Source: www.zcfy.cc/article/10-tips-for-10x-application-performance-nginx-22.html

Original: www.nginx.com/blog/10-tip…

Improving the performance of Web applications has never been more urgent.

The proportion of economic activity online is increasing, with more than 5 per cent of economic activity already online even in developing countries (see resources later in this article for relevant figures). In this hyperconnected, always-on modern world, users’ expectations are far from what they once were. If your website doesn’t respond immediately and your app doesn’t run immediately, users will turn around and defect to your competitors.

A study by Amazon about a decade ago showed that a tenth of a second of page load time could increase revenue by 1%. Another recent survey found that more than half of site owners surveyed reported losing revenue or users because of poor app performance.

How fast is a website? For every second a page takes to load, about 4% of users leave. The top ecommerce sites had the highest conversion rates, with their first interaction taking between one and three seconds. Clearly, the importance of Web application performance is growing.

It’s not hard to improve performance, it’s hard to see the results. Here are 10 tips for improving website performance by approximately 10 times. This is the first time performance tuning techniques have been covered so comprehensively, but these recommendations may need a little support from NGINX. In addition to performance, these recommendations will also involve improving security.

Tip 1: Use a reverse proxy server for faster and more secure applications

If your Web application runs on only one machine, improving its performance is simple: switch to a faster one, with more processors, more memory, and a faster disk array. WordPress servers, Node.js, or Java applications running on this machine will all be faster. (If the application also has access to another database server, that’s easy: connect two faster machines over a faster network.)

The trouble is that machine speed is not an issue. A lot of times Web applications are slow because they have to switch between handling thousands of connected user requests, reading and writing files to disk, running the application’s code, and doing something else. The application server can therefore run out of memory, swap files, or have many requests waiting for a task such as disk I/O.

Instead of upgrading your hardware, you can take an entirely different approach: add a reverse proxy server and share some of the tasks mentioned above. The reverse proxy server is located in front of the machine running the application and handles requests from the external network. The reverse proxy server is directly connected to the Internet and communicates with the application server over a fast internal network.

A reverse proxy server allows the application server to focus on building pages that the reverse proxy sends to the Internet, regardless of user interaction with the application. Without waiting for a response from the client, the application server can run at near-optimal speeds.

Adding a reverse proxy server also adds flexibility to the Web server. For example, if the server performing a particular task becomes overloaded, you can always add another one. And if the server fails, it’s easy to replace it.

Given this flexibility, reverse proxy servers are often also a prerequisite for other performance tuning techniques, such as:

  • Load balancing (for details, see Suggestion 2) : The reverse proxy server runs the load balancing service to evenly distribute traffic to several ass. With load balancing, adding an application server requires no application modification at all.

  • Cache static files (see “Suggestion 3”), files that can be requested directly, such as images or code, can be stored in the reverse proxy server for direct delivery to the client. Not only can you respond to requests more quickly, but you can also lighten the load on the application server and speed it up.

  • To ensure site security, you can configure a reverse proxy server to improve its security level and monitor the reverse proxy server to quickly identify and respond to attacks, thereby preserving the security of application servers.

NGINX is specifically designed to use reverse proxy servers that naturally support these optimizations. NGINX is more efficient than traditional servers because of its event-driven processing mechanism. NGINX Plus adds higher-end reverse proxy features such as application health checks, specific request routing, advanced caching, and after-sale support.

Suggestion 2: Add a load balancing server

Adding load balancing servers is relatively simple, but can significantly improve site performance and security. It distributes traffic to multiple servers, eliminating the need to upgrade the Web server. Even if the application itself is poorly written or difficult to scale, load balancing can improve the user experience without making other changes.

The load balancer is first and foremost a reverse proxy server (see “Suggestion 1”) that forwards requests from the Internet to other servers. The key here is that the load balancing server can support more than two application servers, using a selection algorithm to distribute requests between different servers. The simplest load balancing algorithm is cyclic scheduling, where new requests are forwarded in turn to the next available server. Other algorithms send requests to the server with the fewest active connections. NGINX Plus supports a feature that keeps user sessions on the same server, called session persistence.

A load balancing server can greatly improve performance by preventing one server from being overloaded while the other servers are idle. It also makes it easier to scale up Web servers because you can choose cheaper ones and still get the most out of them.

