Created
October 7, 2017 23:05
-
-
Save divadsn/fc71d224894de84d2f5f1af0eab22683 to your computer and use it in GitHub Desktop.
Boosted default nginx.conf, based on https://github.com/denji/nginx-tuning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# default nginx runtime settings | |
user www-data; | |
pid /run/nginx.pid; | |
# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that | |
worker_processes auto; #some last versions calculate it automatically | |
# number of file descriptors used for nginx | |
# the limit for the maximum FDs on the server is usually set by the OS. | |
# if you don't set FD's then OS settings will be used which is by default 2000 | |
worker_rlimit_nofile 100000; | |
# only log critical errors | |
error_log /var/log/nginx/error.log crit; | |
# provides the configuration file context in which the directives that affect connection processing are specified. | |
events { | |
# determines how much clients will be served per worker | |
# max clients = worker_connections * worker_processes | |
# max clients is also limited by the number of socket connections available on the system (~64k) | |
worker_connections 4000; | |
# optmized to serve many clients with each thread, essential for linux -- for testing environment | |
use epoll; | |
# accept as many connections as possible, may flood worker connections if set too low -- for testing environment | |
multi_accept on; | |
} | |
http { | |
# mime types | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# ssl settings | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE | |
ssl_prefer_server_ciphers on; | |
# cache informations about FDs, frequently accessed files | |
# can boost performance, but you need to test those values | |
open_file_cache max=200000 inactive=20s; | |
open_file_cache_valid 30s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors on; | |
# to boost I/O on HDD we can disable access logs | |
access_log off; | |
# copies data between one FD and other from within the kernel | |
# faster then read() + write() | |
sendfile on; | |
# send headers in one peace, its better then sending them one by one | |
tcp_nopush on; | |
# don't buffer data sent, good for small data bursts in real time | |
tcp_nodelay on; | |
# reduce the data that needs to be sent over network -- for testing environment | |
gzip on; | |
gzip_min_length 10240; | |
gzip_proxied expired no-cache no-store private auth; | |
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml; | |
gzip_disable msie6; | |
# allow the server to close connection on non responding client, this will free up memory | |
reset_timedout_connection on; | |
# if the request body size is more than the buffer size, then the entire (or partial) | |
# request body is written into a temporary file | |
client_body_buffer_size 128k; | |
# headerbuffer size for the request header from client -- for testing environment | |
client_header_buffer_size 3m; | |
# maximum number and size of buffers for large headers to read from client request | |
large_client_header_buffers 4 256k; | |
# read timeout for the request body from client -- for testing environment | |
client_body_timeout 3m; | |
# how long to wait for the client to send a request header -- for testing environment | |
client_header_timeout 3m; | |
# if client stop responding, free up memory -- default 60 | |
send_timeout 2; | |
# server will close connection after this time -- default 75 | |
keepalive_timeout 30; | |
# number of requests client can make over keep-alive -- for testing environment | |
keepalive_requests 100000; | |
# limit the number of connections per single IP | |
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | |
# limit the number of requests for a given session | |
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; | |
# zone which we want to limit by upper values, we want limit whole server | |
server { | |
limit_conn conn_limit_per_ip 10; | |
limit_req zone=req_limit_per_ip burst=10 nodelay; | |
} | |
# virtual host configs | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment