Home > OS >  Nginx tuning performance tuning and safety
Nginx tuning performance tuning and safety

Time:09-23

Nginx optimization (profile) of the instructions: worker_processes 8;
Nginx process number, it is suggested that according to the number of the CPU to specify, generally for its multiple, worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
CPU allocated for each process, the case will be 8 process assigned to 8 CPU, of course you can write more, or will be assigned to a process multiple cpus, worker_rlimit_nofile 102400;
This instruction is when a number of open file descriptors most nginx process, the theoretical value should be up to open the file number (ulimit -n) and the number of nginx process by but nginx allocation request is not uniform, so it's best to ulimit -n values consistent, use epoll; I/O model of using epoll worker_connections 102400;
Each process allowed the number of connections, theoretically the maximum number of connections per nginx server for worker_processes * worker_connections keepalive_timeout 60; Keepalive timeout client_header_buffer_size 4 k;
Client requests the head of the buffer size, this can be set according to the size of your paging system, generally a request of the head size can't more than 1 k, but due to the general system paging are greater than 1 k, so here is set to the page size, page size can use command getconf PAGESIZE open_file_cache Max=102400 inactive=20 s;
This will specify the cache for open the file, the default is not enabled, Max specified number of cache, advice and open the file number is consistent, inactive refers to after how long files are not request to delete the cache open_file_cache_valid 30 s;
This refers to how long to check a cache of effective information open_file_cache_min_uses 1;
Open_file_cache instruction of inactive parameter least use of documents in time, if more than this number, the file descriptor has been opened in the cache, as example, if a file is not a used in the inactive time, it will be removed the kernel parameter optimization:
Net. Ipv4. Tcp_max_tw_buckets=6000
Timewait number, the default is 180000 net. Ipv4. Ip_local_port_range=1024, 65000
Allows the system to open the port range of.net. Ipv4. Tcp_tw_recycle=1
Enable the timewait rapid recovery of.net. Ipv4. Tcp_tw_reuse=1
Open reuse, allows the TIME - WAIT sockets for a new TCP connection net. Ipv4. Tcp_syncookies=1
Open the SYN Cookies, when there is a SYN waiting queue overflow, enable Cookies to handle net. Core. Somaxconn=262144
Listen in web application function of backlog will give us the kernel by default parameters of the net. Core. Somaxconn limit to 128, while nginx define NGX_LISTEN_BACKLOG default is 511, so it is necessary to adjust the value net.core.net dev_max_backlog=262144
The rate of each network interface receives packets faster than the rate of kernel processing these packages, allow the maximum number of packets sent to queue net. Ipv4. Tcp_max_orphans=262144
System at most how many TCP socket was not associated with any user file handle, if more than this number, orphan connections will be reset and to print out the warning information immediately, this limitation is merely a simple DoS attack, not relying too much on it or artificially reduce the value, more should increase this value (if increased memory) net. Ipv4. Tcp_max_syn_backlog=262144
Records of those who have not yet received the client confirmation of the maximum connection request, for a system with 128 MB of memory, the default value is 1024, small memory system is 128 net. Ipv4. Tcp_timestamps=0
Timestamp can avoid the serial number of the winding, a 1 GBPS link will surely meet with serial number before, timestamp allows the kernel to accept this kind of "abnormal" packet, it will need to turn off the net. Ipv4. Tcp_synack_retries=1
In order to open the connection, the kernel needs to send a SYN and comes with a response to the front a SYN ACK, known as the second three-way handshake handshake, this setting determines the kernel to give up the number of connections before send SYN + ACK packet net. Ipv4. Tcp_syn_retries=1
Establish a connection before sending the SYN packet in the kernel to give up the number of net. Ipv4. Tcp_fin_timeout=1
If the socket to shut down by the end, this parameter determines its remain in a state of FIN - WAIT - 2 time, can go wrong and never close the connection to end, even the accident when machine, the default is 60 seconds, 2.2 kernel usually value is 180 seconds, you can press the Settings, but remember, even if your machine is a lightweight WEB server, because have a lot of death the socket and the risk of memory, the dangers of FIN - WAIT - 2 is smaller than the FIN - WAIT - 1, because it can only eat 1.5 K of memory, but their lifetime longer net. Ipv4. Tcp_keepalive_time=30
When the keepalive function, the frequency of the TCP keepalive messages sent, the default is 2 hours about FastCGI a few instructions:
Fastcgi_cache_path/usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST: 10 m inactive=5 m;
