes

Thank you. Will check on the resources you gave! :grin:

1 Like

You can check if your https settings are correct with:

I recommend to add it to you CI/CD pipeline.

2 Likes