Protocols that can be scheduled through load balancing include HTTP, HTTPS, SPDY, HTTP/2, WebSocket, FastCGI, SCGI, UWSgi, memcached, and other application forms, including TCP-based applications and other Layer 4 protocols. To do this, first analyze your Web application to see where the performance gaps are, and then decide which one to use.

The same server or server used for load balancing can also undertake other tasks, such as SSL termination, HTTP/1/ X or HTTP/2 support depending on the client, and caching static files.

NGINX is often used for load balancing. For more information, please refer to our introductory articles, configuration articles, e-books and online videos, and of course documentation. Our commercial version of NGINX Plus supports more load balancing features, such as routing load based on server response time and load balancing with Microsoft NTLM protocol support.

Suggestion 3: Cache static and dynamic content

Caching can improve Web application performance because content can be delivered to clients faster. Caching strategies include preprocessing content, storing content on faster devices, keeping content close to clients, and applying all of these strategies together.

There are two kinds of caches.

  • Static content caches, infrequently changing files such as images (JPEG, PNG) and code (CSS, JavaScript), can be kept in edge servers for quick retrieval from content or disk.

  • Dynamic content caching, where many Web applications generate new HTML for each page request and cache each GENERATED HTML for a short period of time, can significantly reduce the total number of pages that need to be generated while still delivering fresh content.

If a page is viewed 10 times per second and you cache it for 1 second, 90% of requests to that page will be cached. If you cache static content separately, chances are that even newly generated pages will come mostly from cached content.

There are three main techniques for caching content generated by Web applications.

  • Place content close to the user. Close to the user, low transmission time.
  • Put your content on a faster machine. Fast machine, fast retrieval.
  • Take content away from overused machines. Sometimes machines are much slower than when they are focused on a particular task because there are too many distractions. Moving content to other machines at this point benefits not only cached content but also uncached content, since the burden on the host hosting it is reduced.

Caching of Web applications can be implemented inside or outside the Web application server. First, consider caching dynamic content to reduce the load on the application server. Second, caching is used for static content, including temporary copies of content that are dynamically generated, further reducing the burden on the application server. Then, consider moving the cache to another machine that is faster or closer to the user, reducing the load on the application server and shortening the transfer time.

Good caching can significantly speed up the response time of your application. For many web pages, static data, such as large images, often make up more than half the content. Without caching, querying and transferring this kind of data can take several seconds, whereas with caching it can take a fraction of a second.

As an example of how caching is used, NGINX and NGINX Plus use two directives to set the cache: proxy_cache_path and proxy_cache specify the location and size of the cache, the maximum cache duration, and other parameters. The third (and popular) directive, proxy_cache_use_stale, can even tell the server whose cache is supposed to serve fresh content to be too busy or down to serve old files, which is better for the client than not getting the content at all. From a user perspective, this will also give you the impression that your site or application is stable.

NGINX Plus supports advanced caching functions, including caching purging and real-time monitoring by visualizing cache status on the dashboard.

To learn more about Caching in NGINX, see the Reference documentation and NGINX Content Caching in the NGINX Plus Admin Guide.

Note: Caching involves development, decision making, and operations, and a good caching strategy, like the one mentioned in this article, can be valuable from a DevOps perspective. In other words, developers, architects, and operations staff work together to ensure the functionality, response time, security, and business goals of a site.

Suggestion 4: Compress data

Compression can also greatly improve performance. There are mature and efficient compression standards for images, videos, music, etc. (JPEG and PNG, MPEG-4, MP3), each of which can reduce file size by an order of magnitude or more.

Text files, including HTML (plain text and HTML tags), CSS, and JavaScript code, are often transferred without compression. Compressing this data can be particularly useful for improving the perceived performance of Web applications, especially when mobile users have slow and unstable networks.

Because text data is necessary to support page interaction, multimedia data is the icing on the cake. Smart content compression can reduce HTML, JavaScript, CSS and other text content by more than 30%, thus reducing load times accordingly.

If you use SSL, compression can reduce the amount of data that must be SSL-encoded, compensating for the CPU time spent compressing the data.

There are many ways to compress data. For example, the section on HTTP/2 in Recommendation 6 describes a novel approach to compression that is particularly suited to header compression. Another example of text compression is that you can turn on GZIP compression in NGINX. After precompressing the text data, you can send the.gz file directly using the gzip_static directive.

