Boost Nginx Performance: Essential Linux System Parameter Tweaks

Linux System Parameter Optimization

The following configurations require a Linux kernel version 2.6 or newer; the author used CentOS 7.4 with kernel 3.10. For system-level tuning, modify file descriptor limits, buffer queue lengths, and temporary port ranges.

File Descriptor Limits

Each TCP connection consumes a file descriptor; exhausting them yields "Too many open files" errors. Adjust both system-wide and user-level limits.

System-wide limit (edit /etc/sysctl.conf):

fs.file-max =10000000
fs.nr_open =10000000

User-level limit (edit /etc/security/limits.conf):

*     hard   nofile     1000000

*     soft   nofile     1000000

Apply changes with: $ sysctl -p Verify with ulimit -a.

TCP Connection Queue Length

Edit /etc/sysctl.conf and add:

# The length of the SYN queue
net.ipv4.tcp_max_syn_backlog =65535

# The length of the TCP accept queue
net.core.somaxconn =65535

tcp_max_syn_backlog

sets the half‑open SYN queue size; when full, new SYN requests are dropped and statistics increase in /proc/net/netstat (ListenOverflows, ListenDrops). somaxconn defines the full accept queue length; if exceeded, clients receive "connection reset by peer" errors.

Temporary Port Range

Modify ip_local_port_range in /etc/sysctl.conf:

net.ipv4.ip_local_port_range =102465535
net.ipv4.ip_local_reserved_ports =8080,8081,9000-9010

ip_local_reserved_ports

reserves ports to prevent service conflicts.

Nginx Parameter Optimization

Worker Processes

Set worker_processes to the number of CPU cores (or auto) and adjust worker_connections to handle more concurrent connections:

worker_processes   auto
worker_connections 4096

I/O Multiplexing

Choose the most efficient I/O model for the OS; on Linux, epoll is preferred:

use epoll

KeepAlive

Enable HTTP/1.1 KeepAlive to reduce connection overhead. Combine with proxy_http_version and proxy_set_header:

upstream BACKEND {
    keepalive 300;
    server 127.0.0.1:8081;
}

server {
    listen 8080;
    location / {
        proxy_pass http://BACKEND;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

The keepalive directive defines the maximum number of idle keep‑alive connections per worker. Set it to 10‑30% of the expected concurrent long‑lived connections (e.g., 300 for 1200 QPS).

Access‑Log Buffering

Cache log writes to reduce I/O overhead:

access_log /var/logs/nginx-access.log buffer=64k gzip flush=1m

buffer

specifies the cache size; when reached, logs are flushed. flush defines the timeout for forced flushing.

File Descriptor Limit for Nginx

Match Nginx's worker_rlimit_nofile with the system limit set in /etc/security/limits.conf:

worker_rlimit_nofile 1000000;

Conclusion

The author’s Nginx tuning experience focuses on adjusting kernel parameters and Nginx settings to eliminate common performance bottlenecks. While many more optimizations exist, the covered changes are sufficient for typical high‑traffic scenarios.