Raju Ginni

wordpress tutorials seo hosting etc

You are here: Home / nginx server tutorials (installation, configuration, performance tuning, security) / nginx conf explained best config file performance tuning tips nginx.conf location errors tutorial

nginx conf explained best config file performance tuning tips nginx.conf location errors tutorial

nginx conf tutorial nginx conf location nginx conf file settings and more faqs on nginx conf file.

What nginx.conf and how to configure it?

it’s a settings file for whole nginx server. with this we can boost performance in large server to efficiently use hardware resources.

 

worker process: should be equal to number cores of the server. you can set auto to pick up whatever cores available.

worker connection: 1024 unlike (apache one process /connection) one single threaded worker handle multiple connection without blocking.

modules dynamic vs static in nginx

static Module deployed at the time of installation, while dynamic just like apache (has to compile after live server. also you can also compile another server /pc with same version of linux os and nginx.)

 

  1. rate limiting: limiting preventing brute force attacks.
  2. proxy buffers: when it used a proxy server ex: apache backend.  limits how much data to store as cache
  3. gzip /brotil or compression
  4. upload file size: it should be match php max upload size and nginx client max body size.
  5. timeouts: php to nginx communication time.
  6. log rotation : error log useful to know the errors and monitor resources
  7. fastcgi cache: very important to boost the performance for static sties.
  8. SSL Configuration: there are default setting available with nginx itself (also see ssl performance tuning).

 

Tuning a Nginx Serer or lemp stack

Not standalone nginx.conf helps to tweak performance of whole serer in LEMP stack.

we need Linux performance, Mysql Performance and php -fpm and available resources CPU & RAM SSD IO

read more on nginx performance tuning tweaks

Nginx conf file explained

3 blocks

http {

global config

}

Server {

Domain level

}

Location {

Directory level

}

 

nginx conf location

The main nginx conf file located at

/etc/nginx/nginx.conf

other configuration may goes in  /etc/nginx/conf.d folder

useful to store user defined config files, sometimes while update or installing fresh old nginx.conf may overwrites. so its better idea to keep config files

in different folder easy to manage and readable.

ex: fastcgi.conf, ssl.conf, security.conf limits.conf

you can store different configurations in /etc/nginx/conf.d/ folder

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 100000;
#load_module modules/ngx_pagespeed.so;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}

http {
index index.php index.html index.htm;

# nginx conf file Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
sendfile_max_chunk 512;
keepalive_timeout 300;
keepalive_requests 100000;
types_hash_max_size 2048;
server_tokens off;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# nginx conf file  SSL Settings
##

#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;

#rate limit zone

limit_req_zone $binary_remote_addr zone=one:10m rate=3r/m;

#buffers

client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 32k;
large_client_header_buffers 16 256k;
output_buffers 1 32k;
postpone_output 1460;
#Porxy buffers
proxy_buffer_size 256k;
proxy_buffers 8 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 2048m;
proxy_temp_file_write_size 2048m;

## fast cgi Php
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;

#static caching css/js/img

open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;

#timeouts

client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;

#rate limiting

##

# nginx conf file Logging Settings
##

log_format main_ext ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for” ‘
‘”$host” sn=”$server_name” ‘
‘rt=$request_time ‘
‘ua=”$upstream_addr” us=”$upstream_status” ‘
‘ut=”$upstream_response_time” ul=”$upstream_response_length” ‘
‘cs=$upstream_cache_status’ ;

#access_log /var/log/nginx/access.log main_ext;
error_log /var/log/nginx/error.log warn;   Read more on nginx error log & common errors

 

##
# Gzip Settings #brotil
##

gzip on;
gzip_disable “msie6”;

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-font-ttf font/opentype image/svg+xml image/x-icon;
##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

 

# system 4cores 8threds 32gb ram handle to 50000r/s
# file: '/etc/nginx/nginx.conf'
#
user www-data;
worker_processes 8;
worker_priority -15;
pid /var/run/nginx.pid;
worker_rlimit_nofile 400000;
timer_resolution 10000ms;

events {
	worker_connections 20000;
	use epoll;
	multi_accept on;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 120;
	keepalive_requests 100000;
	client_max_body_size 128M;
	client_body_timeout   40;
	client_header_timeout 40;
	client_body_buffer_size 128k;
        client_header_buffer_size 8k;
	connection_pool_size 8192;
	request_pool_size 16k;
	server_names_hash_max_size 2048;
	server_names_hash_bucket_size 2048;
	types_hash_max_size 4086;
	server_tokens off;
	resolver 127.0.0.1;
	resolver_timeout 3s;
	reset_timedout_connection on;
	send_timeout 60;

 	open_file_cache max=400000 inactive=30s; 
 	open_file_cache_valid    60s; 
 	open_file_cache_min_uses 2;
 	open_file_cache_errors   on;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /dev/null;
        error_log /dev/null;
	include /etc/nginx/conf.d/*;
}

nginx conf file  Virtual host example (SSL) server block

#
# file '/etc/nginx/sites-enabled/example.conf'
#
server {
     listen 0.0.0.0:443 rcvbuf=64000 sndbuf=120000 backlog=20000 ssl http2;
     server_name example.com www.example.com;
     keepalive_timeout         60;
     ssl                       on;
     ssl_protocols             TLSv1.2 TLSv1.1 TLSv1;
     ssl_ciphers               'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4';
     ssl_prefer_server_ciphers on;
     ssl_session_cache         shared:TLSSL:30m;
     ssl_session_timeout       10m;
     ssl_buffer_size 	       32k;
     ssl_certificate           /etc/letsencrypt/live/example.com/fullchain.pem;
     ssl_certificate_key       /etc/letsencrypt/live/example.com/privkey.pem;
     ssl_dhparam 	       /etc/ssl/certs/dhparam.pem;
     more_set_headers          "X-Secure-Connection: true";
     add_header                Strict-Transport-Security max-age=315360000;
     root		       /var/www;

location / {
     root /var/www;
     index index.php index.html;
 }

location ~ .php$ {
     fastcgi_keep_conn on;
     fastcgi_pass   unix:/run/php5.6-fpm.sock;
     fastcgi_index  index.php;
     fastcgi_param  SCRIPT_FILENAME /var/www$fastcgi_script_name;
     include fastcgi_params;
     fastcgi_intercept_errors off;
     fastcgi_buffer_size 32k;
     fastcgi_buffers 32 32k;
     fastcgi_connect_timeout 5;
 }

location ~* ^.+.(jpg|jpeg|gif|png|svg|ico|css|less|xml|html?|swf|js|ttf)$ {
     root /var/www;
     expires 10y;
 }
}

 

nginx conf without server name

by default nginx.conf comes without server name.

you have to configure server blocks for your websites at site-enabled or available location.

and include those settings in nginx conf http block.

you should aware of http, server and location hierarchy , variable placement locations.

server directive is not allowed here in /etc/nginx/nginx.conf

this means nginx conf is a top level configuration for your server. you have configure spersatelt for your server in site-available or conf.d location.

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

this will automatically read by nginx conf file.

 

nginx configuration file /etc/nginx/nginx.conf test failed

 

if you run the nginx config test command nginx -t 

or you may try to reload nginx server  nginx -s reload

you wget the above error, you need to correct syntax errors in following line as indicated along with error.

 

Conclusion:

I guess you may understood the basic concept of nginx.conf and how optimize it by increasing limits. for better understanding you must read the nginx performance tuning,  php -fpm performance tuning, mysql performance tuning, linux performance tuning. also apache performance tuning,

nginx as reverse proxy and load balancer.