denji · October 24, 2025 16:02 · Jun 29, 2019 · Jun 8, 2019 · Dec 11, 2018 · Nov 20, 2018
diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -273,7 +273,7 @@ Happy Hacking!
 Reference links
 ---------------
 
-* __https://github.com/trimstray/nginx-quick-reference__
+* __https://github.com/trimstray/nginx-admins-handbook__
 * __https://github.com/GrrrDog/weird_proxies/wiki/nginx__
 * __https://github.com/h5bp/server-configs-nginx__
 * __https://github.com/leandromoreira/linux-network-performance-parameters__

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -207,6 +207,8 @@ Trying with the `worker_rlimit_nofile` directive in `{,/usr/local}/etc/nginx/ngi
 
 #### `nolimit` without Systemd
 
+    # /etc/security/limits.conf
+    # /etc/default/nginx (ULIMIT)
     $ nano /etc/security/limits.d/nginx.conf
     nginx   soft    nofile  65536
     nginx   hard    nofile  65536
@@ -271,13 +273,10 @@ Happy Hacking!
 Reference links
 ---------------
 
-* http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
-* https://www.keycdn.com/support/tcp-fast-open/
- * https://www.masv.io/enabling-tcp-fast-open-nginx-centos-7/
-* ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
-* https://ospi.fi/blog/centos-7-raise-nofile-limit-for-nginx.html
-* https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
-* https://github.com/h5bp/server-configs-nginx
+* __https://github.com/trimstray/nginx-quick-reference__
+* __https://github.com/GrrrDog/weird_proxies/wiki/nginx__
+* __https://github.com/h5bp/server-configs-nginx__
+* __https://github.com/leandromoreira/linux-network-performance-parameters__
 * https://github.com/nginx-boilerplate/nginx-boilerplate
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
 * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
@@ -288,14 +287,27 @@ Reference links
 * https://www.nginx.com/blog/overcoming-ephemeral-port-exhaustion-nginx-plus/
 * https://www.nginx.com/blog/tcp-load-balancing-udp-load-balancing-nginx-tips-tricks/
 * https://www.nginx.com/blog/introducing-cicd-with-nginx-and-nginx-plus/
+* https://www.nginx.com/blog/testing-the-performance-of-nginx-and-nginx-plus-web-servers/
+* https://www.nginx.com/blog/smart-efficient-byte-range-caching-nginx/
 * https://nginx.org/r/pcre_jit
 * https://nginx.org/r/ssl_engine (`openssl engine -t `)
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
 * https://www.nginx.com/blog/tuning-nginx/
+* https://github.com/intel/asynch_mode_nginx
+* https://openresty.org/download/agentzh-nginx-tutorials-en.html
 * https://www.maxcdn.com/blog/nginx-application-performance-optimization/
+* https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
+* https://medium.freecodecamp.org/a8afdbfde64d
+* https://medium.freecodecamp.org/secure-your-web-application-with-these-http-headers-fd66e0367628
+* https://gist.github.com/CMCDragonkai/6bfade6431e9ffb7fe88
+* https://gist.github.com/denji/9130d1c95e350c58bc50e4b3a9e29bf4
+* https://8gwifi.org/docs/nginx-secure.jsp
+* http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
+* https://ospi.fi/blog/centos-7-raise-nofile-limit-for-nginx.html
 * https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance
 * https://haydenjames.io/nginx-tuning-tips-tls-ssl-https-ttfb-latency/
 
+
 Static analyzers
 ----------------
 * https://github.com/yandex/gixy

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -215,7 +215,7 @@ Trying with the `worker_rlimit_nofile` directive in `{,/usr/local}/etc/nginx/ngi
 #### `nolimit` with Systemd
 
     $ mkdir -p /etc/systemd/system/nginx.service.d
-    $ nano /etc/security/limits.d/nginx.conf
+    $ nano /etc/systemd/system/nginx.service.d/nginx.conf
     [Service]
     LimitNOFILE=30000
     $ systemctl daemon-reload

