Essential Nginx & Linux Tuning Tips for High‑Performance Web Servers

Introduction

This article assumes readers have a basic understanding of Nginx architecture and configuration. It does not repeat official documentation but outlines useful configuration options and provides reference links.

Linux Configuration

Modern Linux kernels (2.6+) can be tuned for better performance. The following settings are most relevant for typical workloads.

Backlog Queue

net.core.somaxconn controls the size of the queue for connections waiting to be accepted by Nginx. For high‑traffic sites, increase this value; if set too low, kernel logs will show errors.

net.core.netdev_max_backlog sets the rate at which the NIC buffers packets before the CPU processes them. Increase it on high‑bandwidth machines as needed.

File Descriptors

File descriptors are OS resources used for connections and open files. Each Nginx connection may use up to two descriptors. When HTTP keepalive is enabled, descriptor usage drops significantly.

sys.fs.file_max – system‑wide file descriptor limit.

nofile – user‑level file descriptor limit, configured in /etc/security/limits.conf .

Temporary Ports

net.ipv4.ip_local_port_range defines the range of ports available for outbound connections. Expand the range (e.g., 1024‑65000) if ports are exhausted.

net.ipv4.tcp_fin_timeout sets how long a closed port remains unavailable. The default is 60 seconds; it can be safely reduced to 30 or 15 seconds.

Nginx Configuration

The following directives are recommended for most users; others should only be changed with guidance from the Nginx team.

Worker Processes

worker_processes – number of Nginx worker processes. Typically one per CPU core; set to auto to match core count.

worker_connections – maximum simultaneous connections per worker. Default is 512; increase based on hardware and traffic.

Keepalives

Persistent connections reduce CPU and network overhead.

keepalive_requests – number of requests a client can send over a single keepalive connection (default 100).

keepalive_timeout – idle time before a client keepalive connection is closed.

For upstream connections:

keepalive – number of idle persistent connections each worker keeps to upstream servers.

Enable upstream keepalive with:

proxy_http_version 1.1;

proxy_set_header Connection "";

Access Log

Buffering access logs reduces CPU and I/O impact. Use the buffer=size and flush=time options of the access_log directive to control buffering and flush intervals.

Sendfile

The sendfile feature enables zero‑copy data transfer from file descriptors to sockets, improving throughput and lowering CPU usage. It is disabled by default because it bypasses user‑space filters.

Limits

Nginx and Nginx Plus provide several limiting directives to protect system resources and improve security:

limit_conn / limit_conn_zone – restrict the number of connections per client IP.

limit_rate – cap bandwidth per connection.

limit_req / limit_req_zone – limit request processing rate, useful for QoS and mitigating brute‑force attacks.

max_conns – limit concurrent connections to a single upstream server.

queue – define how many requests are queued when upstream servers are at their max_conns limit.

Other Considerations

Additional Nginx features can further improve performance.

Cache

Enabling caching on a load‑balancing Nginx instance can dramatically reduce response times and backend load. See the Nginx Management Guide for cache configuration details.

Compression

Compressing responses saves bandwidth but consumes CPU. Use compression when bandwidth savings outweigh the CPU cost, and avoid compressing already compressed assets like JPEG images. Refer to the Nginx Management Guide for compression settings.