Skip to content

Instantly share code, notes, and snippets.

@bobwol
Forked from denji/nginx-tuning.md
Created December 27, 2017 09:42
Show Gist options
  • Save bobwol/1004e43f596b2b6736c0d64c04e768d3 to your computer and use it in GitHub Desktop.
Save bobwol/1004e43f596b2b6736c0d64c04e768d3 to your computer and use it in GitHub Desktop.

Revisions

  1. @denji denji revised this gist Mar 18, 2017. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -1,3 +1,5 @@
    ### Moved to git repository: https://github.com/denji/nginx-tuning

    NGINX Tuning For Best Performance
    =================================

  2. @denji denji revised this gist Mar 6, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -184,6 +184,7 @@ Happy Hacking!

    * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
    * https://www.keycdn.com/support/tcp-fast-open/
    * https://www.masv.io/enabling-tcp-fast-open-nginx-centos-7/
    * ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
    * https://github.com/h5bp/server-configs-nginx
    * https://github.com/nginx-boilerplate/nginx-boilerplate
  3. @denji denji revised this gist Feb 25, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -184,6 +184,7 @@ Happy Hacking!

    * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
    * https://www.keycdn.com/support/tcp-fast-open/
    * ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
    * https://github.com/h5bp/server-configs-nginx
    * https://github.com/nginx-boilerplate/nginx-boilerplate
    * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
  4. @denji denji revised this gist Feb 25, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -183,6 +183,7 @@ Happy Hacking!
    --------------

    * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
    * https://www.keycdn.com/support/tcp-fast-open/
    * https://github.com/h5bp/server-configs-nginx
    * https://github.com/nginx-boilerplate/nginx-boilerplate
    * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
  5. @denji denji revised this gist Feb 17, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -65,7 +65,7 @@ tcp_nopush on;
    # don't buffer data sent, good for small data bursts in real time
    tcp_nodelay on;
    # reduce the data that needs to be sent over network
    # reduce the data that needs to be sent over network -- for testing environment
    gzip on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
  6. @denji denji revised this gist Jan 19, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -188,6 +188,7 @@ Happy Hacking!
    * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
    * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
    * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
    * https://www.nginx.com/blog/10-tips-for-10x-application-performance/
    * https://nginx.org/r/pcre_jit
    * https://nginx.org/r/ssl_engine (`openssl engine -t `)
    * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
  7. @denji denji revised this gist Jan 16, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -184,6 +184,7 @@ Happy Hacking!

    * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
    * https://github.com/h5bp/server-configs-nginx
    * https://github.com/nginx-boilerplate/nginx-boilerplate
    * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
    * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
    * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
  8. @denji denji revised this gist Nov 22, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -192,3 +192,4 @@ Happy Hacking!
    * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
    * https://www.nginx.com/blog/tuning-nginx/
    * https://www.maxcdn.com/blog/nginx-application-performance-optimization/
    * https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance
  9. @denji denji revised this gist Nov 22, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -191,3 +191,4 @@ Happy Hacking!
    * https://nginx.org/r/ssl_engine (`openssl engine -t `)
    * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
    * https://www.nginx.com/blog/tuning-nginx/
    * https://www.maxcdn.com/blog/nginx-application-performance-optimization/
  10. @denji denji revised this gist Nov 20, 2016. 1 changed file with 2 additions and 3 deletions.
    5 changes: 2 additions & 3 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -88,7 +88,7 @@ keepalive_timeout 30;
    keepalive_requests 100000;
    ```

    Now you can save config and run bottom command
    Now you can save config and run bottom [command](https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx)

    ```
    nginx -s reload
    @@ -149,10 +149,9 @@ Now you can do again test config
    ```bash
    nginx -t # /etc/init.d/nginx configtest
    ```
    And then reload or restart your nginx
    And then [reload or restart your nginx](https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx)

    ```
    # https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx
    nginx -s reload
    /etc/init.d/nginx reload|restart
    ```
  11. @denji denji revised this gist Nov 20, 2016. 1 changed file with 2 additions and 3 deletions.
    5 changes: 2 additions & 3 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -152,10 +152,9 @@ nginx -t # /etc/init.d/nginx configtest
    And then reload or restart your nginx

    ```
    # https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx
    nginx -s reload
    /etc/init.d/nginx reload
    /etc/init.d/nginx restart
    /etc/init.d/nginx reload|restart
    ```

    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
  12. @denji denji revised this gist Nov 20, 2016. 1 changed file with 3 additions and 1 deletion.
    4 changes: 3 additions & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -153,7 +153,9 @@ And then reload or restart your nginx

    ```
    nginx -s reload
    /etc/init.d/nginx reload # /etc/init.d/nginx restart
    /etc/init.d/nginx reload
    /etc/init.d/nginx restart
    ```

    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
  13. @denji denji revised this gist Nov 20, 2016. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -152,7 +152,8 @@ nginx -t # /etc/init.d/nginx configtest
    And then reload or restart your nginx

