Essential Linux Kernel Tweaks to Boost Nginx Performance

By default, Linux kernel parameters are chosen for the most generic workloads, which often limits the ability of Nginx to handle high‑concurrency traffic. Adjusting these settings can significantly increase Nginx performance.

Editing the kernel parameters

Modify the file /etc/sysctl.conf and add or update the following entries. After saving, apply the changes with sysctl -p or by rebooting.

fs.file-max = 999999 # Maximum number of file descriptors the system can allocate.

net.ipv4.tcp_tw_reuse = 1 # Allows sockets in TIME_WAIT state to be reused for new TCP connections, reducing the number of lingering sockets.

net.ipv4.tcp_keepalive_time = 600 # Reduces the keepalive interval from the default 2 hours to 10 minutes, helping to clear dead connections faster.

net.ipv4.tcp_fin_timeout = 30 # Maximum time a socket stays in FIN_WAIT_2 after the server closes a connection.

net.ipv4.tcp_max_tw_buckets = 5000 # Upper limit for the number of TIME_WAIT sockets; excess sockets are dropped with a warning.

net.ipv4.ip_local_port_range = 1024 65000 # Range of local ports used for outbound TCP/UDP connections.

net.ipv4.tcp_rmem = 10240 87380 12582912 # Minimum, default, and maximum size of the TCP receive buffer.

net.ipv4.tcp_wmem = 10240 87380 12582912 # Minimum, default, and maximum size of the TCP send buffer.

net.core.netdev_max_backlog = 8096 # Maximum number of packets that can be queued on the network device when the kernel cannot keep up.

net.core.rmem_default = 6291456 # Default size of the socket receive buffer.

net.core.wmem_default = 6291456 # Default size of the socket send buffer.

net.core.rmem_max = 12582912 # Maximum size of the socket receive buffer.

net.core.wmem_max = 12582912 # Maximum size of the socket send buffer.

net.ipv4.tcp_syncookies = 1 # Enables SYN cookies to mitigate SYN‑flood attacks; does not affect performance.

net.ipv4.tcp_max_syn_backlog = 8192 # Increases the length of the SYN queue, helping Nginx accept new connections under heavy load.

net.ipv4.tcp_tw_recycle = 1 # Enables fast recycling of TIME_WAIT sockets (note: may cause issues with NAT).

net.core.somaxconn = 262114 # Raises the maximum number of pending connections that can be queued for acceptance.

net.ipv4.tcp_max_orphans = 262114 # Maximum number of orphaned TCP sockets; increasing this helps prevent connection resets during spikes.

Important considerations

These values should be tuned according to the specific workload and hardware capacity; blindly applying the maximum settings can waste resources or cause instability.

Ready‑to‑copy block (no comments)

fs.file-max = 999999

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_max_tw_buckets = 5000

net.ipv4.ip_local_port_range = 1024 65000

net.ipv4.tcp_rmem = 10240 87380 12582912

net.ipv4.tcp_wmem = 10240 87380 12582912

net.core.netdev_max_backlog = 8096

net.core.rmem_default = 6291456

net.core.wmem_default = 6291456

net.core.rmem_max = 12582912

net.core.wmem_max = 12582912

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 8192

net.ipv4.tcp_tw_recycle = 1

net.core.somaxconn = 262114

net.ipv4.tcp_max_orphans = 262114