Created
July 9, 2014 11:11
-
-
Save dannysheehan/afe330b28ed22c822471 to your computer and use it in GitHub Desktop.
/etc/nginx/nginx.cfg ftmon cluster configuration. For KVM with 1GB memory and 1 cpu. Assumes HAPROXY front end load balancer and php5-fpm backend.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#--------------------------------------------------------------------------- | |
# @(#)$Id$ | |
#title :/etc/nginx/nginx.cfg | |
#description :ftmon cluster nginx config. HAPROXY frontend. | |
#author :Danny W Sheehan | |
#date :July 2014 | |
#website :ftmon.org | |
# | |
# This is a work in progress. A lot of trial and error and man hours have | |
# gone into this configuration. I have referenced sources that have been | |
# helpful. | |
# | |
# ftmon cluster is tuned for KVM with 1G of memory and 1 cpu. | |
# | |
# Final configuration will be available at https://github.com/ftmon as | |
# opensource. | |
#--------------------------------------------------------------------------- | |
# based on https://raw.github.com/h5bp/server-configs-nginx/master/nginx.conf | |
# http://www.slashroot.in/nginx-web-server-performance-tuning-how-to-do-it | |
# Run as a less privileged user for security reasons. | |
user www-data www-data; | |
# How many worker threads to run; | |
# "auto" sets it to the number of CPU cores available in the system, and | |
# offers the best performance. Don't set it higher than the number of CPU | |
# cores if changing this parameter. | |
# Maximum open file descriptors per process; | |
# should be > worker_connections. | |
worker_rlimit_nofile 10000; | |
# The maximum number of connections for Nginx is calculated by: | |
# max_clients = worker_processes * worker_connections | |
# Let nginx identify the number of cores on your server and | |
# launch worker processes accordingly. | |
worker_processes auto; | |
events { | |
# When you need > 8000 * cpu_cores connections, you start optimizing your OS, | |
# and this is probably the point at which you hire people who are smarter than | |
# you, as this is *a lot* of requests. | |
worker_connections 2048; | |
#debug_connection 10.0.0.100; | |
#accept_mutex off; | |
# Accept multiple connections at one time. | |
multi_accept on; | |
use epoll; | |
} | |
pid /var/run/nginx.pid; | |
http { | |
# Hide nginx version information. | |
server_tokens off; | |
# Use a local dns cache for performance. | |
resolver 127.0.0.1 valid=600s; | |
resolver_timeout 15s; | |
# keep upstream servers together. | |
include /etc/nginx/common/upstream-servers.conf; | |
server_names_hash_bucket_size 128; | |
map_hash_bucket_size 128; | |
proxy_headers_hash_bucket_size 128; | |
# NGINX behind ssl terminating load balancer | |
# | |
# - for PHP-FPM | |
# fastcgi_param HTTPS $fcgi_https; | |
map $http_x_forwarded_proto $real_ssl { | |
default ""; | |
https on; | |
} | |
map $http_x_forwarded_proto $real_scheme { | |
default $scheme; | |
https https; | |
} | |
map $http_x_forwarded_proto $real_port { | |
default $server_port; | |
https 443; | |
} | |
set_real_ip_from 127.0.0.1; | |
real_ip_header X-Forwarded-For; | |
## | |
# Basic Settings | |
## | |
# http://dak1n1.com/blog/12-nginx-performance-tuning | |
# Sendfile copies data between one FD and other from within the kernel. | |
# More efficient than read() + write(), since the requires transferring data to and from the user space. | |
sendfile on; | |
# Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet, | |
# instead of using partial frames. This is useful for prepending headers before calling sendfile, | |
# or for throughput optimization. | |
tcp_nopush on; | |
# don't buffer data-sends (disable Nagle algorithm). Good for sending frequent small bursts of data in real time. | |
tcp_nodelay on; | |
# Timeout for keep-alive connections. Server will close connections after this time. | |
keepalive_timeout 30; | |
# Number of requests a client can make over the keep-alive connection. This is set high for testing. | |
keepalive_requests 10000; | |
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory. | |
reset_timedout_connection on; | |
# send the client a "request timed out" if the body is not loaded by this time. Default 60. | |
client_body_timeout 10; | |
# if behind a loadbalancer the loadbalaner will get 502 errors if | |
# this is set too low, especially if you use ngx_pagespeed. | |
send_timeout 7; | |
# types_hash_max_size 2048; | |
# server_tokens off; | |
# server_names_hash_bucket_size 64; | |
# server_name_in_redirect off; | |
# Caches information about open FDs, freqently accessed files. | |
# Changing this setting, in my environment, brought performance up from 560k req/sec, to 904k req/sec. | |
# I recommend using some varient of these options, though not the specific values listed below. | |
open_file_cache max=200000 inactive=20s; | |
open_file_cache_valid 30s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors on; | |
# for file uploads. | |
client_max_body_size 10m; | |
client_body_buffer_size 10m; | |
# for long running php scripts such as upgrades/imports. | |
fastcgi_read_timeout 500; | |
include /etc/nginx/mime.types; | |
# this is a problem | |
# http://webmasters.stackexchange.com/questions/18504/character-set-not-specified-in-http-headers-error | |
# https://www.digitalocean.com/community/questions/default-page-in-nginx | |
#default_type application/octet-stream; | |
default_type text/html; | |
charset utf-8; | |
# Update charset_types with missing ones. | |
# http://nginx.org/en/docs/http/ngx_http_charset_module.html | |
# charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json; | |
## | |
# Logging Settings | |
## | |
# Format to use in log files | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# Specify a log format compatible with Apache's combined format | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent"'; | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
# save i/o and CPU power if you don't need logs. | |
# access_log off; | |
access_log /var/log/nginx/access.log main buffer=16k; | |
# http://blog.ed.gs/2012/10/16/php-fpm-error-logging-to-nginx/ | |
error_log /var/log/nginx/error.log error; | |
## | |
# Gzip Settings | |
## | |
# Compression. Reduces the amount of data that needs to be transferred over the network | |
gzip on; | |
gzip_http_version 1.0; | |
# https://gist.github.com/dralshehri/6c45ac78df035edd457f | |
gzip_vary on; | |
gzip_min_length 860; | |
gzip_comp_level 5; | |
gzip_proxied any; | |
# Compress all output labeled with one of the following MIME-types. | |
# http://www.nginxtips.com/how-to-configure-nginx-gzip-compression/ | |
# gzip_types text/plain application/x-javascript text/css text/xml application/xml application/xml+rss text/javascript application/javascript; | |
gzip_types application/atom+xml application/x-javascript text/javascript application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component; | |
# text/html is always compressed by HttpGzipModule | |
gzip_buffers 16 8k; | |
# The special mask “msie6” (0.7.12) corresponds to the regular expression “MSIE [4-6]\.”, but works faster. Starting from version 0.8.11, “MSIE 6.0; ... SV1” is excluded from this mask. | |
gzip_disable "msie6"; | |
## | |
# nginx-naxsi config | |
## | |
# Uncomment it if you installed nginx-naxsi | |
## | |
#include /etc/nginx/naxsi_core.rules; | |
## | |
# nginx-passenger config | |
## | |
# Uncomment it if you installed nginx-passenger | |
## | |
#passenger_root /usr; | |
#passenger_ruby /usr/bin/ruby; | |
## | |
# Virtual Host Configs | |
## | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment