nginx performance optimization tips sharing

This article shares some nginx performance optimization tips for everyone. It is very practical and I hope it can help friends in need.

1. Very important configuration options for nginx performance optimization

1. worker_processes 8;

The number of nginx processes is recommended to be specified according to the number of cpu, usually a multiple of it ( For example, 2 quad-core CPUs are counted as 8).

2. worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

Allocate cpu to each process. In the above example, 8 processes are allocated to 8 cpu. Of course, you can write more than one. Or allocate a process to multiple CPUs.

3. worker_rlimit_nofile 65535;

This instruction refers to the maximum number of file descriptors opened by an nginx process. The theoretical value should be the maximum number of open files (ulimit -n) and the number of nginx processes. Divide, but nginx allocates requests not so evenly, so it is best to keep it consistent with the value of ulimit -n.

Now the number of open files under the Linux 2.6 kernel is 65535, and worker_rlimit_nofile should be filled in with 65535 accordingly.

This is because the allocation of requests to processes during nginx scheduling is not so balanced, so if you fill in 10240 and the total concurrency reaches 30,000-40,000, the number of processes may exceed 10240, and a 502 error will be returned. .

How to view the Linux system file descriptor:

[root@web001 ~]# sysctl -a | grep fs.file

                    fs.file-max = 789972

                    fs.file-nr = 510 0 789972

4. use epoll;

Use epoll’s I/O model

(Additional explanation:

Similar to apache, nginx has different event models for different operating systems

A) Standard event model

Select and poll belong to the standard event model. If the current There is no more efficient method in the system, nginx will choose select or poll

B) Efficient event model

Kqueue: used in FreeBSD 4.1, OpenBSD 2.9, NetBSD 2.0 and MacOS X. Use dual processing MacOS X systems using kqueue may cause a kernel crash.
Epoll: Used in Linux kernel version 2.6 and later systems.
/dev/poll: used in Solaris 7 11/99, HP/UX 11.22 (eventport), IRIX 6.5.15 and Tru64 UNIX 5.1A.
Eventport: used on Solaris 10. In order to prevent kernel crashes, it is necessary to install security patches. )

5. worker_connections 65535;

The maximum number of connections allowed for each process. Theoretically, the maximum number of connections for each nginx server is worker_processes*worker_connections.

6. keepalive_timeout 60;

keepalive timeout.

7. client_header_buffer_size 4k;

The buffer size of the client request header. This can be set according to your system paging size. Generally, the size of a request header will not exceed 1k, but Since the general system paging is larger than 1k, the paging size is set here.

The paging size can be obtained with the command getconf PAGESIZE.

[root@web001 ~]# getconf PAGESIZE                     4096

But there are also cases where client_header_buffer_size exceeds 4k, but the value of client_header_buffer_size must be set to an integral multiple of the "system paging size".

8. open_file_cache max=65535 inactive=60s;

This will specify the cache for open files. It is not enabled by default. max specifies the number of caches. It is recommended to be consistent with the number of open files. inactive It refers to how long the file is not requested before the cache is deleted.

9. open_file_cache_valid 80s;

This refers to how often to check the cached valid information.

10. open_file_cache_min_uses 1;

The minimum number of uses of the file within the inactive parameter in the open_file_cache instruction. If this number is exceeded, the file descriptor will always be opened in the cache, as in the above example, If a file is not used once within the inactive time, it will be removed.

2. Regarding the optimization of kernel parameters:

net.ipv4.tcp_max_tw_buckets = 6000
timewait 的数量，默认是180000。
net.ipv4.ip_local_port_range = 1024 65000
允许系统打开的端口范围。
net.ipv4.tcp_tw_recycle = 1
启用timewait 快速回收。
net.ipv4.tcp_tw_reuse = 1
开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接。
net.ipv4.tcp_syncookies = 1
开启SYN Cookies，当出现SYN 等待队列溢出时，启用cookies 来处理。
net.core.somaxconn = 262144
web 应用中listen 函数的backlog 默认会给我们内核参数的net.core.somaxconn 限制到128，而nginx 定义的NGX_LISTEN_BACKLOG 默认为511，所以有必要调整这个值。
net.core.netdev_max_backlog = 262144
每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目。
net.ipv4.tcp_max_orphans = 262144
系统中最多有多少个TCP 套接字不被关联到任何一个用户文件句柄上。如果超过这个数字，孤儿连接将即刻被复位并打印出警告信息。这个限制仅仅是为了防止简单的DoS 攻击，不能过分依靠它或者人为地减小这个值，更应该增加这个值(如果增加了内存之后)。
net.ipv4.tcp_max_syn_backlog = 262144
记录的那些尚未收到客户端确认信息的连接请求的最大值。对于有128M 内存的系统而言，缺省值是1024，小内存的系统则是128。
net.ipv4.tcp_timestamps = 0
时间戳可以避免序列号的卷绕。一个1Gbps 的链路肯定会遇到以前用过的序列号。时间戳能够让内核接受这种“异常”的数据包。这里需要将其关掉。
net.ipv4.tcp_synack_retries = 1
为了打开对端的连接，内核需要发送一个SYN 并附带一个回应前面一个SYN 的ACK。也就是所谓三次握手中的第二次握手。这个设置决定了内核放弃连接之前发送SYN+ACK 包的数量。
net.ipv4.tcp_syn_retries = 1
在内核放弃建立连接之前发送SYN 包的数量。
net.ipv4.tcp_fin_timeout = 1
如 果套接字由本端要求关闭，这个参数决定了它保持在FIN-WAIT-2 状态的时间。对端可以出错并永远不关闭连接，甚至意外当机。缺省值是60 秒。2.2 内核的通常值是180 秒，3你可以按这个设置，但要记住的是，即使你的机器是一个轻载的WEB 服务器，也有因为大量的死套接字而内存溢出的风险，FIN- WAIT-2 的危险性比FIN-WAIT-1 要小，因为它最多只能吃掉1.5K 内存，但是它们的生存期长些。
net.ipv4.tcp_keepalive_time = 30
当keepalive 起用的时候，TCP 发送keepalive 消息的频度。缺省是2 小时。

