Table of Contents

http://www.keepalived.org

https://gist.github.com/nginx-gists/

https://nginxbeautifier.com/

nginx certificate authentification

nginx

.htaccess converter

sample config

events {
use epoll;
multi_accept on;
}

    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;
    keepalive_timeout 30;
    gzip on;
    gzip_min_length 1100;
    gzip_comp_level   6;
    gzip_types  text/css application/javascript;

Check memory consumption for PHP-FPM

Single process

ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'

Performance no rules

$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
  4 threads and 100 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     2.09ms    2.56ms  42.43ms   88.26%
    Req/Sec    16.44k     3.38k   36.10k    71.83%
  1966522 requests in 30.09s, 474.39MB read
Requests/sec:  65349.76
Transfer/sec:     15.76MB

Performance filter IP 1 rule

$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
  4 threads and 100 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     2.28ms    3.27ms  84.99ms   90.26%
    Req/Sec    15.66k     3.33k   31.17k    71.06%
  1872796 requests in 30.09s, 451.78MB read
Requests/sec:  62246.52
Transfer/sec:     15.02MB

Performance filter IP 5000 rules

$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
  4 threads and 100 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     2.60ms    3.84ms 113.95ms   90.80%
    Req/Sec    13.69k     3.01k   30.83k    72.70%
  1636391 requests in 30.10s, 394.75MB read
Requests/sec:  54372.39
Transfer/sec:     13.12MB

Performance filter IP 50000 rules

$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
  4 threads and 100 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     8.01ms   10.74ms 139.75ms   85.36%
    Req/Sec     6.67k     1.19k   13.59k    75.92%
  797378 requests in 30.03s, 192.35MB read
Requests/sec:  26551.53
Transfer/sec:      6.41MB
http {
  server {
      listen 443;
      ssl on;
      ssl_certificate      /etc/nginx/easy-rsa/keys/localhost.crt;
      ssl_certificate_key  /etc/nginx/easy-rsa/keys/localhost.key;
      ssl_client_certificate /etc/nginx/easy-rsa/keys/ca.crt;
      ssl_verify_client on;
      ssl_verify_depth 2;
       root /var/www/;

      location / {
 	if ($ssl_client_verify != SUCCESS) { return 403; }
  	autoindex on; # directory listing
      } 
  }
}

NGINX cache

Set keepalive at upstream
location / {
proxy_http_version 1.1;
proxy_cache_background_update on;
proxy_cache_use_stale error timeout http_500; // use old when error
proxy_cache_min_uses 5;
}

Bypass

location / {
proxy_cache cache;
proxy_cache_bypass $cookie_nocache $arg_nocache $http_nocache;
}
http{
proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=cache:10m max_size=100g inactive=7d use_temp_path=off;
}
server{
location ^~ /images {
proxy_cache cache;
proxy_cache_valid 200 301 302 12h; // any 1s;
proxy_ignore_headers Cache-Control;
proxy_pass http://images.com;
}

reconfigure nginx

/usr/local/nginx/sbin/nginx -t && /usr/local/nginx/sbin/nginx -s reload