Why Nginx Outperforms Others: Deep Dive into Architecture, Modules, and Tuning

1. Nginx Overview and Features

NGINX is a high‑performance load balancer, cache, and web server used by more than 40 % of the busiest sites. Its default configuration works for most cases, but optimal performance often requires tuning.

High performance via event‑driven, asynchronous non‑blocking architecture.

Reverse proxy, static file serving, dynamic content handling, caching, SSL/TLS support, extensible modules.

2. Nginx Modules and Working Principle

NGINX consists of a core and modules. The core parses the configuration and maps a request to a location block; each directive inside the block activates a specific module.

Core modules: http, event, mail.

Standard modules: http_access, http_fastcgi, http_proxy, http_rewrite.

Third‑party modules: upstream request hash, notice, access‑key, etc.

Modules are classified by function:

Handlers : process the request and generate output.

Filters : modify the output of handlers.

Proxies : communicate with upstream services such as FastCGI.

3. Nginx Process Model

NGINX starts a master process and multiple worker processes. The master handles signals, reloads configuration, and manages workers. Workers accept connections, read, process, and respond to requests. Typically the number of workers equals the number of CPU cores.

When a SIGHUP is sent, the master reloads the config, spawns new workers, and gracefully shuts down old ones after they finish pending requests.

Workers use a shared accept_mutex to ensure only one worker accepts a new connection, then handle the request in a single thread.

4. Nginx + FastCGI

4.1 What is FastCGI

FastCGI is a scalable interface that allows an HTTP server to communicate with external script interpreters (e.g., PHP). It keeps persistent daemon processes, avoiding the overhead of spawning a CGI process per request.

4.2 Nginx + FastCGI Working Principle

NGINX cannot execute external programs directly; it forwards PHP requests to a FastCGI server via a socket. A wrapper (e.g., spawn-fcgi or PHP‑FPM) receives the request, forks a worker to run the interpreter, and returns the response to NGINX.

4.3 spawn-fcgi vs PHP-FPM

spawn-fcgi (originally part of Lighttpd) may leak memory under high load. PHP‑FPM is integrated into PHP core, offers better performance, process management, and is the recommended FastCGI manager for PHP.

4.4 Nginx + PHP-FPM Configuration

location ~ \.(php)$ {
    include fastcgi.conf;
    fastcgi_pass 127.0.0.1:9000;
}

5. Nginx + PHP Correct Configuration

Typical server block:

server {
    listen 80;
    server_name foo.com;
    root /path;
    index index.html index.htm index.php;
    location / {
        try_files $uri $uri/ /index.php;
    }
    location ~ \.(php)$ {
        try_files $uri =404;
        include fastcgi.conf;
        fastcgi_pass 127.0.0.1:9000;
    }
}

6. Nginx Optimization

6.1 Compilation Optimizations

Disable debug mode in auto/cc/gcc and use --with-cc-opt='-O3' or --with-cpu-opt=CPU for CPU‑specific builds.

6.2 TCMalloc

Install libunwind and google-perftools, then compile NGINX with --with-google_perftools_module. Configure google_perftools_profiles directory and restart.

6.3 Kernel Parameter Tuning

net.ipv4.tcp_max_tw_buckets = 6000
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
# … other sysctl settings …

Apply with sysctl -p.

6.4 PHP-FPM Tuning

Increase pm.max_children, raise rlimit_files, and adjust max_requests to suit load.

6.5 NGINX Configuration Tuning

Set worker_processes to CPU count, enable worker_cpu_affinity, use epoll, adjust worker_connections, keepalive_timeout, buffer sizes, gzip, open_file_cache, and proxy buffers as needed.

7. Error Troubleshooting

400 Bad Request – increase client_header_buffer_size and large_client_header_buffers.

413 Request Entity Too Large – set client_max_body_size and matching PHP post_max_size, upload_max_filesize.

502 Bad Gateway – check upstream service health, increase FastCGI timeouts, ensure enough PHP‑FPM workers.

504 Gateway Timeout – raise upstream timeouts, reduce backend load.

upstream sent too big header – increase proxy_buffer_size, proxy_buffers, or FastCGI buffers.

8. Nginx PHP Vulnerability

A vulnerability allows NGINX to treat any file as PHP when cgi.fix_pathinfo is enabled. An attacker can request /file.jpg/evil.php, causing NGINX to set SCRIPT_FILENAME to the image path and execute it as PHP.

Mitigation: set cgi.fix_pathinfo=0 or add a location block that denies requests where $fastcgi_script_name contains “.php” after a non‑PHP extension.

if ($fastcgi_script_name ~ \..*/.*\.php) {
    return 403;
}