Introduction to places where nginx can be optimized

This article brings you an introduction to the places where nginx can be optimized. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

worker_processes 8;

nginxThe number of processes is recommended to be specified according to the number of cpu, which is usually a multiple of it.

 worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

Assign cpu to each process. In the above example, 8 The process is assigned to 8cpu. Of course, you can write multiple, or assign one process to multiple cpu.

 worker_rlimit_nofile 102400;

This command refers to the maximum number of file descriptors opened by a nginx process. The theoretical value should be the maximum number of open files ( ulimit n) is divided by the number of nginx processes, but nginx allocates requests It's not that uniform, so it's better to keep it consistent with the value of ulimit n.

 use epoll;

Using the I/O model of epoll, needless to say this .

 worker_connections 102400;

The maximum number of connections allowed by each process. Theoretically, the maximum number of connections for each nginx server isworker_processes*worker_connections.

 keepalive_timeout 60;

keepaliveTimeout.

client_header_buffer_size 4k;

The buffer size of the client request header. This can be set according to the paging size of your system. Generally, the header size of a request will not exceed 1k , However, since the general system paging is larger than 1k , so the paging size is set here. The paging size can be obtained with the command getconf PAGESIZE.

 open_file_cache max=102400 inactive=20s;

This will specify the cache for open files. It is not enabled by default. maxSpecifies the number of caches. It is recommended to be the same as the number of open files. Sincerely, inactive refers to how long the file has not been requested before the cache is deleted.

 open_file_cache_valid 30s;

This refers to how often to check cached valid information.

 open_file_cache_min_uses 1;

open_file_cache#inactiveThe minimum number of times the file is used within the parameter time in the directive, if this number is exceeded, The file descriptor is always

open in the cache. If a file is not used once in inactive time, it will was removed.

Optimization of kernel parameters

net.ipv4.tcp_max_tw_buckets = 6000

number of timewait , the default is 180000.

net.ipv4.ip_local_port_range = 1024 65000

The port range allowed to be opened by the system.

net.ipv4.tcp_tw_recycle = 1

EnabletimewaitFast recycling.

net.ipv4.tcp_tw_reuse = 1

Enable reuse. Allow TIMEWAIT sockets to be reused for new TCP connections.

net.ipv4.tcp_syncookies = 1

EnableSYN Cookies, when # appears ##SYNEnable cookies to handle when waiting for the queue to overflow.

net.core.somaxconn = 262144

webIn applicationlisten The function’s backlogdefaults to the net.core.somaxconn that will limit our kernel parameters to 128, and nginxdefinitionNGX_LISTEN_BACKLOGdefaults to 511, so it is necessary to adjust this value. net.core.netdev_max_backlog = 262144

When each network interface receives packets faster than the kernel can process those packets, The maximum number of packets allowed to be sent to the queue.

net.ipv4.tcp_max_orphans = 262144

The maximum number of

TCP The socket is not associated with any user file handle. If this number is exceeded, the orphan connection will be reset immediately and a warning message will be printed. This limit is only to prevent simple DoS attacks. You cannot rely too much on it or artificially reduce this value. You should increase this value( If you increase the memory). net.ipv4.tcp_max_syn_backlog = 262144

The maximum value of recorded connection requests that have not yet received client confirmation information. For systems with

128M memory, the default value is 1024, and for systems with small memory it is 128. net.ipv4.tcp_timestamps = 0

Time stamps can avoid sequence number wrapping. A

1Gbps link will definitely encounter a previously used sequence number. The timestamp allows the kernel to accept such "Exception" data packets. It needs to be turned off here. net.ipv4.tcp_synack_retries = 1

In order to open the connection to the peer, the kernel needs to send a

SYNAnd comes with a ACK that responds to the previous SYN. This is the second handshake in the so-called three-way handshake. This setting determines the number of SYN ACK packets sent before the kernel abandons the connection. net.ipv4.tcp_syn_retries = 1

在内核放弃建立连接之前发送SYN包的数量。

net.ipv4.tcp_fin_timeout = 1

如果套接字由本端要求关闭，这个参数决定了它保持在FIN­WAIT­2状态的时间。对端可以出错并永远不关 闭连接，甚至意外当机。缺省值是60秒。2.2 内核的通常值是180秒，你可以按这个设置，但要记住的是， 即使你的机器是一个轻载的WEB服务器，也有因为大量的死套接字而内存溢出的风险，FIN­ WAIT­2的危 险性比FIN­WAIT­1要小，因为它最多只能吃掉1.5K内存，但是它们的生存期长些。

net.ipv4.tcp_keepalive_time = 30

当keepalive起用的时候，TCP发送keepalive消息的频度。缺省是2小时。

一个完整的内核优化配置

 net.ipv4.ip_forward = 0
 net.ipv4.conf.default.rp_filter = 1
 net.ipv4.conf.default.accept_source_route = 0

 kernel.sysrq = 0
 kernel.core_uses_pid = 1
 net.ipv4.tcp_syncookies = 1
 kernel.msgmnb = 65536
 kernel.msgmax = 65536
 kernel.shmmax = 68719476736
 kernel.shmall = 4294967296
 net.ipv4.tcp_max_tw_buckets = 6000
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_rmem = 4096    87380    4194304
 net.ipv4.tcp_wmem = 4096    16384    4194304
 net.core.wmem_default = 8388608
 net.core.rmem_default = 8388608
 net.core.rmem_max = 16777216
 net.core.wmem_max = 16777216

 net.core.netdev_max_backlog = 262144
 net.core.somaxconn = 262144
 net.ipv4.tcp_max_orphans = 3276800
 net.ipv4.tcp_max_syn_backlog = 262144
 net.ipv4.tcp_timestamps = 0
 net.ipv4.tcp_synack_retries = 1
 net.ipv4.tcp_syn_retries = 1

The above is the detailed content of Introduction to places where nginx can be optimized. For more information, please follow other related articles on the PHP Chinese website!