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -40,54 +40,75 @@ events {
     # max clients is also limited by the number of socket connections available on the system (~64k)
     worker_connections 4000;
 
-    # optmized to serve many clients with each thread, essential for linux -- for testing environment
+    # optimized to serve many clients with each thread, essential for linux -- for testing environment
     use epoll;
 
     # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
     multi_accept on;
 }
 
-# cache informations about FDs, frequently accessed files
-# can boost performance, but you need to test those values
-open_file_cache max=200000 inactive=20s; 
-open_file_cache_valid 30s; 
-open_file_cache_min_uses 2;
-open_file_cache_errors on;
-
-# to boost I/O on HDD we can disable access logs
-access_log off;
-
-# copies data between one FD and other from within the kernel
-# faster then read() + write()
-sendfile on;
-
-# send headers in one peace, its better then sending them one by one 
-tcp_nopush on;
-
-# don't buffer data sent, good for small data bursts in real time
-tcp_nodelay on;
-
-# reduce the data that needs to be sent over network -- for testing environment
-gzip on;
-gzip_min_length 10240;
-gzip_proxied expired no-cache no-store private auth;
-gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
-gzip_disable msie6;
-
-# allow the server to close connection on non responding client, this will free up memory
-reset_timedout_connection on;
-
-# request timed out -- default 60
-client_body_timeout 10;
-
-# if client stop responding, free up memory -- default 60
-send_timeout 2;
-
-# server will close connection after this time -- default 75
-keepalive_timeout 30;
-
-# number of requests client can make over keep-alive -- for testing environment
-keepalive_requests 100000;
+http {
+    # cache informations about FDs, frequently accessed files
+    # can boost performance, but you need to test those values
+    open_file_cache max=200000 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    # to boost I/O on HDD we can disable access logs
+    access_log off;
+
+    # copies data between one FD and other from within the kernel
+    # faster than read() + write()
+    sendfile on;
+
+    # send headers in one piece, it is better than sending them one by one
+    tcp_nopush on;
+
+    # don't buffer data sent, good for small data bursts in real time
+    tcp_nodelay on;
+
+    # reduce the data that needs to be sent over network -- for testing environment
+    gzip on;
+    # gzip_static on;
+    gzip_min_length 10240;
+    gzip_comp_level 1;
+    gzip_vary on;
+    gzip_disable msie6;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types
+        # text/html is always compressed by HttpGzipModule
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        text/x-component
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/rss+xml
+        application/atom+xml
+        font/truetype
+        font/opentype
+        application/vnd.ms-fontobject
+        image/svg+xml;
+
+    # allow the server to close connection on non responding client, this will free up memory
+    reset_timedout_connection on;
+
+    # request timed out -- default 60
+    client_body_timeout 10;
+
+    # if client stop responding, free up memory -- default 60
+    send_timeout 2;
+
+    # server will close connection after this time -- default 75
+    keepalive_timeout 30;
+
+    # number of requests client can make over keep-alive -- for testing environment
+    keepalive_requests 100000;
+}
 ```
 
 Now you can save config and run bottom [command](https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx)
@@ -111,7 +132,7 @@ Just For Security Reason
 server_tokens off;
 ```
 
-Nginx Simple DDoS Defense
+NGINX Simple DDoS Defense
 -------------------------
 
 This is far away from secure DDoS defense but can slow down some small DDoS. Those configs are also in test environment and you should do your values.
@@ -133,7 +154,7 @@ server {
 # request body is written into a temporary file
 client_body_buffer_size  128k;
 
-# headerbuffer size for the request header from client -- for testing environment
+# buffer size for reading client request header -- for testing environment
 client_header_buffer_size 3m;
 
 # maximum number and size of buffers for large headers to read from client request
@@ -160,6 +181,52 @@ nginx -s reload
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
 
