BestHub
Sign in
Operations 12 min read

Boost Nginx QPS by 500%: Core Configuration Secrets for Enterprise Performance

This guide details enterprise‑grade Nginx optimization techniques, covering worker process tuning, event model settings, network and buffer adjustments, compression, SSL/TLS hardening, load balancing, caching strategies, monitoring, system‑level tweaks, and troubleshooting steps to dramatically increase request throughput and stability.

Open Source Linux
Open Source Linux
Open Source Linux
Boost Nginx QPS by 500%: Core Configuration Secrets for Enterprise Performance

Introduction

Nginx is a critical web server and reverse proxy in modern internet architecture; its performance tuning is essential for enterprise‑level applications.

1. Basic Configuration Tuning

1.1 Worker Process Configuration

# Set worker processes based on CPU cores
worker_processes auto;
# Bind workers to CPU cores
worker_cpu_affinity auto;
# Max connections per worker
worker_connections 65535;
# Max open files per worker
worker_rlimit_nofile 65535;

1.2 Event Model Optimization

events {
    # Use epoll on Linux
    use epoll;
    # Accept multiple new connections simultaneously
    multi_accept on;
    # Max connections per worker
    worker_connections 65535;
    # Disable accept mutex
    accept_mutex off;
}

1.3 Network Connection Optimization

# Enable efficient file transfer
sendfile on;
# Optimize sendfile
tcp_nopush on;
tcp_nodelay on;
# Keepalive settings
keepalive_timeout 65;
keepalive_requests 100;
# Client header timeout
client_header_timeout 15;
# Client body timeout
client_body_timeout 15;
# Send timeout
send_timeout 15;

2. Memory and Buffer Tuning

2.1 Buffer Settings

# Client request header buffer
client_header_buffer_size 4k;
large_client_header_buffers 8 8k;
# Client request body buffer
client_body_buffer_size 128k;
client_max_body_size 100m;
# Proxy buffers
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
# FastCGI buffers
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 8k;

2.2 File Cache Configuration

# Enable file cache
open_file_cache max=100000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Log cache
access_log /var/log/nginx/access.log main buffer=32k flush=5s;
error_log /var/log/nginx/error.log warn;

3. Compression Optimization

3.1 Gzip Compression

# Enable gzip
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_proxied any;
# Types to compress
gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss application/atom+xml image/svg+xml;
# Gzip buffers
gzip_buffers 16 8k;
gzip_http_version 1.1;

3.2 Brotli Compression (requires module)

# Enable Brotli
brotli on;
brotli_comp_level 6;
brotli_min_length 1000;
brotli_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml application/rss+xml application/atom+xml image/svg+xml;

4. SSL/TLS Optimization

4.1 SSL Configuration

# Protocol versions
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suites
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
# Session cache
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/ca-bundle.crt;

4.2 HTTP/2 Configuration

server {
    listen 443 ssl http2;
    server_name example.com;
    # Enable HTTP/2 push
    http2_push_preload on;
    # Additional SSL settings …
}

5. Load Balancing and Proxy Optimization

5.1 Upstream Server Configuration

upstream backend {
    # Load balancing algorithm
    ip_hash;
    # Backend servers
    server 192.168.1.10:8080 weight=3 max_fails=3 fail_timeout=30s;
    server 192.168.1.11:8080 weight=2 max_fails=3 fail_timeout=30s;
    server 192.168.1.12:8080 weight=1 max_fails=3 fail_timeout=30s backup;
    # Keepalive settings
    keepalive 32;
    keepalive_requests 100;
    keepalive_timeout 60s;
}

5.2 Proxy Configuration Optimization

location / {
    proxy_pass http://backend;
    # Proxy timeouts
    proxy_connect_timeout 5s;
    proxy_send_timeout 60s;
    proxy_read_timeout 60s;
    # Buffering
    proxy_buffering on;
    proxy_buffer_size 4k;
    proxy_buffers 8 4k;
    # Proxy headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # HTTP version
    proxy_http_version 1.1;
    proxy_set_header Connection "";
}

6. Caching Strategies

6.1 Static Resource Caching

location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
    add_header Vary Accept-Encoding;
}
location ~* \.(woff|woff2|ttf|eot)$ {
    expires 1y;
    add_header Cache-Control "public";
    add_header Access-Control-Allow-Origin *;
}

6.2 Proxy Cache

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
    location / {
        proxy_cache my_cache;
        proxy_cache_valid 200 302 10m;
        proxy_cache_valid 404 1m;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_lock on;
        proxy_cache_lock_timeout 5s;
        # Cache key
        proxy_cache_key $scheme$proxy_host$request_uri;
        # Cache status header
        add_header X-Cache-Status $upstream_cache_status;
        proxy_pass http://backend;
    }
}

7. Security Hardening

7.1 Basic Security Settings

# Hide version
server_tokens off;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Restrict request methods
if ($request_method !~ ^(GET|HEAD|POST)$) {
    return 405;
}

7.2 Request Rate Limiting

# Rate limits
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
server {
    location /api/ {
        limit_req zone=api burst=20 nodelay;
        limit_req_status 429;
    }
    location /login {
        limit_req zone=login burst=5 nodelay;
        limit_req_status 429;
    }
}
# Connection limits
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_conn conn_limit_per_ip 10;

8. Monitoring and Logging

8.1 Access Log Optimization

# Custom log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" '
                '$request_time $upstream_response_time';
# Conditional logging
map $status $loggable {
    ~^[23] 0;
    default 1;
}
access_log /var/log/nginx/access.log main buffer=32k flush=5s if=$loggable;

8.2 Status Monitoring

location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    allow 192.168.1.0/24;
    deny all;
}

9. System‑Level Optimization

9.1 Kernel Parameter Tuning

# /etc/sysctl.conf
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65535
fs.file-max = 6815744

9.2 File Descriptor Limits

# /etc/security/limits.conf
nginx soft nofile 65535
nginx hard nofile 65535
nginx soft nproc 65535
nginx hard nproc 65535

10. Performance Monitoring and Tuning Tools

10.1 Monitoring Metrics

Key metrics include request processing time, concurrent connections, error rate, memory usage, CPU usage, and network bandwidth utilization.

10.2 Performance Testing Tools

# Stress test with wrk
wrk -t12 -c400 -d30s --latency http://example.com/
# Benchmark with ab
ab -n 10000 -c 100 http://example.com/
# Concurrency test with siege
siege -c 100 -t 30s http://example.com/

11. Best‑Practice Summary

Configure worker processes according to CPU cores or use auto.

Adjust buffer sizes based on workload.

Enable gzip compression for text resources.

Set appropriate timeout values to avoid long‑lived connections.

Use HTTP/2 for multiplexing performance.

Implement caching for static assets and upstream responses.

Continuously monitor performance indicators and fine‑tune.

12. Troubleshooting

12.1 Common Issue Diagnosis

# Test configuration
nginx -t
# View error log
tail -f /var/log/nginx/error.log
# Check processes
ps aux | grep nginx
# Check connection count
netstat -an | grep :80 | wc -l
# Check file descriptor usage
lsof -u nginx | wc -l

12.2 Performance Problem Diagnosis

When performance issues arise, examine system resource usage, analyze access‑log patterns, monitor upstream response times, verify cache hit rates, and inspect network connection states.

MonitoringPerformanceOptimizationLoad BalancingsecurityNginx
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment