Optimization (configuration file) in nginx instructions

worker_processes 8;

The number of nginx processes, it is recommended to specify according to the number of cpu, generally a multiple of it. worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

assigned to each process cpu, the Example 8 in the process assigned to 8 cpu, of course, one could write, or assign to a plurality of process Cpu. Worker_rlimit_nofile 102400;

This command refers to the maximum number of file descriptors opened when an nginx process is opened. The theoretical value should be the maximum number of open files (ulimit -n) divided by the number of nginx processes, but nginx allocates requests and Not so uniform, so it's best to match the value of ulimit -n. Use epoll;

Using epoll's I/O model, this needless to say. Worker_connections 102400;

The maximum number of connections allowed per process. In theory, the maximum number of connections per nginx server is worker_processes*worker_connections. Keepalive_timeout 60;

keepalive timeout. Client_header_buffer_size 4k;

The size of the buffer of the client request header, this can be set according to your system paging size, generally the size of a request header will not exceed 1k, but because the general system paging is greater than 1k, so set here to page size. The page size can be obtained with the command getconf PAGESIZE. Open_file_cache max=102400 inactive=20s;

This will specify the cache for the open file. The default is not enabled. max specifies the number of caches. It is recommended to match the number of open files. Inactive refers to how long the file has not been. Delete the cache after being requested. Open_file_cache_valid 30s;

This is how long it takes to check the cache for valid information. Open_file_cache_min_uses 1;

The minimum number of times the file is used in the inactive parameter time in the open_file_cache directive. If this number is exceeded, the file descriptor is always opened in the cache. For example, if there is a file in inactive time It will be removed once it is not used.

Optimization of kernel parameters net.ipv4.tcp_max_tw_buckets = 6000

The number of timewaits, the default is 180000. net.ipv4.ip_local_port_range = 1024 65000

allows the system to open a range of ports. Net.ipv4.tcp_tw_recycle = 1

Enable timewait fast reclamation. Net.ipv4.tcp_tw_reuse = 1

Enable reuse. Allows TIME-WAIT sockets to be reused for new TCP connections. net.ipv4.tcp_syncookies = 1

Cookies open SYN, SYN queue when overflow occurs, enable cookies processed. Net.core.somaxconn = 262144

The backlog of the listen function in the web application will limit the net.core.somaxconn of the kernel parameter to 128 by default, and the NGX_LISTEN_BACKLOG defined by nginx defaults to 511, so it is necessary to adjust this. value. Net.core.netdev_max_backlog = 262144

The maximum number of packets allowed to be sent to the queue when each network interface receives packets at a faster rate than the kernel processes them. Net.ipv4.tcp_max_orphans = 262144

The maximum number of TCP sockets in the system is not associated with any user file handle. If this number is exceeded, the orphan connection will be reset immediately and a warning message will be printed. This restriction is only to prevent a simple DoS attack, not to rely too much on it or artificially reduce this value, but should increase this value (if memory is added). Net.ipv4.tcp_max_syn_backlog = 262144

The maximum number of connection requests logged that have not yet received client acknowledgment information. For systems with 128M memory, the default is 1024, and for small memory systems is 128. Net.ipv4.tcp_timestamps = 0

Timestamps avoid the winding of serial numbers. A 1Gbps link will definitely encounter a serial number that was previously used. The timestamp allows the kernel to accept this "exception" packet. I need to turn it off here. Net.ipv4.tcp_synack_retries = 1

In order to open the peer connection, the kernel needs to send a SYN with an ACK that responds to the previous SYN. This is the second handshake in the so-called three-way handshake. This setting determines the number of SYN+ACK packets sent before the kernel abandons the connection. Net.ipv4.tcp_syn_retries = 1

The number of SYN packets sent before the kernel abandons the connection. Net.ipv4.tcp_fin_timeout = 1

If the socket is requested by the local end, this parameter determines when it stays in the FIN-WAIT-2 state. The peer can make mistakes and never close the connection, or even crash unexpectedly. The default is 60 seconds. 2.2 The usual value of the kernel is 180 seconds, you can press this setting, but keep in mind that even if your machine is a light-loaded WEB server, there is a risk of memory overflow due to a large number of dead sockets, FIN- WAIT-2 is less dangerous than FIN-WAIT-1 because it can only eat up to 1.5K of memory, but they have a longer lifetime. Net.ipv4.tcp_keepalive_time = 30

When the keepalive is used, the frequency at which TCP sends keepalive messages. The default is 2 hours.

a full kernel Optimization net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.default.accept_source_route = 0kernel.sysrq = 0kernel. core_uses_pid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536kernel.shmmax = 68719476736kernel.shmall = 4294967296net.ipv4.tcp_max_tw_buckets = 6000net.ipv4.tcp_sack = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_rmem = 4096 87380 4194304net.ipv4.tcp_wmem = 4096 16384 4194304net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.core.netdev_max_backlog = 262144net.core.somaxconn = 262144net.ipv4.tcp_max_orphans = 3276800net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_timestamps = 0net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_time = 30net.ipv4.ip_local_port_range = 1024 65000

A simple nginx optimization configuration file

user www www;worker_processes 8;worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000;