Upload
kurniawan-setyo-nugroho
View
220
Download
0
Embed Size (px)
Citation preview
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 1/11
Nginx Performance Tuning: How to do it
9
Submitted by Sarath Pillai on Tue, 12/24/21! " 1#:!1
Nginx i$ a well %nown web $er&er, and i$ ado'ted by many ma(or 'layer$ in the indu$try)
The main rea$on for it$ fa$t ado'tion wa$ that it$ $o fa$t com'ared to other web $er&er$
*li%e +'ache) -a$ically nginx wa$ made to $ol&e a 'roblem that i$ %nown a$ c1%) .t
'erform$ much better than any other web $er&er$ in the mar%et out of the box for many).n thi$ article we will $ee how you can modify your nginx con0guration to gi&e it a boo$t
or $ay 'erformance tune nginx)
e will get in$ide the con0guration 'art a little later, co there are 3uite a few conce't$
that need$ to be under$tood 0r$t)
1% refer$ to the method of o'timiing networ% connection$ $o that it can handle
connection$ in the range of ten thou$and $imultaneou$ly) There i$ a &ery famou$ article
ex'laining thi$ in the below lin%)
Read: hat i$ c1% Problem
+'ache wor%$ in a bloc%ing ./5 model) .n layman term$ it mean$ that when a read/write
re3ue$t i$ i$$ued it bloc%$ other re3ue$t$ till that re3ue$t i$ com'leted) + be$t $olution to
thi$ 'roblem i$ to create $e'arate thread$/'roce$$e$ for each connection$) Thi$ i$ what
+'ache doe$)
Apache works by using a dedicated thread per client with blocking I/O.
+lthough dedicated thread 'er connection$/re3ue$t by +'ache i$ a good method to $er&e
client$, it$ a memory con$uming a$ well a$ 'roce$$or con$uming method)
Its processor consuming, because for each request that hits the Apache server, the
server processor has to switch between dierent processes because each http requests
connections creates a new process/thread!
Related: Proce$$ admini$tration in 6inux
Now if 'erformance and re$ource utiliation i$ not at all a concern for you, then you can
go ahead with the thread 'er connection model of +'ache by u$ing an +'ache web
$er&er to $er&e re3ue$t$) -ut if you are concerned about both re$ource utiliation and
'erformance, then nginx model of e&ent dri&en architecture i$ the be$t to go ahead with)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 2/11
"gin# uses a single threaded non$blocking I/O mechnism to serve requests. As it uses
non$blocking I/O, one single process can server too many connection requests.
Related: Nginx and +'ache di7erence
+$ e&erything i$ a 0le in linux, e&en networ% connection$ are 0le$ internaly) 8ach and
e&ery 'roce$$ ha$ it$ own $et of 0le de$cri'tor$ that need$ to be 'olled fre3uently to
identify which i$ one i$ ready to be read from or write to *8&en connection$ that an nginx
$er&er recei&e$ are maintained by the nginx 'roce$$ in the form of 0le de$cri'tor$ for the
life time of a connection)
+$ we di$cu$$ed before, nginx u$e$ a non"bloc%ing ./5 with a $ingle thread) Hence the
$ingle 'roce$$ mu$t identify which connection 0le i$ ready to be read or written to) 9or
thi$, the o'erating $y$tem ha$ three di7erent method$) They are mentioned below)
•
Select ethod• Poll ethod
• 8'oll ethod
;$ing both $elect and 'oll i$ not an e<cient way to identify which 0le de$cri'tor i$ ready)
-ecau$e both of the$e method are identical in what they doe$ *am not ca'able enough to
ex'lain you the di7erence between $elect and e'oll, if you are a 'rogrammer i will
recommend to go through the below lin% to learn more about $elect and 'oll)
Read: Select and Poll
%o ngin# can use either select or poll method to identify which &le&le descriptor! isready to be read or written to. 'ut both these methods are not e(cient enough when
there are too many number of connections. )or e#ample, if you want to serve say *++++
connections at a time. And only one of the them is ready to be read. o identify that one
&le descriptor to which is ready to be read, the process has to still scan through rest of
the ---- &le descriptors which is waste of resource!.
+nother method other than the $elect and Poll i$ called a$ epoll come$ to re$cue here)
Thi$ i$ only a&ailable in 6inux %ernel$ which are later than 2)#) 8'oll u$e$ an e<cient
mechani$m com'ared to 'oll and $elect)
If you have *++++ connections made to your server, and +++ among them are idle
connections. sing poll and select is not that e(cient because epoll will only give
importance to connections that are active. 0lease note the fact that all three select, poll
and epoll basically does the same thing, but using epoll is less cpu intensive when you
have to serve thousands of connections.
