Last active
March 17, 2018 17:02
-
-
Save ashishdungdung/7efb59de7089da2b532e3359cbc630b9 to your computer and use it in GitHub Desktop.
Configuring NGINX for Maximum Throughput Under High Concurrency for EasyEngine with AWS c5.4xlarge Instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## AWS c5.4xlarge instance c5.4xlarge 16 Cores and 32 GiB Ram | |
## Ngnix v1.13.9 | |
## GZIP, Brotli, SSL | |
user www-data; | |
worker_processes 16; | |
worker_rlimit_nofile 100000; | |
pid /run/nginx.pid; | |
events { | |
worker_connections 500000; | |
multi_accept on; | |
use epoll; | |
} | |
http { | |
## | |
# EasyEngine Settings | |
## | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 30; | |
types_hash_max_size 2048; | |
# client body buffer. | |
client_body_buffer_size 1m; | |
client_header_buffer_size 2k; | |
large_client_header_buffers 8 8k; | |
output_buffers 1 256k; | |
postpone_output 1460; | |
# Extra http core module | |
etag on; | |
if_modified_since exact; | |
# Extra http core module | |
open_file_cache max=200000 inactive=5m; | |
open_file_cache_valid 2m; | |
open_file_cache_min_uses 5; | |
open_file_cache_errors on; | |
server_tokens off; | |
reset_timedout_connection on; | |
add_header X-Powered-By "EasyEngine 3.7.5"; | |
add_header rt-Fastcgi-Cache $upstream_cache_status; | |
# Limit Request | |
limit_req_status 403; | |
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; | |
# Proxy Settings | |
# set_real_ip_from proxy-server-ip; | |
# real_ip_header X-Forwarded-For; | |
fastcgi_read_timeout 300; | |
client_max_body_size 100m; | |
## | |
# SSL Settings | |
## | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | |
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 60m; | |
ssl_session_tickets off; | |
ssl_ecdh_curve X25519:P-256:P-384:P-521; | |
## Common headers for security | |
more_set_headers "Strict-Transport-Security : max-age=15768000; includeSubDomains; preload"; | |
more_set_headers "X-Frame-Options : SAMEORIGIN"; | |
more_set_headers "Content-Security-Policy : default-src https: data: 'unsafe-inline' 'unsafe-eval' always"; | |
more_set_headers "X-Xss-Protection : 1; mode=block"; | |
more_set_headers "X-Content-Type-Options : nosniff"; | |
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; | |
more_set_headers "Server : Follow the white rabbit."; | |
## Added On 22 Feb 2018 | |
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ | |
aio threads; | |
## | |
## | |
# Basic Settings | |
## | |
# server_names_hash_bucket_size 64; | |
# server_name_in_redirect off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
## | |
# Logging Settings | |
## | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
# Log format Settings | |
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' | |
'$http_host "$request" $status $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent"'; | |
## | |
# Gzip Settings | |
## | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 9; | |
gzip_buffers 16 8k; | |
gzip_http_version 1.1; | |
gzip_types | |
application/atom+xml | |
application/javascript | |
application/json | |
application/ld+json | |
application/manifest+json | |
application/rss+xml | |
application/vnd.geo+json | |
application/vnd.ms-fontobject | |
application/x-font-ttf | |
application/x-web-app-manifest+json | |
application/xhtml+xml | |
application/xml | |
font/opentype | |
image/svg+xml | |
image/x-icon | |
text/cache-manifest | |
text/css | |
text/plain | |
text/vcard | |
text/vnd.rim.location.xloc | |
text/vtt | |
text/x-component | |
text/xml | |
text/javascript | |
text/x-cross-domain-policy; | |
## | |
# Brotli Settings | |
## | |
brotli on; | |
brotli_static on; | |
brotli_types | |
text/plain | |
text/css | |
application/javascript | |
application/x-javascript | |
text/xml | |
application/xml | |
application/xml+rss | |
text/javascript | |
image/x-icon | |
image/vnd.microsoft.icon | |
image/bmp | |
image/webp | |
image/svg+xml; | |
brotli_comp_level 11; | |
## | |
# Virtual Host Configs | |
## | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
# End | |
} | |
#mail { | |
# # See sample authentication script at: | |
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript | |
# | |
# # auth_http localhost/auth.php; | |
# # pop3_capabilities "TOP" "USER"; | |
# # imap_capabilities "IMAP4rev1" "UIDPLUS"; | |
# | |
# server { | |
# listen localhost:110; | |
# protocol pop3; | |
# proxy on; | |
# } | |
# | |
# server { | |
# listen localhost:143; | |
# protocol imap; | |
# proxy on; | |
# } | |
#} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment