Understanding NGINX: Modules, Process Model, FastCGI Integration, Performance Tuning, and Common Issues

1. Overview of NGINX

NGINX is a high‑performance load balancer, cache, and web server that powers over 40 % of the busiest sites. By default it works well, but optimal performance often requires tuning of NGINX and Linux parameters.

2. NGINX Modules and Working Principle

NGINX consists of a core and loadable modules. Modules are divided into core, standard and third‑party groups. They are further classified as Handlers, Filters and Proxies. A request is mapped to a location block, which triggers the appropriate modules.

3. Process Model

NGINX runs a master process that manages several worker processes. The master handles signals, monitors workers and restarts them if they exit. Workers accept connections, process requests using an event‑driven, non‑blocking model and then terminate after completing the request.

4. NGINX + FastCGI

NGINX cannot execute external programs directly; dynamic content such as PHP is handled via FastCGI. A FastCGI wrapper receives the request, forks a worker, executes the script and returns the response to NGINX.

Two common FastCGI managers are spawn-fcgi and PHP-FPM . PHP‑FPM is now built into PHP and offers better performance and stability.

5. Configuration Examples

Typical nginx.conf sections include http , server and location . Use try_files instead of if for routing, and prefer fastcgi.conf over fastcgi_params to avoid duplicate SCRIPT_FILENAME definitions.

6. Performance Tuning

Compile‑time options (disable debug, enable -O3 , specify CPU type) and runtime settings (worker count, worker_cpu_affinity , worker_connections , epoll ) improve throughput. Integrating TCMalloc, adjusting kernel TCP parameters, and tuning buffers, caches and gzip further boost performance.

7. Error Diagnosis

Common HTTP errors (400, 413, 502, 504) are usually caused by header size limits, client_max_body_size , insufficient FastCGI workers or timeout settings. Adjust the corresponding NGINX directives and PHP‑FPM limits to resolve them.

8. Security Issue

A vulnerability allows NGINX to treat any file as PHP when cgi.fix_pathinfo is enabled. Mitigate by disabling cgi.fix_pathinfo or adding a location rule that returns 403 for suspicious URIs.