Suggestion 5: Optimize SSL/TLS

More and more websites are using Secure Sockets Layer (SSL) and later Transport Layer Security (TLS) protocols. SSL/TLS improves website security by encrypting data sent from the source server to the user. Google’s promotion of search engine rankings for sites using SSL/TLS will give this process a big boost.

Despite the increasing adoption rate, SSL/TLS is also a performance penalty that plagues many sites. SSL/TLS slows down websites for two reasons.

  1. An encryption key must be created each time the initial handshake of a new connection is opened, and this problem is further exacerbated by the way browsers make multiple connections to each server using HTTP/1.x.

  2. Server-side encryption of data and client-side decryption of data are also overhead.

To encourage the use of SSL/TLS, the authors of HTTP/2 and SPDY (see Recommendation 6) designed these protocols so that the browser would only establish one connection for one session. This eliminates one of the two main causes of SSL’s performance degradation. However, when it comes to optimizing SSL/TLS performance, there is still a lot you can do.

The approach to optimizing SSL/TLS varies from Web server to Web server. NGINX, for example, uses OpenSSL, runs on ordinary machines and provides performance close to that of custom machines. NGINX SSL Performance details how to minimize the overhead of SSL/TLS encryption and decryption.

In addition, there is an article that describes many ways to improve SSL/TLS performance. To sum up briefly, the main technologies involved are as follows.

  • Session caching. usessl_session_cacheThe command enables caching, which caches parameters used for each SSL/STL connection.
  • Session ticket or ID. Save information for a particular SSL/TLS session as a session ticket or ID for connection reuse without having to re-handshake.
  • OCSP envelope. Reduce handshake time by caching SSL/TLS certificate information.

Both NGINX and NGINX Plus can be used to terminate SSL/TLS, that is, handle encryption and decryption of client messages while maintaining plaintext communication with other servers. Setting up to handle SSL/TLS terminations in NGINX or NGINX Plus can take these steps. For using NGINX Plus on servers that accept TCP connections, see the setup steps here.

Tip 6: Implement HTTP/2 or SPDY

Sites that already use SSL/TLS are likely to improve performance if they use HTTP/2 or SPDY, since only one handshake is required for a connection. Switching to SSL/TLS for sites that do not already use SSL/TLS, HTTP/2, and SPDY (which typically degrades performance) can be a step backwards in terms of response time.

Google started the SPDY project in 2012 with the goal of achieving faster speeds over HTTP/1.x. HTTP/2 is a spDy-based standard recently approved by the IETF. SPDY is widely supported, but will soon be replaced by HTTP/2.

The key to SPDY and HTTP/2 is to use only one connection, not multiple. This one connection is multiplexed and therefore can host multiple requests and responses simultaneously.

Maintaining only one connection saves the setup and administration overhead of multiple connections. And a connection is particularly important for SSL because it minimizes the handshake time required by SSL/TLS to establish a secure connection.

The SPDY protocol requires SSL/TLS. HTTP/2 is not officially required, but all current browsers that support HTTP/2 will only use it if SSL/TLS is enabled. In other words, a browser that supports HTTP/2 will only use HTTP/2 if the site uses SSL and the server accepts HTTP/2 traffic. Otherwise, the browser will communicate over HTTP/1.x.

With SPDY or HTTP/2 implemented, the previous performance optimizations for HTTP, such as domain sharding, resource merging, and image sprites, are not needed. It also simplifies code and deployment. See our white paper on what changes HTTP/2 will bring.

GINX has long supported SPDY, and most sites that use SPDY today are running NGINX. NGINX was also the first to support HTTP/2. In September 2015, NGINX Open Source and NGINX Plus began supporting HTTP/2.

Over time, NGINX expects most sites to enable SSL and migrate to HTTP/2. Not only does this make your site more secure, but with new optimization techniques emerging, you can also achieve higher performance with simple code.

Suggestion 7: Upgrade software

One simple way to improve application performance is to select software based on reliability and performance. In addition, developers of high-quality components are more likely to continuously improve performance and fix problems, so it is cost-effective to use the latest stable release. New releases will get more attention from developers and users, and will also take advantage of new compiler optimization techniques, including tuning for new hardware.

The newly released stable version has significantly higher performance than the older version. Keeping up with upgrades can also keep you up to date with tuning, bug fixes, and security alerts.

Not updating your software also prevents you from taking advantage of new capabilities. For example, HTTP/2 currently requires OpenSSL 1.0.1. Beginning in the second half of 2016, HTTP/2 will require OpenSSL 1.0.2, which was released in January 2015.

