NGINX Tuning For Best Performance
NGINX Tuning For Best Performance
NGINX Tuning For Best Performance
For this configuration you can use web server you like, i decided, because i work
mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per
second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and
30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can
work without problem on slower machines.
You must understand that this config is used in testing environment and not in
production so you will need to find a way to implement most of those features best
possible for your servers.
Backup your original configs and you can start reconfigure your configs. You will
need to open your nginx.conf at /etc/nginx/nginx.conf with your favorite editor.
# you must set worker processes based on your CPU cores, nginx does not benefit
from setting more than that
worker_processes auto; #some last versions calculate it automatically
# provides the configuration file context in which the directives that affect
connection processing are specified.
events {
# determines how much clients will be served per worker
# max clients = worker_connections * worker_processes
# max clients is also limited by the number of socket connections available on
the system (~64k)
worker_connections 4000;
# optmized to serve many clients with each thread, essential for linux -- for
testing environment
use epoll;
# copies data between one FD and other from within the kernel
# faster then read() + write()
sendfile on;
# send headers in one peace, its better then sending them one by one
tcp_nopush on;
# don't buffer data sent, good for small data bursts in real time
tcp_nodelay on;
# reduce the data that needs to be sent over network -- for testing environment
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript
application/json application/xml;
gzip_disable msie6;
# allow the server to close connection on non responding client, this will free up
memory
reset_timedout_connection on;
# number of requests client can make over keep-alive -- for testing environment
keepalive_requests 100000;
nginx -s reload
/etc/init.d/nginx start|restart
If you wish to test config first you can run
nginx -t
/etc/init.d/nginx configtest
This is far away from secure DDoS defense but can slow down some small DDoS.
Those configs are also in test environment and you should do your values.
# zone which we want to limit by upper values, we want limit whole server
server {
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;
}
# if the request body size is more than the buffer size, then the entire (or
partial)
# request body is written into a temporary file
client_body_buffer_size 128k;
# headerbuffer size for the request header from client -- for testing environment
client_header_buffer_size 3m;
# maximum number and size of buffers for large headers to read from client request
large_client_header_buffers 4 256k;
# read timeout for the request body from client -- for testing environment
client_body_timeout 3m;
# how long to wait for the client to send a request header -- for testing
environment
client_header_timeout 3m;
nginx -s reload
/etc/init.d/nginx reload|restart
You can test this configuration with tsung and when you are satisfied with result you
can hit Ctrl+C because it can run for hours.