/etc/nginx/nginx.cfg ftmon cluster configuration. For KVM with 1GB memory and 1 cpu. Assumes HAPROXY front end load balancer and php5-fpm backend.

gistfile1.txt

#---------------------------------------------------------------------------
# @(#)$Id$
#title          :/etc/nginx/nginx.cfg
#description    :ftmon cluster nginx config. HAPROXY frontend.
#author         :Danny W Sheehan
#date           :July 2014
#website        :ftmon.org
#
# This is a work in progress. A lot of trial and error and man hours have
# gone into this configuration. I have referenced sources that have been
# helpful.
#
# ftmon cluster is tuned for KVM with 1G of memory and 1 cpu.
#
# Final configuration will be available at https://github.com/ftmon as
# opensource.
#---------------------------------------------------------------------------

# based on https://raw.github.com/h5bp/server-configs-nginx/master/nginx.conf

# http://www.slashroot.in/nginx-web-server-performance-tuning-how-to-do-it

# Run as a less privileged user for security reasons.
user www-data www-data;

# How many worker threads to run;
# "auto" sets it to the number of CPU cores available in the system, and
# offers the best performance. Don't set it higher than the number of CPU
# cores if changing this parameter.


# Maximum open file descriptors per process;
# should be > worker_connections.
worker_rlimit_nofile 10000;

# The maximum number of connections for Nginx is calculated by:
# max_clients = worker_processes * worker_connections
# Let nginx identify the number of cores on your server and
# launch worker processes accordingly.
worker_processes auto;

events {
  # When you need > 8000 * cpu_cores connections, you start optimizing your OS,
  # and this is probably the point at which you hire people who are smarter than
  # you, as this is *a lot* of requests.

  worker_connections 2048;
  #debug_connection 10.0.0.100;
  #accept_mutex off;

  # Accept multiple connections at one time.
  multi_accept on;
  use epoll;
}

pid        /var/run/nginx.pid;

http {

  # Hide nginx version information.
  server_tokens off;

  # Use a local dns cache for performance.
  resolver 127.0.0.1 valid=600s;
  resolver_timeout 15s;

  # keep upstream servers together.
  include /etc/nginx/common/upstream-servers.conf;

  server_names_hash_bucket_size 128;
  map_hash_bucket_size 128;
  proxy_headers_hash_bucket_size 128;

  # NGINX behind ssl terminating load balancer
  #
  #  - for PHP-FPM
  #      fastcgi_param HTTPS $fcgi_https;
  map $http_x_forwarded_proto $real_ssl {
    default "";
    https on;
  }

  map $http_x_forwarded_proto $real_scheme {
    default $scheme;
    https https;
  }

  map $http_x_forwarded_proto $real_port {
    default $server_port;
    https 443;
  }

  set_real_ip_from 127.0.0.1;

  real_ip_header X-Forwarded-For;


        ##
        # Basic Settings
        ##

# http://dak1n1.com/blog/12-nginx-performance-tuning

# Sendfile copies data between one FD and other from within the kernel.
# More efficient than read() + write(), since the requires transferring data to and from the user space.
        sendfile on;

# Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. This is useful for prepending headers before calling sendfile,
# or for throughput optimization.
        tcp_nopush on;


# don't buffer data-sends (disable Nagle algorithm). Good for sending frequent small bursts of data in real time.
        tcp_nodelay on;


  # Timeout for keep-alive connections. Server will close connections after this time.
  keepalive_timeout 30;


  # Number of requests a client can make over the keep-alive connection. This is set high for testing.
  keepalive_requests 10000;


  # allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
  reset_timedout_connection on;

  # send the client a "request timed out" if the body is not loaded by this time. Default 60.
  client_body_timeout 10;

  # if behind a loadbalancer the loadbalaner will get 502 errors if
  # this is set too low, especially if you use ngx_pagespeed.
  send_timeout 7;


        # types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;


# Caches information about open FDs, freqently accessed files.
# Changing this setting, in my environment, brought performance up from 560k req/sec, to 904k req/sec.
# I recommend using some varient of these options, though not the specific values listed below.
  open_file_cache max=200000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  # for file uploads.
  client_max_body_size 10m;
  client_body_buffer_size 10m;

  # for long running php scripts such as upgrades/imports.
  fastcgi_read_timeout 500;


  include /etc/nginx/mime.types;
  # this is a problem
  # http://webmasters.stackexchange.com/questions/18504/character-set-not-specified-in-http-headers-error
  # https://www.digitalocean.com/community/questions/default-page-in-nginx

  #default_type application/octet-stream;
  default_type text/html;
  charset utf-8;

  # Update charset_types with missing ones.
  # http://nginx.org/en/docs/http/ngx_http_charset_module.html
  # charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;


        ##
        # Logging Settings
        ##

  # Format to use in log files
  #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

  # Specify a log format compatible with Apache's combined format
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent"';
  #                  '"$http_user_agent" "$http_x_forwarded_for"';

  # save i/o and CPU power if you don't need logs.
  # access_log off;
  access_log /var/log/nginx/access.log main buffer=16k;
  # http://blog.ed.gs/2012/10/16/php-fpm-error-logging-to-nginx/
  error_log /var/log/nginx/error.log error;

        ##
        # Gzip Settings
        ##


# Compression. Reduces the amount of data that needs to be transferred over the network
  gzip  on;
  gzip_http_version 1.0;
  # https://gist.github.com/dralshehri/6c45ac78df035edd457f
  gzip_vary on;
  gzip_min_length 860;
  gzip_comp_level 5;
  gzip_proxied any;
 # Compress all output labeled with one of the following MIME-types.

  # http://www.nginxtips.com/how-to-configure-nginx-gzip-compression/
  # gzip_types    text/plain application/x-javascript text/css text/xml application/xml application/xml+rss text/javascript application/javascript;

  gzip_types application/atom+xml application/x-javascript text/javascript application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
  # text/html is always compressed by HttpGzipModule

  gzip_buffers 16 8k;
  # The special mask “msie6” (0.7.12) corresponds to the regular expression “MSIE [4-6]\.”, but works faster. Starting from version 0.8.11, “MSIE 6.0; ... SV1” is excluded from this mask.
  gzip_disable "msie6";

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
        ##

        #include /etc/nginx/naxsi_core.rules;

        ##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}