Home  >  Article  >  Operation and Maintenance  >  How to optimize Nginx configuration and kernel

How to optimize Nginx configuration and kernel

WBOY
WBOYforward
2023-05-16 21:43:271358browse

Optimization in nginx instructions (configuration file)

Copy code The code is as follows:

worker_processes 8;

The number of nginx processes is recommended to be based on the number of cpu Specify, usually as a multiple of it.

Copy code Code as follows:

worker_cpu_affinity 0000000010 00000100001000 00010000 00100000 01000000000;

## all distribute the CPU for each process. CPU, of course you can write to multiple, or assign a process to multiple CPUs.

Copy code The code is as follows:

worker_rlimit_nofile 102400;

This instruction refers to the maximum number of file descriptors opened by an nginx process. The theoretical value should be the maximum number of open files. (ulimit -n) is divided by the number of nginx processes, but nginx allocates requests not so evenly, so it is best to keep the value consistent with ulimit -n.

Copy code The code is as follows:

use epoll;

Use epoll’s i/o model. Needless to say, this goes without saying.

Copy code The code is as follows:

worker_connections 102400;

The maximum number of connections allowed by each process. Theoretically, the maximum number of connections per nginx server is worker_processes*worker_connections.

Copy code The code is as follows:

keepalive_timeout 60;

keepalive timeout time.

Copy code The code is as follows:

client_header_buffer_size 4k;

The client request header buffer size, this can be set according to your system paging size, generally one request The header size will not exceed 1k, but since the general system paging is larger than 1k, the paging size is set here. The paging size can be obtained with the command getconf pagesize.

Copy code The code is as follows:

open_file_cache max=102400 inactive=20s;

This will specify the cache for the open file. It is not enabled by default. max specifies the number of caches. It is recommended to be consistent with the number of open files. Inactive refers to how long the file has not been requested before the cache is deleted.

Copy code The code is as follows:

open_file_cache_valid 30s;

This refers to how often to check the cached valid information.

Copy code The code is as follows:

open_file_cache_min_uses 1;

The minimum number of uses of the file within the inactive parameter time of the open_file_cache instruction. If this number is exceeded, the file descriptor is always Opened in the cache, as in the above example, if a file is not used within the inactive time, it will be removed.

Optimization of kernel parameters

Copy code The code is as follows:

net.ipv4.tcp_max_tw_buckets = 6000

The number of timewait, the default is 180000.

Copy code The code is as follows:

net.ipv4.ip_local_port_range = 1024 65000

The port range allowed to be opened by the system.

Copy code The code is as follows:

net.ipv4.tcp_tw_recycle = 1

Enable timewait fast recycling.

Copy code The code is as follows:

net.ipv4.tcp_tw_reuse = 1

Turn on reuse. Allow time-wait sockets to be reused for new tcp connections.

Copy code The code is as follows:

net.ipv4.tcp_syncookies = 1

Turn on syn cookies. When the syn waiting queue overflows, enable cookies to handle it.

Copy code The code is as follows:

net.core.somaxconn = 262144

By default, the backlog of the listen function in the web application will give us the net.core.somaxconn limit of the kernel parameters. to 128, and the ngx_listen_backlog defined by nginx defaults to 511, so it is necessary to adjust this value.

Copy code The code is as follows:

net.core.netdev_max_backlog = 262144

When the rate at which each network interface receives packets is faster than the rate at which the kernel processes these packets, allow The maximum number of packets sent to the queue.

Copy code The code is as follows:

net.ipv4.tcp_max_orphans = 262144

The maximum number of tcp sockets in the system that are not associated with any user file handle . If this number is exceeded, the orphan connection will be reset immediately and a warning message will be printed. This limit is only to prevent simple DOS attacks. You cannot rely too much on it or artificially reduce this value. You should increase this value (if you increase the memory).