+Increase The Maximum Number Of Open Files (`nofile` limit) – Linux
+-----------------------------------------------
+
+Two ways to raise the nofile/max open files/file descriptors/file handles limit for NGINX in RHEL/CentOS 7+.
+With NGINX running, checking current limit on master process
+
+    $ cat /proc/$(cat /var/run/nginx.pid)/limits | grep open.files
+    Max open files            1024                 4096                 files
+
+#### And worker processes
+
+    ps --ppid $(cat /var/run/nginx.pid) -o %p|sed '1d'|xargs -I{} cat /proc/{}/limits|grep open.files
+
+    Max open files            1024                 4096                 files
+    Max open files            1024                 4096                 files
+
+Trying with the `worker_rlimit_nofile` directive in `{,/usr/local}/etc/nginx/nginx.conf` fails as SELinux policy doesn't allow `setrlimit`. This is shown in `/var/log/nginx/error.log`
+
+    015/07/24 12:46:40 [alert] 12066#0: setrlimit(RLIMIT_NOFILE, 2342) failed (13: Permission denied)
+
+#### And in /var/log/audit/audit.log
+
+    type=AVC msg=audit(1437731200.211:366): avc:  denied  { setrlimit } for  pid=12066 comm="nginx" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process
+
+#### `nolimit` without Systemd
+
+    $ nano /etc/security/limits.d/nginx.conf
+    nginx   soft    nofile  65536
+    nginx   hard    nofile  65536
+    $ sysctl -p
+
+#### `nolimit` with Systemd
+
+    $ mkdir -p /etc/systemd/system/nginx.service.d
+    $ nano /etc/security/limits.d/nginx.conf
+    [Service]
+    LimitNOFILE=30000
+    $ systemctl daemon-reload
+    $ systemctl restart nginx.service
+
+#### SELinux boolean `httpd_setrlimit` to true(1)
+
+This will set fd limits for the worker processes. Leave the `worker_rlimit_nofile` directive in `{,/usr/local}/etc/nginx/nginx.conf` and run the following as root
+
+    setsebool -P httpd_setrlimit 1
+
 DoS [HTTP/1.1 and above: Range Requests](https://tools.ietf.org/html/rfc7233#section-6.1)
 ----------------------------------------
 
@@ -181,22 +248,86 @@ Socket Sharding in NGINX 1.9.1+ (DragonFly BSD and Linux 3.9+)
 [Multi-threaded](https://nginx.org/r/aio) sending of files is currently supported only Linux.
 Without [`sendfile_max_chunk`](https://nginx.org/r/sendfile_max_chunk) limit, one fast connection may seize the worker process entirely.
 