NGINX users can start with the latest version of the NGINX open source software or NGINX Plus, which supports socket sharing, thread pooling (see below), and continuous performance optimization. So take a look at your software and try to upgrade it to the latest version.

Tip 8: Tune Linux

Linux is the underlying operating system for most Web servers today, and as the foundation of any infrastructure, Linux is critical to improving performance. By default, many Linux systems are conservative and desktop-only, tuned to consume a small amount of resources. For Web applications, you definitely need to re-tune for optimal performance.

Linux optimization varies by Web server. Taking NGINX as an example, consider the following aspects.

  • The stock of the queue. If you find that some connections are not being processed, you can increase themnet.core.somaxconn, the maximum number of connections waiting to be processed by NGINX. If the connection limit is too small, you should see error messages, and you can gradually increase the value until the error messages no longer appear.
  • File descriptor. NGINX uses a maximum of two file descriptors per connection. If the system serves many connections, the system-level limit on descriptors sys.fs.file_max and the user-file descriptor limit nofile may need to be increased to support the increased load.
  • Temporary port. When used as a proxy, NGINX creates temporary ports for each upstream server. You can set thenet.ipv4.ip_local_port_range, increases the range of port values to increase the number of available ports. In addition, it can be reducednet.ipv4.tcp_fin_timeoutValue, which controls the wait time for inactive ports to release for reuse, speeding turnover.

For NGINX, refer to the NGINX Performance Tuning Guide to learn how to optimize your Linux system to support greater throughput with little effort.

Recommendation 9: Tune the Web server

No matter what Web server you use, you need to tune it for your application. The following recommendations apply to any Web server, but will give nGINX-only setup instructions.

  • Access log. Instead of writing every request log to disk immediately, make a cache in memory and batch load. For NGINX, willbuffer=_size_Parameter added toaccess_logInstruction to wait until the memory buffer is full before writing the log to disk. If you addflush=timeParameter, the contents of the buffer will also be written to disk at the specified time.
  • The buffer. Buffering is used to hold part of the response in memory until the buffer is filled, enabling a more efficient response to the client. Responses that cannot be written to memory are written to disk, which degrades performance. Can be used when NGINX buffering is enabledproxy_buffer_sizeandproxy_buffersInstructions to manage it.
  • Client active connection. Active connections can reduce time consumption, especially if SSL/TLS is used. For NGINX, it can be improved for clientskeepalive_requestsThe default value is 100; It can also increasekeepalive_timeoutTo make the active connection last longer, allowing faster response to subsequent requests.
  • Upstream active connections. Upstream connections, that is, connections to application servers and database servers, also benefit from the setup of active connections. For upstream connections, you can increase the number of active connections, that is, the number of idle active connections available to each worker process. This increases connection reuse and reduces reopening of connections. For more information on active links, please refer to this blog.
  • limit. Limiting the resources used by clients improves performance and security. For NGINX,limit_connandlimit_conn_zoneInstruction limits the number of connections to the specified source, whilelimit_rateLimit bandwidth. These Settings prevent legitimate users from “appropriating” resources and also help prevent attacks.limit_reqandlimit_req_zoneDirectives restrict client requests. For connections to upstream servers, this can be used in the server directive in the upstream configuration areamax_connsParameter, which limits connections to upstream servers to prevent overloads. The associated queue instruction creates a queue in themax_connsLimits the number of requests to be held for a specified time after arrival.
  • Work in progress. The worker process is responsible for processing requests. NGINX uses an event-based model and OS-specific mechanisms to efficiently allocate requests between worker processes. Recommendations will beworker_processesIs set to one worker process per CPU. Most systems support enhancement if neededworker_connectionsValue of (default: 512). You can experiment to find the best value for your system.
  • Socket sharding. Typically, a socket listener distributes new connections to all worker processes.Sets are sharded by wordA socket listener is created for each worker process, and the kernel assigns connections to the socket listener when it is available. This reduces lock contention and improves performance on multi-core systems. To enable socket sharding, run thelistenThe instruction containsreuseportParameters.
  • The thread pool. A time-consuming operation can block any computer process. For Web server software, disk access can block many faster operations, such as in-memory computation and replication. In the case of thread pools, slow operations are assigned to a separate set of tasks, while the main processing loop continues to run the faster operations. When the disk operation is complete, the results are returned to the main processing loop. In NGINX,read()System call andsendfile()Has been reprintedThe thread pool.

