Certificate Authentication

1. HTTP/1.x protocol
   1. Request and response format
   2. Inspecting HTTP conversations with tcpdump and Wireshark
   3. Inspecting HTTP headers in a web browser
   4. Making requests with CURL
   5. Common headers
   6. Request pipelining
   7. Content length and chunked encoding
   8. MIME types
2. Nginx installation
   1. Installing nginx from Debian packages
   2. Variants of nginx available in Debian and Ubuntu
   3. Installing nginx from source
   4. Starting nginx
   5. Upgrading nginx
3. Nginx as a static file server
   1. General structure of the configuration file
   2. Setting up virtual hosts
   3. Configuring locations
   4. Location lookup order
   5. Setting up error pages
   6. Issuing redirects
   7. Other forms of URL rewriting
   8. Serving an empty GIF image
   9. Internal and named locations
   10. Overriding MIME types
4. Client-side performance optimization
   1. Allowing clients to cache resources
   2. The Vary: header
   3. Minimizing the number of requests
   4. Keep-alives
   5. What if a resource needs to change
   6. How web frameworks deal with static files
5. Content post-processing
   1. Gzip compression
   2. Image scaling
6. Access control
   1. Restricting access to files based on IP address
   2. Geographical restrictions
   3. Hiding VCS directories and private files
   4. Basic authentication
   5. Other types of authentication
   6. Combining restrictions
   7. Secure links
7. Applying limits
   1. Traffic shaping
   2. Grouping requests for the purpose of limiting
   3. Rate-limiting requests
   4. Restricting simultaneous connections
8. Nginx as a reverse proxy
   1. Supported upstream protocols
   2. Dealing with self-signed upstream SSL certificates
   3. Passing parameters to FastCGI and uWSGI backends
   4. Proxying websocket connections
   5. X-Accel-* headers
   6. Modifying headers received and sent by upstream
9. Language-specific reverse proxy setups
   1. PHP
   2. Python
   3. Ruby
10. Nginx as an SSL terminator
    1. Generating self-signed SSL certificates
    2. Obtaining certificates from Let's Encrypt
    3. Restricting available ciphers
    4. Working with session tickets
    5. Stapling OCSP responses
    6. Verifying SSL configuration
    7. Accepting client-side certificates
    8. HTTP/2 considerations
11. Load balancing with Nginx
    1. Defining upstream groups
    2. Sticky sessions using ip_hash
    3. Extra features of Nginx Plus as a load balancer
    4. Alternatives to Nginx and Nginx Plus
    5. Putting another Nginx behind a Nginx load balancer
    6. Nginx behind HAProxy or AWS load balancer
12. Nginx as a cache
    1. Telling nginx to cache pages
    2. How nginx reacts to standard caching-related headers
    3. Tunable parameters of caches
    4. Nginx cache vs application-level cache
    5. Clearing the cache
13. Deploying popular web applications with Nginx
    1. The list of applications to be discussed is determined by the trainer
14. Logging
    1. Access log and error log files
    2. Specifying custom log format
    3. Tracking slow requests
    4. Optimizing logging
    5. Log rotation
    6. Log analysis by external programs
15. Monitoring Nginx
    1. Nginx stub status page
    2. Nginx Plus extended live status page
    3. What monitoring systems usually plot and alert about Nginx
16. [optional] High availability with Nginx¹
    1. How to deploy the same static content to multiple servers
    2. Configuration sharing
    3. Fail-over using an elastic/virtual IP address
    4. Setting up VRRP with Keepalived
    5. Other high-availability stacks
    6. Nginx Plus integration with Keepalived
17. Common mistakes and security issues related to Nginx configuration
18. Common performance issues

¹ The High Availability section involves a network setup that makes intrusion detection systems unhappy, or requires setting up multiple virtual machines per participant (which no other topic needs). So, it is not provided by default.