Master Nginx Performance: Worker Processes, CPU Affinity, Caching & Tuning Guide

(1) Worker Processes and CPU Affinity

Set worker_processes to the number of CPU cores (or cores × 2). You can view core count with top -1 or grep ^processor /proc/cpuinfo | wc -l. Example: worker_processes 4; Reload Nginx ( /usr/local/nginx1.10/sbin/nginx -s reload) and verify with ps -aux | grep nginx. For CPU affinity on a 4‑core system: worker_cpu_affinity 0001 0010 0100 1000; On an 8‑core system:

worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

Do not exceed 8 worker processes; more processes give no further performance gain and reduce stability.

(2) Maximum Open Files

Increase the per‑worker file descriptor limit with: worker_rlimit_nofile 65535; Match this value to the system ulimit -n. Configure the global limits in /etc/security/limits.conf:

* soft nofile 65535

* hard nofile 65535

(3) Event Processing Model

Use the epoll event model for high efficiency:

events {

use epoll;

worker_connections 65535;

multi_accept on;

}

worker_connections

defines the maximum concurrent connections per worker; the total possible connections equal worker_processes × worker_connections. Setting it to 65535 is sufficient for most large sites. multi_accept controls whether a newly accepted connection wakes a single worker (on) or all workers (off). For very high throughput, disabling it (off) can improve efficiency.

(4) Enable Efficient Transfer Mode

In the http block enable sendfile and TCP push:

sendfile on;

tcp_nopush on;

These directives let Nginx use the kernel sendfile() system call and reduce packet fragmentation. Turn sendfile off only for heavy disk‑I/O workloads such as large file downloads.

(5) Connection Timeout Settings

Typical timeout and cache directives:

keepalive_timeout 60;

tcp_nodelay on;

client_header_buffer_size 4k;

open_file_cache max=102400 inactive=20s;

open_file_cache_valid 30s;

open_file_cache_min_uses 1;

client_header_timeout 15;

client_body_timeout 15;

reset_timedout_connection on;

send_timeout 15;

server_tokens off;

client_max_body_size 10m;

(6) FastCGI Tuning

Key FastCGI directives:

fastcgi_connect_timeout 600;

fastcgi_send_timeout 600;

fastcgi_read_timeout 600;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

fastcgi_temp_path /usr/local/nginx1.10/nginx_tmp;

fastcgi_intercept_errors on;

fastcgi_cache_path /usr/local/nginx1.10/fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g;

fastcgi_cache_valid 200 302 1h;

fastcgi_cache_valid 301 1d;

fastcgi_cache_valid any 1m;

fastcgi_cache_min_uses 1;

fastcgi_cache_key http://$host$request_uri;

fastcgi_pass 127.0.0.1:9000;

(7) Gzip Compression Tuning

Enable gzip and configure its parameters:

gzip on;

gzip_min_length 2k;

gzip_buffers 4 32k;

gzip_http_version 1.1;

gzip_comp_level 6;

gzip_types text/css text/xml application/javascript;

gzip_vary on;

gzip_proxied any;

Gzip reduces bandwidth and improves client experience but consumes CPU; adjust gzip_comp_level as needed.

(8) Expires Caching

Cache static assets to reduce bandwidth:

location ~* \.(ico|jpe?g|gif|png|bmp|swf|flv)$ {

expires 30d;

access_log off;

}

location ~* \.(js|css)$ {

expires 7d;

access_log off;

}

Shorter expiry times can be used for frequently updated resources.

(9) Anti‑Leech (Hotlink Protection)

Prevent other sites from directly linking to your media:

location ~* ^.+\.(jpg|gif|png|swf|flv|wma|wmv|asf|mp3|mmf|zip|rar)$ {

valid_referers none blocked www.example.com example.com;

if ($invalid_referer) {

return 404;

}

access_log off;

}

(10) Kernel Parameter Optimization

Key sysctl settings for high‑traffic servers:

fs.file-max = 999999

net.ipv4.tcp_max_tw_buckets = 6000

net.core.somaxconn = 40960

net.ipv4.tcp_keepalive_time = 30

net.ipv4.tcp_syncookies = 1

net.core.netdev_max_backlog = 262144

net.ipv4.tcp_rmem = 10240 87380 12582912

net.ipv4.tcp_wmem = 10240 87380 12582912

Apply changes with sysctl -p.

(11) System Connection Limits

Linux defaults to 1024 open files. Increase limits in /etc/security/limits.conf:

* soft nofile 65535

* hard nofile 65535

* soft noproc 65535

* hard noproc 65535

After editing, re‑login or run ulimit -n to verify.