Copy code The code is as follows:

net.ipv4.tcp_max_syn_backlog = 262144

The maximum value of recorded connection requests that have not yet received client confirmation information. For systems with 128m of memory, the default value is 1024, and for systems with small memory, it is 128.

Copy code The code is as follows:

net.ipv4.tcp_timestamps = 0

Timestamps can avoid the wrapping of sequence numbers. A 1gbps link will definitely encounter sequence numbers that have been used before. The timestamp allows the kernel to accept such "abnormal" packets. It needs to be turned off here.

Copy code The code is as follows:

net.ipv4.tcp_synack_retries = 1

In order to open the connection to the peer, the kernel needs to send a syn and include an ack in response to the previous syn. . This is the second handshake in the so-called three-way handshake. This setting determines the number of syn ack packets sent before the kernel abandons the connection.

Copy code The code is as follows:

net.ipv4.tcp_syn_retries = 1

The number of syn packets sent before the kernel gives up establishing a connection.

Copy code The code is as follows:

net.ipv4.tcp_fin_timeout = 1

If the socket is requested to be closed by the local end, this parameter determines that it remains in fin-wait- 2 state time. The peer can make errors and never close the connection, or even crash unexpectedly. The default value is 60 seconds. The usual value for 2.2 kernel is 180 seconds, you can press this setting, but keep in mind that even if your machine is a lightly loaded web server, there is a risk of memory overflow due to a large number of dead sockets, fin- wait-2 is less dangerous than fin-wait-1 because it can only eat up to 1.5k of memory, but their lifetime is longer.

Copy code The code is as follows:

net.ipv4.tcp_keepalive_time = 30

When keepalive is enabled, the frequency of tcp sending keepalive messages. The default is 2 hours.

A complete kernel optimization configuration

Copy code The code is as follows:

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling =1 .core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net .ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net .ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1 024 65000

A simple nginx optimization configuration file

Copy code The code is as follows:

user www www;

worker_processes 8;

worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 ;

error_log /www/log/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

worker_rlimit_nofile 204800;

events
{
use epoll;
worker_connections 204800;
}

http
{
include mime.types;
default_type application/octet-stream;

charset utf -8;

server_names_hash_bucket_size 128;
client_header_buffer_size 2k;
large_client_header_buffers 4 4k;
client_max_body_size 8m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
keys_zone=test:10m
inactive=5m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_cache test;
fastcgi_cache_valid 200 30 2 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;

open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;



tcp_nodelay on;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2 ;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;


server
{
listen 8080;
server_name ad.test.com;
index index.php index.htm;
root /www/html/;

location /status
{
stub_status on;
}

location ~ .*\.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
expires 30d;
}

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log / www/log/access.log access;
}
}

Some instructions about fastcgi

Copy the code The code is as follows:

fastcgi_cache_path /usr/ local/nginx/fastcgi_cache levels=1:2 keys_zone=test:10m inactive=5m;

This directive specifies a path, directory structure level, keyword area storage time and inactive deletion time for the fastcgi cache.

Copy code The code is as follows:

fastcgi_connect_timeout 300;

Specifies the timeout for connecting to the backend fastcgi.

Copy code The code is as follows:

fastcgi_send_timeout 300;

The timeout for sending requests to fastcgi. This value refers to the timeout for sending requests to fastcgi after two handshakes have been completed.

Copy code The code is as follows:

fastcgi_read_timeout 300;

The timeout for receiving fastcgi response. This value refers to the timeout for receiving fastcgi response after two handshakes have been completed.

Copy code The code is as follows:

fastcgi_buffer_size 16k;

Specify how large a buffer is needed to read the first part of the fastcgi response. Here you can set it to the buffer specified by the fastcgi_buffers directive. Size, the above instruction specifies that it will use a 16k buffer to read the first part of the response, that is, the response header. In fact, this response header is generally very small (no more than 1k), but if you use the fastcgi_buffers instruction If the buffer size is specified in , it will also allocate a buffer size specified by fastcgi_buffers for caching.

