Advanced NginX Settings

Expert settings

This section contains advanced configuration options for use by expert users. If you are unsure you are recommended to leave them as they are. If you are an expert user you are advised to review the values used in the generated configuration file and further tweak them based on the capabilities of your server and the traffic on your site.

Allow IP forwarding

Some sites may be behind a load balanced, caching proxy, CDN, third party web application firewall service etc. We call them collectively "proxies". As a result, all traffic to your site seems to come from the same IP address, the IP address of the proxy. This makes it impossible to block specific IP addresses which seem to be attacking your site unless you use Joomla's “Behind Load Balancer” setting in its Global Configuration.

This can be also be worked around at the NginX level. All proxies set the HTTP header X-Forwarded-For which has the IP addresses of all intermediate proxies up to and including the real IP address of the visitor accessing your site. Enabling this option tells NginX to trust the contents of this header and use its information to determine the IP address of the visitor. This is what PHP, therefore Joomla and Admin Tools, will see.

[Warning]Warning

This feature REQUIRES the ngx_http_realip_module module to be enabled in NginX, see http://nginx.org/en/docs/http/ngx_http_realip_module.html for more information. If the module is not enabled (default) your site will fail to load once you try reloading NginX with the new configuration.

Reverse Proxy / Load Balancer IPs

The downside to the Allow IP Forwarding option is that a malicious actor could “spoof” this header, i.e. set a header with bogus information, to cover up their tracks. Therefore it's important to only trust the X-Forwarded-For HTTP header from specific IPs. This option allows you to set up which IP addresses and address blocks NginX should trust to contain a valid X-Forwarded-For header.

Enter one IP address or IP block in CIDR notation per line. The default setting for this option contains the IPv4 and IPv6 addresses for CloudFlare and Sucuri, the two most common use cases.

If your site is behind a load balancer or caching proxy on your host's network you will need to ask your host to provide you with the corresponding IP addresses.

Optimise timeout handling

Enabling this option will create a set of rules which optimise the connection timeout. If you run into problems with lengthy processes (e.g. backups) you are advised to turn this off.

Optimise socket settings

Enabling this option will create a set of rules which optimise the NginX connection pool size.

Optimise TCP performance

Enabling this option will create a set of rules which optimise the TCP/IP performance of NginX and turn the sendfile feature on.

Optimise output buffering

Enabling this option will create a set of rules which optimise the output buffers of NginX for typical servers.

Optimise file handle cache

Enabling this option will create a set of rules which optimise the NginX file handle cache for sites serving large amounts of static content (most Joomla! sites do that: images, CSS and JS are all static content).

Set the default character encoding to utf-8

Enabling this option will set the default output encoding to UTF-8. This is not strictly necessary as Joomla! will do that by default in its output. This is primarily used when serving static content, e.g. CSS and JS files which may contain international characters.

Tighten NginX security settings

Enabling this option will create a set of rules which tighten NginX security: server names are hidden from redirects, the version of NginX is hidden from the output headers and invalid HTTP headers will be ignored.

Set maximum client body size to 1Gb

Enabling this option will set the maximum acceptable client body (usually this means POST and PUT) size to 1 Gb. Please note that you still need to set up the maximum POST size and maximum file upload size in php.ini to accept large uploads on your server.