In general, nginx configuration files are useful for optimization comparison.
1. worker_processes 8;
It is recommended to specify the number of nginx processes based on the number of cpus (for example, 8 for two quad-core cpus).
2. workercpuaffinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
Allocate CPU to each process. In the example above, 8 processes were allocated to 8 cpus. Of course, you can write more than one process, or allocate one process to more than one CPU.
3.workerrlimitnofile 65535;
This directive refers to the maximum number of open file descriptors for an Nginx process. The theoretical value should be the maximum number of open files (ulimit-n) divided by the number of nginx processes, but nginx allocation requests are not uniform, so it is best to keep the value of ulimit-n consistent.
Now in the Linux 2.6 kernel, the number of open files is 65535. The corresponding value of workerrLimitNoFile should be 65535.
This is because nGINx does not allocate requests to processes evenly, so if you fill in 10240 and the total number of concurrent requests reaches 30,000-40,000, some processes may exceed 10240, which will return error 502.
View file descriptors for Linux systems:
[root@web001 ~]# sysctl -a | grep fs.file
fs.file-max = 789972
fs.file-nr = 510 0 789972
4.use epoll;
I/O model using epoll
(
Supplementary notes:
Like Apache, Nginx has different event models for different operating systems
PollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB: pollB FreeBSD 4.1+, OpenBSD 2.9+, NetBSD 2.0 and MacOS X. Dual processor MacOS X systems using Kqueue can cause a kernel crash. Epoll: Used for Linux kernel 2.6 and later systems.
/dev/poll: used on Solaris 7 11/99+, HP/UX 11.22+ (EventPort), IRIX 6.5.15+ and Tru64 UNIX 5.A +.
Eventport: for Solaris 10. To prevent kernel crashes, it is necessary to install security patches.
)
5.worker_connections 65535;
The maximum number of connections allowed by each nginx server is workerProcesses * WorkerConnections.
6.keepalive_timeout 60;
Keepalive timeout duration.
7.clientheaderbuffer_size 4k;
The buffer size of the client request header. This can be set according to your system paging size. The size of a request header should not exceed 1K, but since system paging is usually larger than 1K, it is set to the paging size.
The PAGESIZE can be obtained using the command getconf PAGESIZE.
[root@web001 ~]# getconf PAGESIZE
4096
There are cases where clienTheaderBufferSize exceeds 4K, but clienTheaderBufferSize must be set to an integer multiple of system page size.
8.openfilecache max=65535 inactive=60s;
Max specifies the number of cached files. It is recommended that this number be the same as the number of open files. Inactive means how long it will take before the cache is deleted before the file is requested.
9.openfilecache_valid 80s;
This is how often the cache is checked for valid information.
10.openfilecacheminuses 1;
The minimum number of times a file has been used in inactive time in the OpenFilecache directive. If this number is exceeded, the file descriptor will remain open in the cache. As shown above, if a file has not been used once in inactive time, it will be removed.
Ii. Optimization of kernel parameters
net.ipv4.tcpmaxtw_buckets = 6000
Number of timewaits, default is 180,000.
net.ipv4.iplocalport_range = 1024 65000
Range of ports allowed to be opened by the system.
net.ipv4.tcptwrecycle = 1
Enable timewait quick collection.
net.ipv4.tcptwreuse = 1
Enable reuse. Allows time-wait Sockets to be reused for new TCP connections.
net.ipv4.tcp_syncookies = 1
Enable SYN Cookies to handle SYN wait queue overflow.
net.core.somaxconn = 262144
The Listen backlog for web applications limits the kernel parameter net.core.somaxconn to 128 by default, whereas the NGXLISTENBACKLOG defined by Nginx defaults to 511, so it is necessary to adjust this value.
net.core.netdevmaxbacklog = 262144
The maximum number of packets that are allowed to be sent to the queue if each network interface receives packets at a rate faster than the kernel can process them.
net.ipv4.tcpmaxorphans = 262144
The maximum number of TCP sockets in the system that are not associated with any user file handle. If this number is exceeded, the orphan connection is immediately reset and a warning message is printed. This limit is intended only to prevent simple DoS attacks and should not be relied upon or artificially reduced, but rather increased (if memory is added).
