User Tools

Site Tools


linux:nginx

Differences

This shows you the differences between two versions of the page.


linux:nginx [2021/07/27 15:38] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +[[http://www.keepalived.org]]
 +
 +[[https://gist.github.com/nginx-gists/]]
 +
 +[[https://nginxbeautifier.com/]]
 +
 +[[https://www.ssltrust.com.au/help/setup-guides/client-certificate-authentication|nginx certificate authentification]]
 +
 +====== nginx ======
 +[[http://winginx.com/en/htaccess|.htaccess converter]]
 +
 +====== sample config ======
 +<code>
 +events {
 +use epoll;
 +multi_accept on;
 +}
 +
 +    sendfile    on;
 +    tcp_nopush  on;
 +    tcp_nodelay on;
 +    keepalive_timeout 30;
 +    gzip on;
 +    gzip_min_length 1100;
 +    gzip_comp_level   6;
 +    gzip_types  text/css application/javascript;
 +</code>
 +
 +====== Check memory consumption for PHP-FPM ======
 +Single process
 +<code>
 +ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'
 +</code>
 +
 +
 +====== Performance no rules ======
 +<code>
 +$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
 +Running 30s test @ http://127.0.0.1:8777/bar
 +  4 threads and 100 connections
 +  Thread Stats   Avg      Stdev     Max   +/- Stdev
 +    Latency     2.09ms    2.56ms  42.43ms   88.26%
 +    Req/Sec    16.44k     3.38k   36.10k    71.83%
 +  1966522 requests in 30.09s, 474.39MB read
 +Requests/sec:  65349.76
 +Transfer/sec:     15.76MB
 +</code>
 +====== Performance filter IP 1 rule ======
 +<code>
 +$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
 +Running 30s test @ http://127.0.0.1:8777/bar
 +  4 threads and 100 connections
 +  Thread Stats   Avg      Stdev     Max   +/- Stdev
 +    Latency     2.28ms    3.27ms  84.99ms   90.26%
 +    Req/Sec    15.66k     3.33k   31.17k    71.06%
 +  1872796 requests in 30.09s, 451.78MB read
 +Requests/sec:  62246.52
 +Transfer/sec:     15.02MB
 +</code>
 +
 +====== Performance filter IP 5000 rules ======
 +<code>
 +$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
 +Running 30s test @ http://127.0.0.1:8777/bar
 +  4 threads and 100 connections
 +  Thread Stats   Avg      Stdev     Max   +/- Stdev
 +    Latency     2.60ms    3.84ms 113.95ms   90.80%
 +    Req/Sec    13.69k     3.01k   30.83k    72.70%
 +  1636391 requests in 30.10s, 394.75MB read
 +Requests/sec:  54372.39
 +Transfer/sec:     13.12MB
 +</code>
 +
 +====== Performance filter IP 50000 rules ======
 +<code>
 +$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
 +Running 30s test @ http://127.0.0.1:8777/bar
 +  4 threads and 100 connections
 +  Thread Stats   Avg      Stdev     Max   +/- Stdev
 +    Latency     8.01ms   10.74ms 139.75ms   85.36%
 +    Req/Sec     6.67k     1.19k   13.59k    75.92%
 +  797378 requests in 30.03s, 192.35MB read
 +Requests/sec:  26551.53
 +Transfer/sec:      6.41MB
 +</code>
 +
 +
 +<code>
 +http {
 +  server {
 +      listen 443;
 +      ssl on;
 +      ssl_certificate      /etc/nginx/easy-rsa/keys/localhost.crt;
 +      ssl_certificate_key  /etc/nginx/easy-rsa/keys/localhost.key;
 +      ssl_client_certificate /etc/nginx/easy-rsa/keys/ca.crt;
 +      ssl_verify_client on;
 +      ssl_verify_depth 2;
 +       root /var/www/;
 +
 +      location / {
 +  if ($ssl_client_verify != SUCCESS) { return 403; }
 +  autoindex on; # directory listing
 +      } 
 +  }
 +}
 +</code>
 +
 +====== NGINX cache ======
 +<code>
 +Set keepalive at upstream
 +location / {
 +proxy_http_version 1.1;
 +proxy_cache_background_update on;
 +proxy_cache_use_stale error timeout http_500; // use old when error
 +proxy_cache_min_uses 5;
 +}
 +</code>
 +===== Bypass =====
 +<code>
 +location / {
 +proxy_cache cache;
 +proxy_cache_bypass $cookie_nocache $arg_nocache $http_nocache;
 +}
 +</code>
 +
 +
 +<code>
 +http{
 +proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=cache:10m max_size=100g inactive=7d use_temp_path=off;
 +}
 +server{
 +location ^~ /images {
 +proxy_cache cache;
 +proxy_cache_valid 200 301 302 12h; // any 1s;
 +proxy_ignore_headers Cache-Control;
 +proxy_pass http://images.com;
 +}
 +</code>
 +
 +===== reconfigure nginx =====
 +<code>/usr/local/nginx/sbin/nginx -t && /usr/local/nginx/sbin/nginx -s reload</code>
  
linux/nginx.txt · Last modified: 2021/07/27 15:38 by Jan Forman