+Selecting an upstream based on SSL protocol version
+---------------------------------------------------
+```nginx
+map $ssl_preread_protocol $upstream {
+    ""        ssh.example.com:22;
+    "TLSv1.2" new.example.com:443;
+    default   tls.example.com:443;
+}
+
+# ssh and https on the same port
+server {
+    listen      192.168.0.1:443;
+    proxy_pass  $upstream;
+    ssl_preread on;
+}
+```
+
 Happy Hacking!
---------------
+==============
+
+Reference links
+---------------
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
 * https://www.keycdn.com/support/tcp-fast-open/
  * https://www.masv.io/enabling-tcp-fast-open-nginx-centos-7/
 * ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
+* https://ospi.fi/blog/centos-7-raise-nofile-limit-for-nginx.html
+* https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
 * https://github.com/h5bp/server-configs-nginx
 * https://github.com/nginx-boilerplate/nginx-boilerplate
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
 * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
+* https://www.nginx.com/blog/nginx-1-13-9-http2-server-push/
 * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
 * https://www.nginx.com/blog/10-tips-for-10x-application-performance/
+* https://www.nginx.com/blog/http-keepalives-and-web-performance/
+* https://www.nginx.com/blog/overcoming-ephemeral-port-exhaustion-nginx-plus/
+* https://www.nginx.com/blog/tcp-load-balancing-udp-load-balancing-nginx-tips-tricks/
+* https://www.nginx.com/blog/introducing-cicd-with-nginx-and-nginx-plus/
 * https://nginx.org/r/pcre_jit
 * https://nginx.org/r/ssl_engine (`openssl engine -t `)
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
 * https://www.nginx.com/blog/tuning-nginx/
 * https://www.maxcdn.com/blog/nginx-application-performance-optimization/
 * https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance
+* https://haydenjames.io/nginx-tuning-tips-tls-ssl-https-ttfb-latency/
+
+Static analyzers
+----------------
+* https://github.com/yandex/gixy
+
+Syntax highlighting
+-------------------
+* https://github.com/chr4/sslsecure.vim
+* https://github.com/chr4/nginx.vim
+* https://github.com/nginx/nginx/tree/master/contrib/vim
+
+NGINX config formatter
+----------------------
+* https://github.com/1connect/nginx-config-formatter
+* https://github.com/lovette/nginx-tools/tree/master/nginx-minify-conf
+
+NGINX configuration tools
+-------------------------
+* https://github.com/nginxinc/crossplane
+* https://github.com/valentinxxx/nginxconfig.io
+
+BBR (Linux 4.9+)
+----------------
+* https://blog.cloudflare.com/http-2-prioritization-with-nginx/
+* Linux v4.13+ as no longer required FQ (`q_disc`) with BBR.
+* https://github.com/google/bbr/blob/master/Documentation/bbr-quick-start.md
+* https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=218af599fa635b107cfe10acf3249c4dfe5e4123
+* https://github.com/systemd/systemd/issues/9725#issuecomment-413369212
+* If the latest Linux kernel distribution does not have `tcp_bbr` enabled by default:
+```sh
+modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
+echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.d/99-bbr.conf
+# Recommended for production, but with  Linux v4.13rc1+ can be used not only in FQ (`q_disc') in BBR mode.
+echo 'net.core.default_qdisc=fq' >> /etc/sysctl.d/99-bbr.conf
+sysctl --system
+```
diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -1,3 +1,5 @@
+### Moved to git repository: https://github.com/denji/nginx-tuning
+
 NGINX Tuning For Best Performance
 =================================
 

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -184,6 +184,7 @@ Happy Hacking!
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
 * https://www.keycdn.com/support/tcp-fast-open/
+ * https://www.masv.io/enabling-tcp-fast-open-nginx-centos-7/
 * ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
 * https://github.com/h5bp/server-configs-nginx
 * https://github.com/nginx-boilerplate/nginx-boilerplate

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -184,6 +184,7 @@ Happy Hacking!
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
 * https://www.keycdn.com/support/tcp-fast-open/
+* ~~https://www.52os.net/articles/nginx-anti-ddos-setting-2.html~~
 * https://github.com/h5bp/server-configs-nginx
 * https://github.com/nginx-boilerplate/nginx-boilerplate
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -183,6 +183,7 @@ Happy Hacking!
 --------------
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
+* https://www.keycdn.com/support/tcp-fast-open/
 * https://github.com/h5bp/server-configs-nginx
 * https://github.com/nginx-boilerplate/nginx-boilerplate
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -65,7 +65,7 @@ tcp_nopush on;
 # don't buffer data sent, good for small data bursts in real time
 tcp_nodelay on;
 
-# reduce the data that needs to be sent over network
+# reduce the data that needs to be sent over network -- for testing environment
 gzip on;
 gzip_min_length 10240;
 gzip_proxied expired no-cache no-store private auth;

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -188,6 +188,7 @@ Happy Hacking!
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
 * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
 * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/
+* https://www.nginx.com/blog/10-tips-for-10x-application-performance/
 * https://nginx.org/r/pcre_jit
 * https://nginx.org/r/ssl_engine (`openssl engine -t `)
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -184,6 +184,7 @@ Happy Hacking!
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
 * https://github.com/h5bp/server-configs-nginx
+* https://github.com/nginx-boilerplate/nginx-boilerplate
 * https://www.nginx.com/blog/thread-pools-boost-performance-9x/
 * https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
 * https://www.nginx.com/blog/performing-a-b-testing-nginx-plus/