3. Post a complete kernel optimization setting below:

#CentOS5.5中可以将所有内容清空直接替换为如下内容:
vi /etc/sysctl.conf 

   net.ipv4.ip_forward = 0
   net.ipv4.conf.default.rp_filter = 1
   net.ipv4.conf.default.accept_source_route = 0
   kernel.sysrq = 0
   kernel.core_uses_pid = 1
   net.ipv4.tcp_syncookies = 1
   kernel.msgmnb = 65536
   kernel.msgmax = 65536
   kernel.shmmax = 68719476736
   kernel.shmall = 4294967296
   net.ipv4.tcp_max_tw_buckets = 6000
   net.ipv4.tcp_sack = 1
   net.ipv4.tcp_window_scaling = 1
   net.ipv4.tcp_rmem = 4096 87380 4194304
   net.ipv4.tcp_wmem = 4096 16384 4194304
   net.core.wmem_default = 8388608
   net.core.rmem_default = 8388608
   net.core.rmem_max = 16777216
   net.core.wmem_max = 16777216
   net.core.netdev_max_backlog = 262144
   net.core.somaxconn = 262144
   net.ipv4.tcp_max_orphans = 3276800
   net.ipv4.tcp_max_syn_backlog = 262144
   net.ipv4.tcp_timestamps = 0
   net.ipv4.tcp_synack_retries = 1
   net.ipv4.tcp_syn_retries = 1
   net.ipv4.tcp_tw_recycle = 1
   net.ipv4.tcp_tw_reuse = 1
   net.ipv4.tcp_mem = 94500000 915000000 927000000
   net.ipv4.tcp_fin_timeout = 1
   net.ipv4.tcp_keepalive_time = 30
   net.ipv4.ip_local_port_range = 1024 65000

#使配置立即生效可使用如下命令：
 /sbin/sysctl -p

(Learning video sharing: php video tutorial )

4. The following is about the optimization of the number of system connections

linux default open files and max user processes are 1024

#ulimit -n   
    1024
#ulimit Cu   
    1024

Problem description:

Explain that the server only allows 1024 files to be opened at the same time and handles 1024 user processes

Use ulimit -a to view all limit values ​​of the current system, and use ulimit -n to view the current maximum number of open files.

The newly installed Linux only has 1024 by default. When used as a server with a heavy load, it is easy to encounter error: too many open files. Therefore, it needs to be made larger.

Solution:

Using ulimit Cn 65535 can be modified immediately, but it will be invalid after restarting. (Note that ulimit -SHn 65535 is equivalent to ulimit -n 65535, -S refers to soft, and -H refers to hard)

There are three modification methods:

1. In /etc/rc. Add a line of ulimit -SHn 65535
in local. Add a line of ulimit -SHn 65535
3 in /etc/profile. Add at the end of /etc/security/limits.conf:

* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

Specific Which one to use? The first method has no effect in CentOS, the third method has an effect, and the second method has an effect in Debian

      # ulimit -n        65535

      # ulimit -u        65535

Note: The ulimit command itself is divided into software and hardware. Settings, add -H for hard, add -S for soft, the default display is soft limit

soft 限制指的是当前系统生效的设置值。 hard 限制值可以被普通用户降低。但是不能增加。 soft 限制不能设置的比 hard 限制更高。 只有 root 用户才能够增加 hard 限制值。

