Boost Nginx Performance: Essential Linux Kernel Tweaks for High Concurrency

The default Linux kernel parameters are chosen for the most generic scenarios and do not suit the high‑concurrency demands of a web server; therefore, they need to be tuned so that Nginx can achieve better performance.

While many kernel parameters can be adjusted, the specific settings depend on the business role of Nginx—whether it serves static content, acts as a reverse proxy, or provides real‑time image thumbnailing. This article concentrates on the most common TCP network parameters that enable Nginx to handle more concurrent requests.

First, edit /etc/sysctl.conf and add the following configuration:

#原有字段
net.ipv4.tcp_syncookies = 1
#新增字段
fs.file-max = 999999
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.ip_local_port_range = 1024 61000
net.ipv4.ip_local_reserved_ports = 34733,35738,45487,46520,57557,53207,53478
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.netdev_max_backlog = 8096
net.core.rmem_default = 6291456
net.core.wmem_default = 6291456
net.core.rmem_max = 12582912
net.core.wmem_max = 12582912
net.ipv4.tcp_max_syn_backlog = 1024

After saving the file, run sysctl -p to apply the changes.

fs.file-max = 999999 limits the maximum number of file descriptors a process (e.g., a worker) can open simultaneously, directly affecting the maximum concurrent connections.

net.ipv4.tcp_tw_reuse = 1 allows sockets in TIME‑WAIT state to be reused for new TCP connections, which is valuable for servers that accumulate many TIME‑WAIT sockets.

net.ipv4.tcp_keepalive_time = 600 sets the interval (in seconds) at which keepalive probes are sent when keepalive is enabled; the default is 7200 seconds.

net.ipv4.tcp_fin_timeout = 30 defines how long a socket remains in the FIN‑WAIT‑2 state after the server actively closes a connection.

net.ipv4.tcp_max_tw_buckets = 5000 caps the number of TIME‑WAIT sockets the OS will keep; exceeding this limit causes immediate removal and a warning. The default is 180 000, and too many TIME‑WAIT sockets can slow the server.

net.ipv4.tcp_max_syn_backlog = 1024 sets the maximum length of the SYN queue during the TCP three‑way handshake; increasing it helps prevent dropped connection attempts when Nginx is busy.

net.ipv4.ip_local_port_range = 1024 61000 defines the range of local ports used for outbound TCP/UDP connections.

net.ipv4.tcp_rmem and net.ipv4.tcp_wmem specify the minimum, default, and maximum sizes of the TCP receive and send buffers, respectively.

net.core.netdev_max_backlog = 8096 sets the maximum number of packets that can be queued when the NIC receives data faster than the kernel can process it.

net.core.rmem_default and net.core.wmem_default define the default sizes of the socket receive and send buffers; net.core.rmem_max and net.core.wmem_max set their maximum limits.

net.ipv4.tcp_syncookies = 1 is unrelated to performance; it protects against SYN‑flood attacks.

Note that the size of the sliding window and socket buffers influences the number of concurrent connections, because each TCP connection consumes memory for its buffers, which expand or shrink based on server load.

The settings for net.core.wmem_max and related parameters must balance total physical memory, the desired maximum number of concurrent Nginx connections, and hardware cost. Reducing the window size merely to avoid out‑of‑memory errors is not advisable, as it would degrade large‑data transfer performance.

The maximum number of concurrent connections Nginx can handle is ultimately determined by the worker_processes and worker_connections directives in nginx.conf.

Nginx is a performance‑oriented HTTP server that uses an asynchronous, event‑driven architecture (epoll on Linux, kqueue on BSD) instead of the per‑connection thread model of older Apache versions, resulting in lower memory usage and higher scalability.

Source: https://www.cnblogs.com/zhangmingcheng/p/15031185.html (© original author)