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -192,3 +192,4 @@ Happy Hacking!
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
 * https://www.nginx.com/blog/tuning-nginx/
 * https://www.maxcdn.com/blog/nginx-application-performance-optimization/
+* https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance
diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -191,3 +191,4 @@ Happy Hacking!
 * https://nginx.org/r/ssl_engine (`openssl engine -t `)
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
 * https://www.nginx.com/blog/tuning-nginx/
+* https://www.maxcdn.com/blog/nginx-application-performance-optimization/
diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -88,7 +88,7 @@ keepalive_timeout 30;
 keepalive_requests 100000;
 ```
 
-Now you can save config and run bottom command
+Now you can save config and run bottom [command](https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx)
 
 ```
 nginx -s reload
@@ -149,10 +149,9 @@ Now you can do again test config
 ```bash
 nginx -t # /etc/init.d/nginx configtest
 ```
-And then reload or restart your nginx
+And then [reload or restart your nginx](https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx)
 
 ```
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx
 nginx -s reload
 /etc/init.d/nginx reload|restart
 ```

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -152,10 +152,9 @@ nginx -t # /etc/init.d/nginx configtest
 And then reload or restart your nginx
 
 ```
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/#stopping-or-restarting-nginx
 nginx -s reload
-/etc/init.d/nginx reload
-
-/etc/init.d/nginx restart
+/etc/init.d/nginx reload|restart
 ```
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -153,7 +153,9 @@ And then reload or restart your nginx
 
 ```
 nginx -s reload
-/etc/init.d/nginx reload # /etc/init.d/nginx restart
+/etc/init.d/nginx reload
+
+/etc/init.d/nginx restart
 ```
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -152,7 +152,8 @@ nginx -t # /etc/init.d/nginx configtest
 And then reload or restart your nginx
 
 ```
-nginx -s reload # /etc/init.d/nginx reload|restart
+nginx -s reload
+/etc/init.d/nginx reload # /etc/init.d/nginx restart
 ```
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -147,14 +147,12 @@ client_header_timeout 3m;
 Now you can do again test config
 
 ```bash
-nginx -t
-/etc/init.d/nginx configtest
+nginx -t # /etc/init.d/nginx configtest
 ```
 And then reload or restart your nginx
 
 ```
-nginx -s reload
-/etc/init.d/nginx reload|restart|reload
+nginx -s reload # /etc/init.d/nginx reload|restart
 ```
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -154,7 +154,7 @@ And then reload or restart your nginx
 
 ```
 nginx -s reload
-/etc/init.d/nginx restart|reload
+/etc/init.d/nginx reload|restart|reload
 ```
 
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -5,7 +5,7 @@ For this configuration you can use web server you like, i decided, because i wor
 
 Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
 
-You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
+__You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.__
 
 * [Stable version NGINX (deb/rpm)](https://nginx.org/en/linux_packages.html#stable)
 * [Mainline version NGINX (deb/rpm)](https://nginx.org/en/linux_packages.html#mainline)

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -127,7 +127,8 @@ server {
     limit_req zone=req_limit_per_ip burst=10 nodelay;
 }
 
-# if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file
+# if the request body size is more than the buffer size, then the entire (or partial)
+# request body is written into a temporary file
 client_body_buffer_size  128k;
 
 # headerbuffer size for the request header from client -- for testing environment

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -1,5 +1,6 @@
 NGINX Tuning For Best Performance
---
+=================================
+
 For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
 
 Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
@@ -102,14 +103,14 @@ nginx -t
 ```
 
 Just For Security Reason
----
+------------------------
 