net.ipv4.tcpmaxsyn_backlog = 262144
The maximum number of connection requests logged that have not received client confirmation. The default value is 1024 for a system with 128 MB of memory and 128 for a system with small memory.
net.ipv4.tcp_timestamps = 0
Timestamps prevent serial number winding. A 1Gbps link is bound to encounter a previously used serial number. Timestamps enable the kernel to accept such “abnormal” packets. I need to turn it off here.
net.ipv4.tcpsynackretries = 1
To open the connection to the peer, the kernel sends a SYN with an ACK that responds to the previous SYN. The second of the three handshakes. This setting determines how many SYN+ACK packets the kernel sends before abandoning the connection.
net.ipv4.tcpsynretries = 1
The number of SYN packets sent before the kernel aborts the connection.
net.ipv4.tcpfintimeout = 1
If the socket is closed at the request of the local end, this parameter determines how long it remains in fin-WaIT-2 state. The peer end can go wrong and never close the connection, or even go down unexpectedly. By default, it is 60 seconds. 2.2 The usual kernel value is 180 seconds, 3 You can press this setting, but keep in mind that even if your machine is a lightweight WEB server, there is a risk of memory overflow due to a large number of dead sockets, and fin-WaIT-2 is less dangerous than Fin-Wait-1. Because they can only eat up to 1.5K of memory, but they live longer.
net.ipv4.tcpkeepalivetime = 30
Indicates the frequency at which TCP sends keepalive messages when Keepalive is enabled. The default value is 2 hours.
Three, the following paste a complete kernel optimization Settings:
Vi /etc/sysctl.conf CentOS5.5 you can delete all contents and replace them with the following contents:
net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.default.acceptsourceroute = 0kernel.sysrq = 0kernel.coreusespid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536kernel.shmmax = 68719476736kernel.shmall = 4294967296net.ipv4.tcpmaxtw_buckets = 6000net.ipv4.tcp_sack = 1net.ipv4.tcpwindowscaling = 1net.ipv4.tcp_rmem = 4096 87380 4194304net.ipv4.tcp_wmem = 4096 16384 4194304net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.core.netdevmaxbacklog = 262144net.core.somaxconn = 262144net.ipv4.tcpmaxorphans = 3276800net.ipv4.tcpmaxsyn_backlog = 262144net.ipv4.tcp_timestamps = 0net.ipv4.tcpsynackretries = 1net.ipv4.tcpsynretries = 1net.ipv4.tcptwrecycle = 1net.ipv4.tcptwreuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcpfintimeout = 1net.ipv4.tcpkeepalivetime = 30net.ipv4.iplocalport_range = 1024 65000
To make the configuration take effect immediately, run the /sbin/sysctl -p command
The following is about the optimization of system connection number
The default value for Linux is Open Files and Max User processes: 1024
ulimit -n
1024
ulimit Cu
1024
Symptom: The server can open only 1024 files and process 1024 user processes at the same time
You can run the ulimit -a command to view all limits of the current system. You can run the ulimit -n command to view the maximum number of open files.
The default value of a newly installed Linux server is 1024, so it is easy to encounter error: Too many Open Files on a heavily loaded server. So you need to make it bigger.
Solutions:
Using ulimit Cn 65535 can be modified immediately, but will be invalid after restart. (note ulimit-shn 65535 is equivalent to ulimit-n 65535, -s means soft, -h means hard)
There are three modification methods:
1. Add a line of ulimit-shn 655352 to /etc/rc.local. Add a line of ulimit-shn 655353 to /etc/profile. In the/etc/security/limits the conf last increase:
*** soft nofile 65535
- hard nofile 65535
- soft nproc 65535
- hard nproc 65535**
The first method has no effect on CentOS, the third method has effect, and the second method has effect on Debian
ulimit -n
65535
ulimit -u
65535
Note: The ulimit command itself has soft and hard Settings, add -h is hard, add -s is soft default display soft limit
Soft limit refers to the setting value that is currently in effect on the system. The hard limit value can be lowered by ordinary users. But it can’t increase. Soft limits cannot be set higher than hard limits. Only the root user can increase the hard limit.
