From 1c472e4b94c53664b2338ba531c5f7ce1c117542 Mon Sep 17 00:00:00 2001 From: RadinPirouz Date: Sun, 28 Sep 2025 16:38:51 +0330 Subject: [PATCH] nginx optimization doc --- .../{1-Information.md => 01-Information.md} | 0 .../{2-Installtion.md => 02-Installtion.md} | 0 ...p-Web-Server.md => 03-Setup-Web-Server.md} | 0 ...4-Reverse-Proxy.md => 04-Reverse-Proxy.md} | 0 ...5-Load-Balancer.md => 05-Load-Balancer.md} | 0 .../{6-File-Server.md => 06-File-Server.md} | 0 Web-Servers/Nginx/{7-ssl.md => 07-SSL.md} | 0 Web-Servers/Nginx/{8-auth.md => 08-Auth.md} | 0 .../Nginx/{9-ratelimit.md => 09-Ratelimit.md} | 0 Web-Servers/Nginx/10-Optimization.md | 102 ++++++++++++++++++ 10 files changed, 102 insertions(+) rename Web-Servers/Nginx/{1-Information.md => 01-Information.md} (100%) rename Web-Servers/Nginx/{2-Installtion.md => 02-Installtion.md} (100%) rename Web-Servers/Nginx/{3-Setup-Web-Server.md => 03-Setup-Web-Server.md} (100%) rename Web-Servers/Nginx/{4-Reverse-Proxy.md => 04-Reverse-Proxy.md} (100%) rename Web-Servers/Nginx/{5-Load-Balancer.md => 05-Load-Balancer.md} (100%) rename Web-Servers/Nginx/{6-File-Server.md => 06-File-Server.md} (100%) rename Web-Servers/Nginx/{7-ssl.md => 07-SSL.md} (100%) rename Web-Servers/Nginx/{8-auth.md => 08-Auth.md} (100%) rename Web-Servers/Nginx/{9-ratelimit.md => 09-Ratelimit.md} (100%) create mode 100644 Web-Servers/Nginx/10-Optimization.md diff --git a/Web-Servers/Nginx/1-Information.md b/Web-Servers/Nginx/01-Information.md similarity index 100% rename from Web-Servers/Nginx/1-Information.md rename to Web-Servers/Nginx/01-Information.md diff --git a/Web-Servers/Nginx/2-Installtion.md b/Web-Servers/Nginx/02-Installtion.md similarity index 100% rename from Web-Servers/Nginx/2-Installtion.md rename to Web-Servers/Nginx/02-Installtion.md diff --git a/Web-Servers/Nginx/3-Setup-Web-Server.md b/Web-Servers/Nginx/03-Setup-Web-Server.md similarity index 100% rename from Web-Servers/Nginx/3-Setup-Web-Server.md rename to Web-Servers/Nginx/03-Setup-Web-Server.md diff --git a/Web-Servers/Nginx/4-Reverse-Proxy.md b/Web-Servers/Nginx/04-Reverse-Proxy.md similarity index 100% rename from Web-Servers/Nginx/4-Reverse-Proxy.md rename to Web-Servers/Nginx/04-Reverse-Proxy.md diff --git a/Web-Servers/Nginx/5-Load-Balancer.md b/Web-Servers/Nginx/05-Load-Balancer.md similarity index 100% rename from Web-Servers/Nginx/5-Load-Balancer.md rename to Web-Servers/Nginx/05-Load-Balancer.md diff --git a/Web-Servers/Nginx/6-File-Server.md b/Web-Servers/Nginx/06-File-Server.md similarity index 100% rename from Web-Servers/Nginx/6-File-Server.md rename to Web-Servers/Nginx/06-File-Server.md diff --git a/Web-Servers/Nginx/7-ssl.md b/Web-Servers/Nginx/07-SSL.md similarity index 100% rename from Web-Servers/Nginx/7-ssl.md rename to Web-Servers/Nginx/07-SSL.md diff --git a/Web-Servers/Nginx/8-auth.md b/Web-Servers/Nginx/08-Auth.md similarity index 100% rename from Web-Servers/Nginx/8-auth.md rename to Web-Servers/Nginx/08-Auth.md diff --git a/Web-Servers/Nginx/9-ratelimit.md b/Web-Servers/Nginx/09-Ratelimit.md similarity index 100% rename from Web-Servers/Nginx/9-ratelimit.md rename to Web-Servers/Nginx/09-Ratelimit.md diff --git a/Web-Servers/Nginx/10-Optimization.md b/Web-Servers/Nginx/10-Optimization.md new file mode 100644 index 0000000..937988b --- /dev/null +++ b/Web-Servers/Nginx/10-Optimization.md @@ -0,0 +1,102 @@ +# **Nginx Optimization Guide** + +This document provides recommended configurations to optimize **Nginx performance** for high concurrency, low latency, and efficient resource usage. + +--- + +## **1. Core Performance Configuration** + +```nginx +worker_processes auto; +worker_rlimit_nofile 65535; + +events { + worker_connections 8192; + multi_accept on; + use epoll; +} +``` + +### **Explanation:** + +| Directive | Description | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | +| `worker_processes