    ```
    nginx -s reload # /etc/init.d/nginx reload|restart
    nginx -s reload
    /etc/init.d/nginx reload # /etc/init.d/nginx restart
    ```

    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
  14. @denji denji revised this gist Nov 20, 2016. 1 changed file with 2 additions and 4 deletions.
    6 changes: 2 additions & 4 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -147,14 +147,12 @@ client_header_timeout 3m;
    Now you can do again test config

    ```bash
    nginx -t
    /etc/init.d/nginx configtest
    nginx -t # /etc/init.d/nginx configtest
    ```
    And then reload or restart your nginx

    ```
    nginx -s reload
    /etc/init.d/nginx reload|restart|reload
    nginx -s reload # /etc/init.d/nginx reload|restart
    ```

    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
  15. @denji denji revised this gist Nov 20, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -154,7 +154,7 @@ And then reload or restart your nginx

    ```
    nginx -s reload
    /etc/init.d/nginx restart|reload
    /etc/init.d/nginx reload|restart|reload
    ```

    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
  16. @denji denji revised this gist Nov 20, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -5,7 +5,7 @@ For this configuration you can use web server you like, i decided, because i wor

    Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.

    You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
    __You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.__

    * [Stable version NGINX (deb/rpm)](https://nginx.org/en/linux_packages.html#stable)
    * [Mainline version NGINX (deb/rpm)](https://nginx.org/en/linux_packages.html#mainline)
  17. @denji denji revised this gist Nov 10, 2016. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -127,7 +127,8 @@ server {
    limit_req zone=req_limit_per_ip burst=10 nodelay;
    }
    # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file
    # if the request body size is more than the buffer size, then the entire (or partial)
    # request body is written into a temporary file
    client_body_buffer_size 128k;
    # headerbuffer size for the request header from client -- for testing environment
  18. @denji denji revised this gist Nov 9, 2016. 1 changed file with 12 additions and 8 deletions.
    20 changes: 12 additions & 8 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,6 @@
    NGINX Tuning For Best Performance
    --
    =================================

    For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

    Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
    @@ -102,14 +103,14 @@ nginx -t
    ```

    Just For Security Reason
    ---
    ------------------------

    ```nginx
    server_tokens off;
    ```

    Nginx Simple DDoS Defense
    ---
    -------------------------

    This is far away from secure DDoS defense but can slow down some small DDoS. Those configs are also in test environment and you should do your values.

    @@ -158,25 +159,28 @@ nginx -s reload
    You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

    DoS [HTTP/1.1 and above: Range Requests](https://tools.ietf.org/html/rfc7233#section-6.1)
    --
    ----------------------------------------

    By default [`max_ranges`](https://nginx.org/r/max_ranges) is not limited.
    DoS attacks can many Range-Requests (Impact on stability I/O).

    Socket Sharding in NGINX 1.9.1+ (DragonFly BSD and Linux 3.9+)
    --
    | | Latency (ms) | Latency stdev (ms) | CPU Load |
    -------------------------------------------------------------------

    | Socket type | Latency (ms) | Latency stdev (ms) | CPU Load |
    |------------------|--------------|--------------------|----------|
    | Default | 15.65 | 26.59 | 0.3 |
    | accept_mutex off | 15.59 | 26.48 | 10 |
    | reuseport | 12.35 | 3.15 | 0.3 |

    [Thread Pools](https://nginx.org/r/thread_pool) in NGINX Boost Performance 9x! (Linux)
    --
    --------------

    [Multi-threaded](https://nginx.org/r/aio) sending of files is currently supported only Linux.
    Without [`sendfile_max_chunk`](https://nginx.org/r/sendfile_max_chunk) limit, one fast connection may seize the worker process entirely.

    Happy Hacking!
    --
    --------------

    * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
    * https://github.com/h5bp/server-configs-nginx
  19. @denji denji revised this gist Nov 9, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -2,7 +2,7 @@ NGINX Tuning For Best Performance
    --
    For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

    Generally, properly configured nginx can handle up to 400,000 to 500,000 requests per second (clustered), most what i saw is 50,000 to 80,000 (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
    Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.

    You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

  20. @denji denji revised this gist Nov 9, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -51,7 +51,7 @@ open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;
    # to boost IO on HDD we can disable access logs
    # to boost I/O on HDD we can disable access logs
    access_log off;
    # copies data between one FD and other from within the kernel
  21. @denji denji revised this gist Oct 22, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -37,10 +37,10 @@ events {
    # max clients is also limited by the number of socket connections available on the system (~64k)
    worker_connections 4000;
    # optmized to serve many clients with each thread, essential for linux
    # optmized to serve many clients with each thread, essential for linux -- for testing environment
    use epoll;
    # accept as many connections as possible, may flood worker connections if set too low
    # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
    multi_accept on;
    }
  22. @denji denji revised this gist Sep 25, 2016. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -90,12 +90,14 @@ keepalive_requests 100000;
    Now you can save config and run bottom command