Here is a simple nginx configuration file:
user www www; worker_processes 8; workercpuaffinity 00000001 00000010 00000100 00001000 00010000 0010000001000000; errorlog /www/log/nginxerror.log crit; pid /usr/local/nginx/nginx.pid; workerrlimitnofile 204800; events{use epoll; worker_connections 204800; }http{include mime.types; default_type application/octet-stream; charset utf-8; servernameshashbucketsize 128; clientheaderbuffer_size 2k; largeclientheader_buffers 4 4k; clientmaxbody_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; fastcgicachepath /usr/local/nginx/fastcgi_cache levels=1:2keys_zone=TEST:10minactive=5m; fastcgiconnecttimeout 300; fastcgisendtimeout 300; fastcgireadtimeout 300; fastcgibuffersize 4k; fastcgi_buffers 8 4k; fastcgibusybuffers_size 8k; fastcgitempfilewritesize 8k; fastcgi_cache TEST; fastcgicachevalid 200 302 1h; fastcgicachevalid 301 1d; fastcgicachevalid any 1m; fastcgicachemin_uses 1; fastcgicacheusestale error timeout invalidheader http_500; openfilecache max=204800 inactive=20s; openfilecacheminuses 1; openfilecache_valid 30s; tcp_nodelay on; gzip on; gzipminlength 1k; gzip_buffers 4 16k; Gziphttpversion 1.0; gzipcomplevel 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server{listen 8080; server_name backup.aiju.com; index index.php index.htm; root /www/html/; location /status{stub_status on; }location ~ .*/.(php|php5)? The ${fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; }location ~ .*/.(gif|jpg|jpeg|png|bmp|swf|js|css)${expires 30d; }logformat access ‘$remoteADDR – $remoteUser [$timelocal] “$request” “$status $bodyBytessent” “$http_referer” ‘ ‘” $$httpxforwarded_for httpuseragent “; access_log /www/log/access.log access; }}
FastCGI:
fastcgicachepath /usr/local/nginx/fastcgicache levels=1:2 keyszone=TEST:10minactive=5m;
This directive specifies a path, directory structure level, keyword area storage time, and inactive delete time for the FastCGI cache.
fastcgiconnecttimeout 300;
Specifies the timeout to connect to the backend FastCGI.
fastcgisendtimeout 300;
Timeout for sending a request to FastCGI. This value is the timeout for sending a request to FastCGI after two handshakes have been completed.
fastcgireadtimeout 300;
Timeout to receive a FastCGI reply. This value is the timeout to receive a FastCGI reply after two handshakes have been completed.
fastcgibuffersize 4k;
Specifies the size of the buffer required to read the first part of the FastCGI response. Normally, the first part of the response should not exceed 1K. Set this to 4K because the page size is 4K.
fastcgi_buffers 8 4k;
Specify how much and how large a buffer is needed locally to buffer FastCGI replies.
fastcgibusybuffers_size 8k;
I do not know what this directive does, except that the default value is twice fastcgi_buffers.
fastcgitempfilewritesize 8k;
How large a block of data will be used when writing to fastCGItemppath. The default is twice fastcgi_buffers.
fastcgi_cache TEST
Enable the FastCGI cache and give it a name. In my opinion, enabling cache is very useful to reduce CPU load and prevent error 502.
**fastcgi_cache_valid 200 302 1h; fastcgicachevalid 301 1d; fastcgicachevalid any 1m; **
In the preceding example, 200,302 replies are cached for one hour, 301 replies are cached for one day, and others are cached for one minute.
fastcgicachemin_uses 1;
Cache The minimum number of times cached in the inactive parameter of the FastCGicachePath directive. For example, if a file is not used once in 5 minutes, the file will be removed.
fastcgicacheusestale error timeout invalidheader http_500;
Not knowing what this parameter is for, the guess is to let Nginx know which types of caches are useless. If you use php-fpm to manage FastCGI, you can modify the following values in the configuration file:
60
The number of concurrent requests processed at the same time, i.e. it will open up to 60 child threads to process concurrent connections.
102400
Maximum number of open files.
204800
Maximum number of requests that each process can execute before resetting.
Source: http://9388751.blog.51cto.com/9378751/1676821