 ```nginx
 server_tokens off;
 ```
 
 Nginx Simple DDoS Defense
----
+-------------------------
 
 This is far away from secure DDoS defense but can slow down some small DDoS. Those configs are also in test environment and you should do your values.
 
@@ -158,25 +159,28 @@ nginx -s reload
 You can test this configuration with `tsung` and when you are satisfied with result you can hit `Ctrl+C` because it can run for hours.
 
 DoS [HTTP/1.1 and above: Range Requests](https://tools.ietf.org/html/rfc7233#section-6.1)
---
+----------------------------------------
+
 By default [`max_ranges`](https://nginx.org/r/max_ranges) is not limited.
 DoS attacks can many Range-Requests (Impact on stability I/O).
 
 Socket Sharding in NGINX 1.9.1+ (DragonFly BSD and Linux 3.9+)
---
-|                  | Latency (ms) | Latency stdev (ms) | CPU Load |
+-------------------------------------------------------------------
+
+| Socket type      | Latency (ms) | Latency stdev (ms) | CPU Load |
 |------------------|--------------|--------------------|----------|
 | Default          | 15.65        | 26.59              | 0.3      |
 | accept_mutex off | 15.59        | 26.48              | 10       |
 | reuseport        | 12.35        | 3.15               | 0.3      |
 
 [Thread Pools](https://nginx.org/r/thread_pool) in NGINX Boost Performance 9x! (Linux)
---
+--------------
+
 [Multi-threaded](https://nginx.org/r/aio) sending of files is currently supported only Linux.
 Without [`sendfile_max_chunk`](https://nginx.org/r/sendfile_max_chunk) limit, one fast connection may seize the worker process entirely.
 
 Happy Hacking!
---
+--------------
 
 * http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
 * https://github.com/h5bp/server-configs-nginx

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -2,7 +2,7 @@ NGINX Tuning For Best Performance
 --
 For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
 
-Generally, properly configured nginx can handle up to 400,000 to 500,000 requests per second (clustered), most what i saw is 50,000 to 80,000 (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
+Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was `2 x Intel Xeon` with HyperThreading enabled, but it can work without problem on slower machines.
 
 You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
 

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -51,7 +51,7 @@ open_file_cache_valid 30s;
 open_file_cache_min_uses 2;
 open_file_cache_errors on;
 
-# to boost IO on HDD we can disable access logs
+# to boost I/O on HDD we can disable access logs
 access_log off;
 
 # copies data between one FD and other from within the kernel

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -37,10 +37,10 @@ events {
     # max clients is also limited by the number of socket connections available on the system (~64k)
     worker_connections 4000;
 
-    # optmized to serve many clients with each thread, essential for linux
+    # optmized to serve many clients with each thread, essential for linux -- for testing environment
     use epoll;
 
-    # accept as many connections as possible, may flood worker connections if set too low
+    # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
     multi_accept on;
 }
 

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -90,12 +90,14 @@ keepalive_requests 100000;
 Now you can save config and run bottom command
 
 ```
+nginx -s reload
 /etc/init.d/nginx start|restart
 ```
 
 If you wish to test config first you can run
 
 ```
+nginx -t
 /etc/init.d/nginx configtest
 ```
 

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -80,7 +80,7 @@ client_body_timeout 10;
 # if client stop responding, free up memory -- default 60
 send_timeout 2;
 
-# server will close connection after this time
+# server will close connection after this time -- default 75
 keepalive_timeout 30;
 
 # number of requests client can make over keep-alive -- for testing environment

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -143,11 +143,13 @@ client_header_timeout 3m;
 Now you can do again test config
 
 ```bash
+nginx -t
 /etc/init.d/nginx configtest
 ```
 And then reload or restart your nginx
 
 ```
+nginx -s reload
 /etc/init.d/nginx restart|reload
 ```
 

diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -182,3 +182,4 @@ Happy Hacking!
 * https://nginx.org/r/pcre_jit
 * https://nginx.org/r/ssl_engine (`openssl engine -t `)
 * https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
+* https://www.nginx.com/blog/tuning-nginx/
diff --git a/nginx-tuning.md b/nginx-tuning.md
@@ -68,8 +68,8 @@ tcp_nodelay on;
 gzip on;
 gzip_min_length 10240;
 gzip_proxied expired no-cache no-store private auth;
-gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
-gzip_disable "MSIE [1-6]\.";
+gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
+gzip_disable msie6;
 
 # allow the server to close connection on non responding client, this will free up memory
 reset_timedout_connection on;