Master Nginx Performance: 20+ Proven Optimization Techniques
This guide provides a comprehensive collection of over twenty Nginx performance tuning methods, covering worker processes, CPU affinity, file descriptor limits, event models, gzip compression, caching, security, and system kernel tweaks to maximize web server efficiency.
1. Worker Processes and CPU Affinity
Set the number of worker processes to match the CPU cores and bind each worker to a specific CPU to reduce context switching.
worker_processes auto;
worker_cpu_affinity auto;Example for a 4‑core CPU:
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;2. Event Model and Connections
Use the epoll event model and increase the maximum connections per worker.
events {
use epoll;
worker_connections 15000;
accept_mutex on;
multi_accept on;
}3. File Descriptor Limits
Increase the number of open files for the Nginx user and the system limits.
# /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
worker_rlimit_nofile 65535;4. Gzip Compression
Enable gzip to reduce bandwidth usage for text resources.
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css text/javascript application/json application/xml;
gzip_vary on;5. Caching and Expires
Configure open file cache and set expires headers for static assets.
open_file_cache max=65535 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
location ~* \.(ico|jpe?g|gif|png|bmp|swf|flv)$ {
expires 30d;
access_log off;
}
location ~* \.(js|css)$ {
expires 7d;
access_log off;
}6. FastCGI Tuning
Optimize FastCGI parameters and enable keep‑alive connections.
fastcgi_connect_timeout 240;
fastcgi_send_timeout 240;
fastcgi_read_timeout 240;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_cache_path /data/ngx_fcgi_cache levels=2:2 keys_zone=ngx_fcgi_cache:512m inactive=1d max_size=40g;
fastcgi_cache ngx_fcgi_cache;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_keep_conn on;7. Security and Anti‑Leech
Hide Nginx version, enable strict transport security, and configure referer validation to prevent hotlinking.
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location ~* \.(gif|jpg|jpeg|png|bmp|swf|flv)$ {
valid_referers none blocked *.example.com *.mydomain.com;
if ($invalid_referer) { return 403; }
access_log off;
expires 15d;
}8. Kernel Parameter Optimization
Adjust Linux kernel settings to improve network and file handling performance.
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 1024
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_syn_backlog = 2621449. System Connection Limits
Raise the maximum number of simultaneous connections for the whole system.
# /etc/security/limits.conf
* soft nofile 65535
* hard nofile 6553510. Additional Configurations
Set keep‑alive timeout, client body size, and other common directives for a robust Nginx setup.
keepalive_timeout 65;
client_max_body_size 200m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.