Optimizing NGINX and Linux Settings for High Performance

Introduction

The article assumes a basic understanding of NGINX architecture and offers an overview of useful tuning options, linking to official documentation and emphasizing a one‑change‑at‑a‑time approach.

Adjusting Linux Configuration

Key kernel settings that affect NGINX performance are discussed, focusing on those most likely to benefit typical workloads.

Backlog Queue

net.core.somaxconn – maximum pending connections waiting for NGINX to accept; increase if error logs indicate it is too low.

net.core.netdev_max_backlog – NIC packet buffering rate before handing packets to the CPU; raise for high‑bandwidth servers.

File Descriptors

sys.fs.file-max – system‑wide limit of file descriptors.

nofile – per‑user limit set in /etc/security/limits.conf.

Ephemeral Ports

net.ipv4.ip_local_port_range – range of temporary ports used when NGINX proxies to upstream servers; expand if ports are exhausted.

Adjusting NGINX Configuration

Only a subset of directives that can impact performance are covered.

Worker Processes

worker_processes – number of processes (default 1); usually set to auto to match CPU cores.

worker_connections – maximum simultaneous connections per worker (default 512); adjust based on traffic.

Keepalive Connections

keepalive_requests – number of requests a client can send over a single keepalive connection (default 100).

keepalive_timeout – idle time before a keepalive connection is closed.

keepalive – number of idle keepalive connections to upstream servers per worker.

To enable upstream keepalive, include:

proxy_http_version 1.1;<br/>proxy_set_header Connection "";

Access Log Buffering

Buffering reduces CPU/I/O overhead; use access_log ... buffer=size flush=time or disable logging with off.

Sendfile

Enables zero‑copy file transmission for faster writes; add sendfile on; in the appropriate context, noting that it bypasses content filters like gzip.

Limits

limit_conn / limit_conn_zone – restrict connections per IP.

limit_rate – cap bandwidth per connection.

limit_req / limit_req_zone – limit request rate, improving security against DoS.

max_conns in upstream blocks – limit concurrent connections to upstream servers.

queue (NGINX Plus) – queue excess requests when upstream limits are reached.

Caching and Compression

Enabling NGINX caching can dramatically improve response times and reduce backend load; detailed cache configuration is beyond this article’s scope.

Compression (gzip) reduces payload size at the cost of CPU; enable for compressible content but avoid already compressed assets like JPEGs.