五、下面是一个简单的nginx 配置文件：

user www www;
          worker_processes 8;
          worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000;
          error_log /www/log/nginx_error.log crit;
          pid /usr/local/nginx/nginx.pid;
          worker_rlimit_nofile 204800;
          events
     {
       use epoll;
       worker_connections 204800;
     }
     http
     {
       include mime.types;
       default_type application/octet-stream;
       charset utf-8;
       server_names_hash_bucket_size 128;
       client_header_buffer_size 2k;
       large_client_header_buffers 4 4k;
       client_max_body_size 8m;
       sendfile on;
       tcp_nopush on;
       keepalive_timeout 60;
       fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
       keys_zone=TEST:10m
       inactive=5m;
       fastcgi_connect_timeout 300;
       fastcgi_send_timeout 300;
       fastcgi_read_timeout 300;
       fastcgi_buffer_size 4k;
       fastcgi_buffers 8 4k;
       fastcgi_busy_buffers_size 8k;
       fastcgi_temp_file_write_size 8k;
       fastcgi_cache TEST;
       fastcgi_cache_valid 200 302 1h;
       fastcgi_cache_valid 301 1d;
       fastcgi_cache_valid any 1m;
       fastcgi_cache_min_uses 1;
       fastcgi_cache_use_stale error timeout invalid_header http_500;
       open_file_cache max=204800 inactive=20s;
       open_file_cache_min_uses 1;
       open_file_cache_valid 30s;
       tcp_nodelay on;
       gzip on;
       gzip_min_length 1k;
       gzip_buffers 4 16k;
       gzip_http_version 1.0;
       gzip_comp_level 2;
       gzip_types text/plain application/x-javascript text/css application/xml;
       gzip_vary on;
       server
       {
         listen 8080;
         server_name backup.aiju.com;
         index index.php index.htm;
         root /www/html/;
         location /status
         {
           stub_status on;
         }
                  location ~ .*/.(php|php5)?$
         {
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;
          include fcgi.conf;
         }
           location ~ .*/.(gif|jpg|jpeg|png|bmp|swf|js|css)$
         {
          expires 30d;
         }
               log_format access '$remote_addr — $remote_user [$time_local] "$request" '
         '$status $body_bytes_sent "$http_referer" '
         '"$http_user_agent" $http_x_forwarded_for';
         access_log /www/log/access.log access;
       }
     }

六、关于FastCGI 的几个指令：

fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10minactive=5m;
这个指令为FastCGI 缓存指定一个路径，目录结构等级，关键字区域存储时间和非活动删除时间。
fastcgi_connect_timeout 300;
指定连接到后端FastCGI 的超时时间。
fastcgi_send_timeout 300;
向FastCGI 传送请求的超时时间，这个值是指已经完成两次握手后向FastCGI 传送请求的超时时间。
fastcgi_read_timeout 300;
接收FastCGI 应答的超时时间，这个值是指已经完成两次握手后接收FastCGI 应答的超时时间。
fastcgi_buffer_size 4k;
指定读取FastCGI 应答第一部分需要用多大的缓冲区，一般第一部分应答不会超过1k，由于页面大小为4k，所以这里设置为4k。
fastcgi_buffers 8 4k;
指定本地需要用多少和多大的缓冲区来缓冲FastCGI 的应答。
fastcgi_busy_buffers_size 8k;
这个指令我也不知道是做什么用，只知道默认值是fastcgi_buffers 的两倍。
fastcgi_temp_file_write_size 8k;
在写入fastcgi_temp_path 时将用多大的数据块，默认值是fastcgi_buffers 的两倍。
fastcgi_cache TEST
开启FastCGI 缓存并且为其制定一个名称。个人感觉开启缓存非常有用，可以有效降低CPU 负载，并且防止502 错误。
fastcgi_cache_valid 200 302 1h;fastcgi_cache_valid 301 1d;fastcgi_cache_valid any 1m;
为指定的应答代码指定缓存时间，如上例中将200，302 应答缓存一小时，301 应答缓存1 天，其他为1 分钟。
fastcgi_cache_min_uses 1;
缓存在fastcgi_cache_path 指令inactive 参数值时间内的最少使用次数，如上例，如果在5 分钟内某文件1 次也没有被使用，那么这个文件将被移除。
fastcgi_cache_use_stale error timeout invalid_header http_500;
不知道这个参数的作用，猜想应该是让nginx 知道哪些类型的缓存是没用的。以上为nginx 中FastCGI 相关参数，另外，FastCGI 自身也有一些配置需要进行优化，如果你使用php-fpm 来管理FastCGI，可以修改配置文件中的以下值：
<value name=”max_children”>60</value>
同时处理的并发请求数，即它将开启最多60 个子线程来处理并发连接。
<value name=”rlimit_files”>102400</value>
最多打开文件数。
<value name=”max_requests”>204800</value>
每个进程在重置之前能够执行的最多请求数。

相关推荐：nginx教程

The above is the detailed content of nginx performance optimization tips sharing. For more information, please follow other related articles on the PHP Chinese website!