Copy code The code is as follows:

fastcgi_buffers 16 16k;

Specify how many and how large local buffers need to be used to buffer fastcgi responses, as shown above, if a php The page size generated by the script is 256k, and 16 16k buffers will be allocated for caching. If it is larger than 256k, the part larger than 256k will be cached in the path specified by fastcgi_temp. Of course, this is not good for the server load. A wise solution, because the data processing speed in the memory is faster than the hard disk, usually the setting of this value should choose an intermediate value of the page size generated by the PHP scripts in your site, such as the pages generated by most of the scripts in your site. If the size is 256k, you can set this value to 16 16k, or 4 64k or 64 4k, but obviously, the latter two are not good setting methods, because if the generated page is only 32k, if 4 64k is used, it will allocate 1 A 64k buffer is used to cache, and if 64 4k is used, it will allocate 8 4k buffers to cache, and if 16 16k is used, it will allocate 2 16k buffers to cache the page, which seems more reasonable.

Copy code The code is as follows:

fastcgi_busy_buffers_size 32k;

I don’t know what this command does, I only know that the default value is twice the size of fastcgi_buffers.

Copy code The code is as follows:

fastcgi_temp_file_write_size 32k;

How large a data block will be used when writing fastcgi_temp_path. The default value is twice the size of fastcgi_buffers.

Copy code The code is as follows:

fastcgi_cache test

Turn on the fastcgi cache and give it a name. Personally, I feel that turning on cache is very useful, as it can effectively reduce the CPU load and prevent 502 errors. But this cache will cause a lot of problems because it caches dynamic pages. The specific use depends on your own needs.

Copy code The code is as follows:

fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;

Specify the cache time for the specified response code , as in the above example, the 200 and 302 responses are cached for one hour, the 301 response is cached for 1 day, and the others are cached for 1 minute.

Copy code The code is as follows:

fastcgi_cache_min_uses 1;

The minimum number of uses of the cache within the inactive parameter value of the fastcgi_cache_path directive, as in the above example, if a file is used within 5 minutes If it has not been used once, the file will be removed.

Copy code The code is as follows:

fastcgi_cache_use_stale error timeout invalid_header http_500;

I don’t know the function of this parameter. I guess it should let nginx know which types of cache are useless . The above are the parameters related to fastcgi in nginx. In addition, fastcgi itself also has some configurations that need to be optimized. If you use php-fpm to manage fastcgi, you can modify the following values ​​​​in the configuration file:

Copy code The code is as follows:

60

The number of concurrent requests processed at the same time, that is, it will open up to 60 child threads to handle concurrent connections.

Copy code The code is as follows:

102400

The maximum number of open files.

Copy code The code is as follows:

204800

The maximum number of requests that each process can perform before resetting number.

A few test results

The static page is the test file mentioned in the article I configured 4w concurrency in Squid. The picture below shows running webbench -c 30000 -t on 6 machines at the same time. Test results after 600 http://ad.test.com:8080/index.html command:

How to optimize Nginx configuration and kernel

Number of connections filtered using netstat:

How to optimize Nginx configuration and kernel

The result of the php page in status (php page calls phpinfo):

How to optimize Nginx configuration and kernel

The number of connections of the php page after netstat filtering:

How to optimize Nginx configuration and kernel

Server load before fastcgi cache is used:

How to optimize Nginx configuration and kernel

It is already difficult to open the php page at this time and requires multiple refreshes to open. The low load on cpu0 in the above figure is because all network card interrupt requests were allocated to cpu0 during the test, and 7 processes were opened in nginx and assigned to cpu1-7 respectively.

After using fastcgi cache:

How to optimize Nginx configuration and kernel

At this time, you can easily open the php page.

This test is not connected to any database, so it has no reference value. However, I don’t know whether the above test has reached the limit. It seems not according to the usage of memory and CPU, but there is no extra machine. Let me run webbench.

The above is the detailed content of How to optimize Nginx configuration and kernel. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete