Master Nginx Performance: 20+ Proven Optimization Techniques for Faster, Safer Web Services

Overview

The article provides a detailed, step‑by‑step guide for optimizing Nginx in production environments, focusing on both configuration parameters and underlying Linux kernel settings.

1. Worker Processes and CPU Affinity

Set the number of worker_processes to match the CPU core count and bind each worker to a specific CPU using worker_cpu_affinity to avoid cache‑misses.

worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

2. File Descriptor Limits

Increase the maximum open files for the Nginx user and the system limits to handle high concurrency.

# /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

Also set worker_rlimit_nofile in nginx.conf and adjust ulimit -n.

3. Event Model and Connections

Use the epoll event model and enable accept_mutex to reduce wake‑ups. Configure worker_connections based on expected traffic.

events {
    use epoll;
    accept_mutex on;
    worker_connections 15000;
}

4. Keep‑Alive and Timeouts

Fine‑tune keep‑alive and timeout values to balance resource usage and latency.

keepalive_timeout 65;
client_header_timeout 15;
client_body_timeout 15;
send_timeout 15;

5. Gzip Compression

Enable gzip for text‑based assets while excluding already compressed files.

gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript application/xml;

6. Static File Caching (open_file_cache)

Cache file descriptors to reduce filesystem lookups.

open_file_cache max=65535 inactive=60s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;

7. Expires Headers and Cache Control

Set long expiration times for immutable assets and shorter times for frequently updated files.

location ~* \.(ico|jpe?g|gif|png|bmp|swf|flv)$ { expires 30d; }
location ~* \.(js|css)$ { expires 7d; }

8. Anti‑Hotlinking

Prevent other sites from stealing resources by validating the HTTP referer.

location ~* \.(jpg|gif|png|swf|flv)$ {
    valid_referers none blocked *.example.com;
    if ($invalid_referer) { return 403; }
}

9. FastCGI Tuning

Configure FastCGI timeouts, buffer sizes, and enable connection reuse.

fastcgi_connect_timeout 240;
fastcgi_send_timeout 240;
fastcgi_read_timeout 240;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_keep_conn on;

10. Linux Kernel Parameters

Apply sysctl tweaks to improve network throughput and reduce TIME_WAIT buildup.

net.core.somaxconn = 40960
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_syncookies = 1

11. Full Example Configuration

A complete, production‑ready nginx.conf is provided, combining all the above settings into a single file.

user www;
worker_processes auto;
worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log crit;
pid /run/nginx.pid;

events {
    use epoll;
    accept_mutex on;
    worker_connections 204800;
    multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 10;
    gzip on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript application/xml;
    open_file_cache max=100000 inactive=20s;
    server_tokens off;
    include /etc/nginx/conf.d/*.conf;
}

By applying these optimizations, Nginx can handle tens of thousands of concurrent connections, serve static assets efficiently, and provide a more secure and stable web service.