auto` | Automatically sets the number of worker processes to match CPU cores. Best practice: match number of CPU cores. | +| `worker_rlimit_nofile 65535` | Increases the number of file descriptors (FD) Nginx can handle, supporting higher connections. | +| `worker_connections 8192` | Maximum number of simultaneous connections a worker can handle. | +| `multi_accept on` | Allows a worker to accept multiple new connections at once. Improves performance but increases CPU usage. | +| `use epoll` | Uses the epoll event model (Linux only). Highly scalable and efficient for non-blocking I/O. | + +--- + +## **2. HTTP Optimization** + +```nginx +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + keepalive_requests 10000; + + client_max_body_size 50M; + server_tokens off; + + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_types text/plain text/css application/json application/javascript application/xml+rss; +} +``` + +### **Explanation:** + +| Directive | Description | +| -------------------------- | ----------------------------------------------------------------------------------------------------- | +| `sendfile on` | Sends files directly from disk to network (zero-copy). Reduces CPU usage and improves response time. | +| `tcp_nopush on` | Sends headers and body together in a single packet for better network efficiency. | +| `tcp_nodelay on` | Sends small TCP packets immediately, reducing latency for small responses. | +| `keepalive_timeout 65` | Keeps connections open for 65 seconds after a request (adjustable). | +| `keepalive_requests 10000` | Maximum number of requests allowed per keepalive connection. | +| `client_max_body_size 50M` | Limits maximum upload size to prevent DoS attacks. | +| `server_tokens off` | Hides Nginx version in headers and error pages for security. | +| `gzip on` | Enables gzip compression of responses to reduce bandwidth. | +| `gzip_comp_level 5` | Compression level (1 = fast, low compression; 9 = slow, maximum compression). 5 is a balanced choice. | +| `gzip_min_length 256` | Only compress responses larger than 256 bytes. | +| `gzip_proxied any` | Enable compression even behind reverse proxies. | +| `gzip_types` | Defines content types eligible for compression. | + +--- + +## **3. Static File Caching** + +```nginx +location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2?)$ { + expires 7d; + access_log off; + add_header Cache-Control "public, no-transform"; +} +``` + +### **Explanation:** + +| Directive | Description | | | | | | | | +| ------------------------------------------------- | --------------------------------------------------------- | --- | --- | --- | --- | -- | --------- | ------------------------------------------------------------- | +| `~* .(jpg | jpeg | png | gif | ico | css | js | woff2?)$` | Regex to match static files (images, styles, scripts, fonts). | +| `expires 7d` | Sets browser caching for 7 days to reduce server load. | | | | | | | | +| `access_log off` | Disables logging for static files to improve performance. | | | | | | | | +| `add_header Cache-Control "public, no-transform"` | Ensures files are cacheable by clients and proxies. | | | | | | | | + +--- + +## **Summary of Best Practices** + +1. **Worker & Connection Optimization:** Match workers to CPU cores, increase FD limits, and configure events for high concurrency. +2. **TCP & HTTP Tweaks:** Enable `sendfile`, `tcp_nopush`, and `tcp_nodelay` for low latency and efficient transfers. +3. **Connection Reuse:** Use `keepalive_timeout` and `keepalive_requests` to reduce overhead of repeated connections. +4. **Compression:** Enable gzip with balanced compression for reduced bandwidth usage. +5. **Security & Limits:** Hide Nginx version and set client upload limits to prevent abuse. +6. **Static Content Caching:** Cache static files with long expiry and disable unnecessary logging. +