Tip: When changing the Settings of any operating system and peripherals, change them one at a time and test performance. If the change causes problems or does not improve performance, change back. For more on tuning NGINX, see this blog post.

Tip 10: Monitor real-time dynamics to find problems and bottlenecks

The key to preserving application performance is to monitor application performance in real time. The dynamics of applications in specific devices and corresponding Web infrastructure must be monitored in real time.

Monitoring site activity is mostly passive; it tells you what’s going on, and how you find and fix problems is up to you.

Monitoring can catch the following problems:

  • Server down
  • The server is unstable and failed to process the connection
  • A large cache failure occurred on the server
  • The server sent incorrect content

Global performance monitoring tools like New Relic or Dynatrace can help you monitor remote page loading times, while NGINX can help you monitor application delivery. Your application’s performance data can tell you when optimization really makes a difference to your user experience, and when you need to scale up to accommodate increased traffic.

To help users spot problems as quickly as possible, NGINX Plus has added an application checkup feature that reports frequently recurring problems. Session transactions are also implemented with NGINX Plus, which blocks new connections until tasks have been completed and slows down capacity to allow the restored servers to reach their intended speed in a load-balancing cluster. When used properly, health checks will help you locate problems before they significantly affect the user experience, while session transactions and slow starts allow you to replace servers without affecting perceived performance or online time. This diagram shows the dashboard for real-time activity monitoring built into NGINX Plus, covering servers, TCP connections, and caches.

Conclusion: 10-fold performance improvement

Performance improvements vary greatly from Web application to Web application. The actual improvement depends on budget, time, and the gap between existing implementations and desired performance. So how do you get a 10x performance increase in your application?

To help you understand the potential of each optimization recommendation, here are some guidelines for implementing the previous recommendations.

  • Reverse proxy server and load balancer. No load balancing or pool load balancing can result in very poor performance. Adding a reverse proxy server, such as NGINX, can reduce round-trips between memory and disk for Web applications. Load balancing can move tasks from overloaded servers to idle servers and is easy to scale. These changes can significantly improve performance. A 10x increase in performance is a breeze compared to the worst days of the original deployment, but even less than 10x is a qualitative leap overall.
  • Cache both dynamic and static content. If your Web server also acts as an application server, you can achieve a 10-fold increase in peak performance by caching dynamic content. Caching static content can also provide a performance boost of several times.
  • Compress data. Using compression formats such as JPEG, PNG, MPEG-4, and MP3 can significantly improve performance. If all of these techniques are used, the compressed text data (code and HTML) can double the initial page load time.
  • Optimization of SSL/TLS. Secure handshakes have a significant impact on performance, so optimizing them can make the initial response twice as fast, especially on text-heavy sites. Optimizing media files under SSL/TLS provides minimal performance improvement.
  • Implement HTTP/2 and SPDY. In the case of SSL/TLS, these two protocols have the potential to improve the overall performance of a website.
  • Tune Linux and Web servers. Using an optimized caching strategy, using active connections, and forwarding time-consuming tasks to separate thread pools can significantly improve performance. Thread pools, for example, can improve the performance of disk-intensive tasks by at least an order of magnitude.

I hope you can try the above technologies and share your own performance improvements. If you have a good idea and implementation plan, please leave a comment.

Reference resources and network data

  • Statista.com — Share of the Internet economy in the gross domestic product in G-20 countries in 2016
  • Load Impact — How Bad Performance Impacts Ecommerce Sales
  • Kissmetrics — How Loading Time Affects Your Bottom Line (Infographic)
  • Econsultancy – Site speed: case studies, tips and tools for improving your conversion rate

Recommended reading

  • Ten minutes to RocketMQ
  • Spring Boot Core Technical Guide for building a multi-tenant SaaS platform
  • Redis cache and MySQL data consistency solution
  • Nginx traffic limiting configuration
  • Deep dive into Netty, Kafka zero copy technology!

Learning Materials Sharing

12 sets of core technology materials of micro services, Spring Boot and Spring Cloud. This is part of the data catalog:

  • Spring Security authentication and authorization
  • Spring Boot Project practice (background service architecture and operation and maintenance architecture of small and medium-sized Internet companies)
  • Spring Boot Project (Enterprise rights Management project)
  • Spring Cloud Micro-service Architecture Project (Distributed transaction solution)
  • .

Public account background replyarch028Access to information: