linux:nginx
Table of Contents
https://gist.github.com/nginx-gists/
nginx certificate authentification
nginx
sample config
events {
use epoll;
multi_accept on;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
gzip on;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_types text/css application/javascript;
Check memory consumption for PHP-FPM
Single process
ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'
Performance no rules
$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
4 threads and 100 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 2.09ms 2.56ms 42.43ms 88.26%
Req/Sec 16.44k 3.38k 36.10k 71.83%
1966522 requests in 30.09s, 474.39MB read
Requests/sec: 65349.76
Transfer/sec: 15.76MB
Performance filter IP 1 rule
$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
4 threads and 100 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 2.28ms 3.27ms 84.99ms 90.26%
Req/Sec 15.66k 3.33k 31.17k 71.06%
1872796 requests in 30.09s, 451.78MB read
Requests/sec: 62246.52
Transfer/sec: 15.02MB
Performance filter IP 5000 rules
$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
4 threads and 100 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 2.60ms 3.84ms 113.95ms 90.80%
Req/Sec 13.69k 3.01k 30.83k 72.70%
1636391 requests in 30.10s, 394.75MB read
Requests/sec: 54372.39
Transfer/sec: 13.12MB
Performance filter IP 50000 rules
$ wrk -c 100 -t 4 -d 30s http://127.0.0.1:8777/bar
Running 30s test @ http://127.0.0.1:8777/bar
4 threads and 100 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 8.01ms 10.74ms 139.75ms 85.36%
Req/Sec 6.67k 1.19k 13.59k 75.92%
797378 requests in 30.03s, 192.35MB read
Requests/sec: 26551.53
Transfer/sec: 6.41MB
http {
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/easy-rsa/keys/localhost.crt;
ssl_certificate_key /etc/nginx/easy-rsa/keys/localhost.key;
ssl_client_certificate /etc/nginx/easy-rsa/keys/ca.crt;
ssl_verify_client on;
ssl_verify_depth 2;
root /var/www/;
location / {
if ($ssl_client_verify != SUCCESS) { return 403; }
autoindex on; # directory listing
}
}
}
NGINX cache
Set keepalive at upstream
location / {
proxy_http_version 1.1;
proxy_cache_background_update on;
proxy_cache_use_stale error timeout http_500; // use old when error
proxy_cache_min_uses 5;
}
Bypass
location / {
proxy_cache cache;
proxy_cache_bypass $cookie_nocache $arg_nocache $http_nocache;
}
http{
proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=cache:10m max_size=100g inactive=7d use_temp_path=off;
}
server{
location ^~ /images {
proxy_cache cache;
proxy_cache_valid 200 301 302 12h; // any 1s;
proxy_ignore_headers Cache-Control;
proxy_pass http://images.com;
}
reconfigure nginx
/usr/local/nginx/sbin/nginx -t && /usr/local/nginx/sbin/nginx -s reload
linux/nginx.txt · Last modified: 2021/07/27 15:38 by Jan Forman