Web Servers: Configuration, Security, and Performance
Web servers are the front door to every internet-facing application. Getting the configuration right -- from TLS termination to reverse proxying to database connectivity -- is essential for security, reliability, and speed.
This hub collects production-ready guides for the two dominant web servers, their supporting infrastructure, and the databases that back them.
Web Server Configuration
| Topic | Description | Guide |
|---|---|---|
| Nginx | Server blocks, proxy_pass, SSL, gzip, and tuning | Nginx Guide |
| Apache | VirtualHosts, mod_rewrite, MPMs, and .htaccess | Apache Guide |
TLS and Encryption
| Topic | Description | Guide |
|---|---|---|
| SSL/TLS Setup | Certbot, cipher suites, HSTS, OCSP stapling | SSL/TLS Setup |
Traffic Management
| Topic | Description | Guide |
|---|---|---|
| Reverse Proxy and Load Balancing | Upstream blocks, algorithms, health checks, WebSocket | Reverse Proxy & Load Balancing |
Optimization and Hardening
| Topic | Description | Guide |
|---|---|---|
| Performance Tuning | Workers, compression, caching, CDN, benchmarking | Performance Tuning |
| Web Security | Security headers, rate limiting, WAF, fail2ban | Web Security |
Data Tier
| Topic | Description | Guide |
|---|---|---|
| Database Administration | MySQL and PostgreSQL install, backups, basic tuning | Database Admin |
Choosing Between Nginx and Apache
| Criteria | Nginx | Apache |
|---|---|---|
| Architecture | Event-driven, async | Process/thread-based (MPM) |
| Static file serving | Extremely fast | Fast with sendfile |
| .htaccess support | No (by design) | Yes |
| Dynamic modules | Limited (load at compile or since 1.9.11) | Extensive, loaded at runtime |
| Reverse proxy | First-class | Via mod_proxy |
| Memory usage | Lower under high concurrency | Higher per connection |
Both are production-grade. Nginx is typically preferred for reverse proxying and high-concurrency workloads; Apache for legacy applications that depend on .htaccess or specific modules.
Prerequisites
Guides assume a Debian/Ubuntu or RHEL-family system. Commands for both package managers are provided where they differ. A registered domain name and DNS access are needed for the SSL/TLS guide.
Navigate back to the cb.vu home page or pick a guide above to get started.
Explore Web Servers
Nginx Configuration: From Zero to Production
Nginx guide: installation, server blocks, location directives, SSL, proxy_pass, caching, and production hardening.
Apache HTTP Server: Configuration and Virtual Hosts
Apache guide: installation, virtual hosts, .htaccess, mod_rewrite, SSL, MPM tuning, and security configuration.
SSL/TLS for Web Servers: HTTPS Configuration and Optimization
Web server SSL/TLS guide: certificate installation, HTTPS configuration, HSTS, OCSP stapling, and TLS optimization.
Reverse Proxy and Load Balancing with Nginx
Nginx reverse proxy and load balancing: upstream configuration, health checks, SSL termination, and WebSocket proxying.
Web Server Performance Tuning and Caching
Web server performance guide: connection tuning, gzip, Brotli, browser caching, CDN integration, and benchmarking.
Web Server Security: Headers, Rate Limiting, and WAF
Web server security: HTTP security headers, rate limiting, ModSecurity WAF, DDoS mitigation, and access control.
Linux Database Administration: MySQL and PostgreSQL Basics
Database administration guide: MySQL and PostgreSQL installation, user management, backups, replication, and performance tuning.