Specify a path, this instruction for FastCGI cache directory structure level, storage time and inactive delete key area fastcgi_connect_timeout 300;
Specify the connection to the backend of timeout FastCGI fastcgi_send_timeout 300;
To pass requests timeout FastCGI, this value is refers to has been completed after two shake hands to pass requests timeout FastCGI fastcgi_read_timeout 300;
Receive timeout FastCGI response, this value is refers to has already completed two shake hands after receive timeout FastCGI response fastcgi_buffer_size 16 k;
Specifies read FastCGI response part I need to use much buffer, it can be set to fastcgi_buffers directive specifies the buffer size, the above directive specifies it will use a 16 k buffer to read response of the first part, the response header, actually this response header in general are small (no more than 1 k), but if you are in the fastcgi_buffers directive specifies the size of the buffer, then it will be assigned a fastcgi_buffers specified buffer size to cache fastcgi_buffers 16 16 k;
Designated local need how much and how much of a buffer to buffer the FastCGI response, as shown above, if a PHP script generated by the page size of 256 k, will be for the allocation of 16 16 k buffer to cache, if more than 256 k, some part of the increase in 256 k caches the fastcgi_temp specified path, of course it is not wise for the load on the server, because the memory of process data faster than the hard disk, this value is usually set should select a PHP script generated page of your site the size of the middle value, such as your site most script generated by the page size of 256 k can set this value to 16 16 k, or 4 64 k or 64 4 k, but obviously, the latter two setting method is not good, because if the page is only 32 k, if it will allocate 64 k in 4 1 64 k buffer to the cache, and if you use 64 4 k it allocates 8 4 k buffer to the cache, while if use 16 16 k it allocates two 16 k to cache pages, it seems to be more reasonable fastcgi_busy_buffers_size 32 k;
The default value is twice the fastcgi_buffers fastcgi_temp_file_write_size 32 k;
When writing fastcgi_temp_path will use much data block, the default value is twice the fastcgi_buffers fastcgi_cache TEST
Open FastCGI cache and set a name for it, the individual feels open cache is very useful, can effectively reduce the CPU load, and prevent a 502 error, but the cache can cause a lot of problems, because it is dynamic page caching, specific only according to their own requirements fastcgi_cache_valid 1 h 200 302;
1 d fastcgi_cache_valid 301;
Fastcgi_cache_valid any 1 m;
For the specified response cache time prescribed in the code, the example above will respond cache for an hour, 200302 301 respond cache 1 day, the other for 1 minute fastcgi_cache_min_uses 1;
Cached fastcgi_cache_path instruction inactive parameter values at least use for a set period of time, the above example, if a file 1 in 5 minutes time has not been used, then the file will be removed fastcgi_cache_use_stale error timeout invalid_header http_500;
Don't know the function of the parameters, suppose should be to let the nginx know what types of cache is useless, for FastCGI related parameters in nginx above, in addition, FastCGI itself also has some configuration need to be optimized, if you use PHP - FPM to manage FastCGI, can modify the following values in the configuration file & lt; The value name="max_children & gt;" 60 & lt;/value>
Handle the number of concurrent requests at the same time that it will open up to 60 is a thread to handle concurrent connections & lt; The value name="rlimit_files & gt;" 102400 & lt;/value>
Up to open the file number & lt; The value name="max_requests & gt;" 204800 & lt;/value>
Each process before a reset can perform most of the number of requests Nginx performance tuning:
1, the custom 404 error pages (enable customers to experience optimization)
2, check the server status information (open page module)
3, the client access server prompts "many open files" how to solve (too many open files) test ab - 5000 - c n 5000 website promotion nginx concurrent number of vim/usr/local/nginx/nginx. Conf connect the default 1024 modified into 65535 soft hard limit is set to 10000 in order to later don't go to set the parameters of a
4, solve the problem of client to access the head information long before optimization, using a script to test the long head request if we can get the response modification nginx configuration files, increase the packet head after the cache size optimization, using a script to test long head request if we can get the response
5, let the client browser cache data regularly cleaned
Definition of the static page cache time vim/usr/local/nginx/conf/nginx. Conf
6, log cutting
The old log rename
Kill USR1 PID (nginx process PID) and write a script that automatically log cutting
7, on page compression to compress the pages cat/usr/local/nginx/conf/nginx. Conf open compression set small files without compression compression ratio 1-9 5
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
  • Related