Comprehensive Guide to Nginx: Installation, Configuration, and Performance Optimization

This article provides a step‑by‑step guide for installing Nginx from source, configuring it for various production scenarios, and applying a series of performance‑enhancing techniques.

Installation and Environment Setup

Create a directory, download the source package, extract it, and compile with the required dependencies.

# mkdir /soft/nginx && cd /soft/nginx
# wget https://nginx.org/download/nginx-1.21.6.tar.gz
# tar -xvzf nginx-1.21.6.tar.gz
# cd nginx-1.21.6
# ./configure --prefix=/soft/nginx/
# make && make install

Basic Reverse Proxy Load Balancing

Define an upstream block with multiple backend servers and assign weights, then proxy requests to it.

upstream nginx_boot {
    server 192.168.0.100:8080 weight=100 max_fails=2 fail_timeout=30s;
    server 192.168.0.101:8090 weight=200 max_fails=2 fail_timeout=30s;
}
server {
    location / {
        proxy_pass http://nginx_boot;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Static Resource Separation (Static/Dynamic)

Serve static files directly and forward dynamic requests to the backend, reducing load on application servers.

location ~* \.(html|css|js|png|jpg|gif)$ {
    root /soft/nginx/static_resources;
    expires 7d;
}

Resource Compression

Enable gzip compression for text‑based resources to save bandwidth.

http {
    gzip on;
    gzip_types text/plain application/javascript text/css application/xml;
    gzip_comp_level 5;
    gzip_min_length 2k;
}

Buffering Configuration

Adjust proxy buffering parameters to improve request handling efficiency.

http {
    proxy_buffering on;
    client_body_buffer_size 512k;
    proxy_buffers 4 64k;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 128k;
    proxy_temp_path /soft/nginx/temp_buffer;
}

Proxy Caching

Configure a shared memory zone and cache path, then enable caching for frequently accessed resources.

proxy_cache_path /soft/nginx/cache levels=1:2 keys_zone=hot_cache:128m inactive=3d max_size=2g;
server {
    location / {
        proxy_cache hot_cache;
        proxy_cache_valid 200 302 1d;
        proxy_cache_valid any 30m;
        proxy_cache_key $host$uri$is_args$args;
        proxy_cache_min_uses 3;
        add_header Cache-Status $upstream_cache_status;
    }
}

IP Black‑White List

Use allow and deny directives or include external files for easier management.

# BlocksIP.conf
deny 192.177.12.222;
deny 192.177.44.201;
# WhiteIP.conf
allow 192.177.12.222;
allow 192.177.44.201;
allow 127.45.0.0/16;
deny all;

Anti‑Hotlinking

Prevent other sites from embedding your resources by validating the Referer header.

location ~* \.(jpg|png|gif|css|js)$ {
    valid_referers none blocked server_names;
    if ($invalid_referer) { return 403; }
    root /soft/nginx/static_resources;
    expires 7d;
}

Large File Transfer

Increase limits for large uploads/downloads.

client_max_body_size 2g;
proxy_read_timeout 300s;
proxy_send_timeout 300s;

SSL/TLS Configuration

Set up HTTPS on port 443 with certificate files.

server {
    listen 443 ssl;
    server_name www.example.com;
    ssl_certificate /soft/nginx/certificate/example.crt;
    ssl_certificate_key /soft/nginx/certificate/example.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    location / { ... }
}
# Redirect HTTP to HTTPS
server { listen 80; server_name www.example.com; return 301 https://$host$request_uri; }

High Availability with Keepalived

Deploy two Nginx nodes, configure Keepalived to manage a virtual IP (VIP) and automatically fail over.

# /etc/keepalived/keepalived.conf (MASTER)
global_defs { router_id 192.168.12.129 }
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 121
    priority 100
    advert_int 1
    virtual_ipaddress { 192.168.12.111 }
    track_script { check_nginx }
}
# check_nginx script restarts Nginx if the process is missing.

Performance Optimizations

Key tuning items include enabling keep‑alive connections, using sendfile for zero‑copy, configuring tcp_nodelay or tcp_nopush based on latency vs. throughput needs, setting worker_processes auto, increasing worker_rlimit_nofile, using epoll and raising worker_connections, and binding workers to CPU cores with worker_cpu_affinity auto.

events { use epoll; worker_connections 10240; }
worker_processes auto;
worker_rlimit_nofile 20000;
sendfile on;
tcp_nodelay on;   # for low‑latency services
# or
# tcp_nopush on;   # for high‑throughput services
worker_cpu_affinity auto;

By following these steps, Nginx can serve as a robust, secure, and high‑performance gateway for modern web applications.