    ```
    nginx -s reload
    /etc/init.d/nginx start|restart
    ```

    If you wish to test config first you can run

    ```
    nginx -t
    /etc/init.d/nginx configtest
    ```

  23. @denji denji revised this gist Sep 25, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -80,7 +80,7 @@ client_body_timeout 10;
    # if client stop responding, free up memory -- default 60
    send_timeout 2;
    # server will close connection after this time
    # server will close connection after this time -- default 75
    keepalive_timeout 30;
    # number of requests client can make over keep-alive -- for testing environment
  24. @denji denji revised this gist Sep 16, 2016. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -143,11 +143,13 @@ client_header_timeout 3m;
    Now you can do again test config

    ```bash
    nginx -t
    /etc/init.d/nginx configtest
    ```
    And then reload or restart your nginx

    ```
    nginx -s reload
    /etc/init.d/nginx restart|reload
    ```

  25. @denji denji revised this gist Sep 6, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -182,3 +182,4 @@ Happy Hacking!
    * https://nginx.org/r/pcre_jit
    * https://nginx.org/r/ssl_engine (`openssl engine -t `)
    * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
    * https://www.nginx.com/blog/tuning-nginx/
  26. @denji denji revised this gist Aug 30, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -68,8 +68,8 @@ tcp_nodelay on;
    gzip on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
    gzip_disable msie6;
    # allow the server to close connection on non responding client, this will free up memory
    reset_timedout_connection on;
  27. @denji denji revised this gist Aug 30, 2016. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -83,7 +83,7 @@ send_timeout 2;
    # server will close connection after this time
    keepalive_timeout 30;
    # number of requests client can make over keep-alive -- for testing
    # number of requests client can make over keep-alive -- for testing environment
    keepalive_requests 100000;
    ```

    @@ -127,16 +127,16 @@ server {
    # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file
    client_body_buffer_size 128k;
    # headerbuffer size for the request header from client -- for testing
    # headerbuffer size for the request header from client -- for testing environment
    client_header_buffer_size 3m;
    # maximum number and size of buffers for large headers to read from client request
    large_client_header_buffers 4 256k;
    # read timeout for the request body from client -- for testing
    # read timeout for the request body from client -- for testing environment
    client_body_timeout 3m;
    # how long to wait for the client to send a request header -- for testing
    # how long to wait for the client to send a request header -- for testing environment
    client_header_timeout 3m;
    ```

  28. @denji denji revised this gist Aug 30, 2016. 1 changed file with 4 additions and 3 deletions.
    7 changes: 4 additions & 3 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -127,16 +127,16 @@ server {
    # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file
    client_body_buffer_size 128k;
    # headerbuffer size for the request header from client, its set for testing purpose
    # headerbuffer size for the request header from client -- for testing
    client_header_buffer_size 3m;
    # maximum number and size of buffers for large headers to read from client request
    large_client_header_buffers 4 256k;
    # read timeout for the request body from client, its set for testing purpose
    # read timeout for the request body from client -- for testing
    client_body_timeout 3m;
    # how long to wait for the client to send a request header, its set for testing purpose
    # how long to wait for the client to send a request header -- for testing
    client_header_timeout 3m;
    ```

    @@ -181,3 +181,4 @@ Happy Hacking!
    * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
    * https://nginx.org/r/pcre_jit
    * https://nginx.org/r/ssl_engine (`openssl engine -t `)
    * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
  29. @denji denji revised this gist Aug 30, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -64,9 +64,6 @@ tcp_nopush on;
    # don't buffer data sent, good for small data bursts in real time
    tcp_nodelay on;
    # server will close connection after this time
    keepalive_timeout 30;
    # reduce the data that needs to be sent over network
    gzip on;
    gzip_min_length 10240;
    @@ -83,6 +80,9 @@ client_body_timeout 10;
    # if client stop responding, free up memory -- default 60
    send_timeout 2;
    # server will close connection after this time
    keepalive_timeout 30;
    # number of requests client can make over keep-alive -- for testing
    keepalive_requests 100000;
    ```
  30. @denji denji revised this gist Aug 30, 2016. 1 changed file with 8 additions and 8 deletions.
    16 changes: 8 additions & 8 deletions nginx-tuning.md
    Original file line number Diff line number Diff line change
    @@ -67,8 +67,12 @@ tcp_nodelay on;
    # server will close connection after this time
    keepalive_timeout 30;
    # number of requests client can make over keep-alive -- for testing
    keepalive_requests 100000;
    # reduce the data that needs to be sent over network
    gzip on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";
    # allow the server to close connection on non responding client, this will free up memory
    reset_timedout_connection on;
    @@ -79,12 +83,8 @@ client_body_timeout 10;
    # if client stop responding, free up memory -- default 60
    send_timeout 2;
    # reduce the data that needs to be sent over network
    gzip on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";
    # number of requests client can make over keep-alive -- for testing
    keepalive_requests 100000;
    ```

    Now you can save config and run bottom command