Gani Rakhmatov rahmatov

## nginx-tuning.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rahmatov
                / nginx-tuning.md
            
            
              Created
              November 9, 2016 06:35
                — forked from denji/nginx-tuning.md
            
              
                NGINX tuning for best performance
              
          
    NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400,000 to 500,000 requests per second (clustered), most what i saw is 50,000 to 80,000 (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

Stable version NGINX (deb/rpm)
Mainline version NGINX (deb/rpm)


## ssh-telegram.sh
# save it as /etc/profile.d/ssh-telegram.sh
# use jq to parse JSON from ipinfo.io
# get jq from here http://stedolan.github.io/jq/
USERID="<target_user_id>"
KEY="<bot_private_key>"
TIMEOUT="10"
URL="https://api.telegram.org/bot$KEY/sendMessage"
DATE_EXEC="$(date "+%d %b %Y %H:%M")"
TMPFILE='/tmp/ipinfo-$DATE_EXEC.txt'
if [ -n "$SSH_CLIENT" ]; then

## set_irq_affinity.sh
# setting up irq affinity according to /proc/interrupts
# 2008-11-25 Robert Olsson
# 2009-02-19 updated by Jesse Brandeburg
#
# > Dave Miller:
# (To get consistent naming in /proc/interrups)
# I would suggest that people use something like:
#  char buf[IFNAMSIZ+6];
#
#	sprintf(buf, "%s-%s-%d",

## flussonic-securelink.php
<?php
/*
insert into flussonic.conf:
  web_script securetoken /etc/flussonic/securetoken.lua key=mysecretkey password=mypassword;
  auth /etc/flussonic/securetoken.lua key=mysecretkey;
Read more at:
 English - http://flussonic.com/doc/auth/securelink
 Russian - http://erlyvideo.ru/doc/auth/securelink
*/

## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

## example.com

proxy_cache_path /tmp/cacheapi levels=1:2 keys_zone=microcacheapi:100m max_size=1g inactive=1d use_temp_path=off;
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name example.com;

    location /api/ {
        # Rate Limiting
        limit_req zone=reqlimit burst=20; # Max burst of request

## html5_video_conv.bash
#!/bin/bash

#
# video conversion script for publishing as HTML 5 video, via videojs (with hd button extension)
# 2011 by zpea
# feel free to use as public domain / Creative Commons CC0 1.0 (http://creativecommons.org/publicdomain/zero/1.0/)
#

FFMPEG=/usr/bin/ffmpeg
HD_SUFFIX='_hd'

## iptables.sh
#!/bin/sh

IPT="/sbin/iptables" #Iptable's path

#Network interfaces :
interface=eth0   # Internet

start() {
    ### DELETE ALL ENTRIES ###
    $IPT -F

## iptables-config-script
#!/bin/sh

# Empty all rules
sudo iptables -t filter -F
sudo iptables -t filter -X

# Bloc everything by default
sudo iptables -t filter -P INPUT DROP
sudo iptables -t filter -P FORWARD DROP
sudo iptables -t filter -P OUTPUT DROP

## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
	# save it as /etc/profile.d/ssh-telegram.sh
	# use jq to parse JSON from ipinfo.io
	# get jq from here http://stedolan.github.io/jq/
	USERID="<target_user_id>"
	KEY="<bot_private_key>"
	TIMEOUT="10"
	URL="https://api.telegram.org/bot$KEY/sendMessage"
	DATE_EXEC="$(date "+%d %b %Y %H:%M")"
	TMPFILE='/tmp/ipinfo-$DATE_EXEC.txt'
	if [ -n "$SSH_CLIENT" ]; then
	# setting up irq affinity according to /proc/interrupts
	# 2008-11-25 Robert Olsson
	# 2009-02-19 updated by Jesse Brandeburg
	#
	# > Dave Miller:
	# (To get consistent naming in /proc/interrups)
	# I would suggest that people use something like:
	# char buf[IFNAMSIZ+6];
	#
	# sprintf(buf, "%s-%s-%d",
	<?php
	/*
	insert into flussonic.conf:
	web_script securetoken /etc/flussonic/securetoken.lua key=mysecretkey password=mypassword;
	auth /etc/flussonic/securetoken.lua key=mysecretkey;
	Read more at:
	English - http://flussonic.com/doc/auth/securelink
	Russian - http://erlyvideo.ru/doc/auth/securelink
	*/
	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

	proxy_cache_path /tmp/cacheapi levels=1:2 keys_zone=microcacheapi:100m max_size=1g inactive=1d use_temp_path=off;
	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name example.com;

	location /api/ {
	# Rate Limiting
	limit_req zone=reqlimit burst=20; # Max burst of request
	#!/bin/bash

	#
	# video conversion script for publishing as HTML 5 video, via videojs (with hd button extension)
	# 2011 by zpea
	# feel free to use as public domain / Creative Commons CC0 1.0 (http://creativecommons.org/publicdomain/zero/1.0/)
	#

	FFMPEG=/usr/bin/ffmpeg
	HD_SUFFIX='_hd'
	#!/bin/sh

	IPT="/sbin/iptables" #Iptable's path

	#Network interfaces :
	interface=eth0 # Internet

	start() {
	### DELETE ALL ENTRIES ###
	$IPT -F
	#!/bin/sh

	# Empty all rules
	sudo iptables -t filter -F
	sudo iptables -t filter -X

	# Bloc everything by default
	sudo iptables -t filter -P INPUT DROP
	sudo iptables -t filter -P FORWARD DROP
	sudo iptables -t filter -P OUTPUT DROP