=ou can modify your nginx con0guration 0le to u$e e'oll a$ $hown below) .f you are on
cento$ thi$ nginx con0guration 0le will be located at /etc/nginx/nginx.conf. Thi$ i$ done
in$ide an e&ent$ bloc% in the con0guration 0le)
>
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 3/11
12!
e&ent$ ? u$e e'oll@A
Now a$ di$cu$$ed earlier, nginx wor%$ on a non"bloc%ing $ingle 'roce$$ model) +lthough
we $ay $ingle 'roce$$, we can a$% our nginx to $tart multi'le wor%er 'roce$$) -a$ically it$
li%e if you ha&e two wor%er 'roce$$, each one will handle all the re3ue$t$) Thi$ $etting i$
normally con0gured de'ending u'on the number of P; core$ you ha&e on your $y$tem)
=ou can 0nd the number of P; core$ on your $y$tem by u$ing either of the below
command$)
>
12!4B
CrootDwww EFG l$c'u+rchitecture: x#I#4P; o'"mode*$: !2"bit, #4"bit-yte 5rder: 6ittle 8ndianP;*$:
>
1 cat /'roc/c'uinfo
+m 3uite $ure that if you are on a 'roduction $er&er, you will be ha&ing multi'le c'u
core$) +$ $een from the l$c'u command out'ut, i ha&e 'roce$$or$, $o i will a$% nginx to
launch wor%er 'roce$$ that will be $er&ing re3ue$t$)
>
1 wor%erI'roce$$e$ @
+l$o you can alternati&ely con0gure nginx to do the (ob of identifying the number of core$
on your $er&er and launch wor%er 'roce$$e$ accordingly) Thi$ can be done by modifying
the wor%erI'roce$$e$ to auto a$ $hown below)
>
1 wor%erI'roce$$e$ auto@
+nother im'ortant factor that we can modify in nginx i$ the maximum number of 0le$
that can be o'ened by our wor%er 'roce$$e$) +$ di$cu$$ed before, each and e&ery
connection i$ handled by creating 0le$ to identify them) Hence more the number of 0le$
that are allowed to be be created, wor%er$ can wor% with more connection$)
There i$ a con0guration &alue that can be modi0ed in nginx to get thi$ done) .t$ alway$
good to $et thi$ &alue to a higher one if your $er&er i$ a &ery high tra<c one)
>
1 wor%erIrlimitIno0le 1@
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 4/11
8&en if i $et wor%erI'roce$$ in my nginx)conf to or auto, it will end u' launching
wor%er 'roce$$e$) +ll the$e 'roce$$e$ are ready to $er&e connection$) -ut you can
further o'timie the$e wor%er 'roce$$ to ma%e them $er&er a$ many connection$ a$
'o$$ible)
e can de0ne the maximum number of connection$ which can be $imultaniou$ly $er&edby a $ingle wor%er 'roce$$) The default i$ B12 connection$ if you dont $'ecify it) -ut you
can modify thi$ to acce't more connection$ 'er wor%er) Thi$ can be done a$ $hown
below)
>
12!4
e&ent$ ? u$e e'oll@ wor%erIconnection$ 124@A
e al$o need to con0gure our wor%er 'roce$$e$ to acce't multi'le connection$ at one
time) Thi$ can be done by modifying the e&ent$ bloc% a$ $hown below)
>
12!4
B
e&ent$ ? u$e e'oll@ wor%erIconnection$ 24@ multiIacce't on
A
5ur 0nal con0guration after ma%ing the abo&e change$ mu$t loo% $omething li%e the
below)
>
12!4B#J
wor%erI'roce$$e$ auto@wor%erIrlimitIno0le 1@ e&ent$ ? wor%erIconnection$ 124@ u$e e'oll@ multiIacce't on@A
%o now my ngin# web server is ready to serve around *-1 connections worker
process 2 *+13 connections ! at one time.
Plea$e note the fact that we ha&e u$ed e&ent$ module in nginx to modify wor%er
connection$, u$e e'oll method, and multiIacce't) Thi$ i$ the rea$on why they are in$ide
e&ent$ bloc% *events 45 in the con0guration 0le) There i$ another module called htt',
which i$ the 'rimary module that you will be u$ing to de0ne htt' related $tu7)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 5/11
e wil be now modifying and adding few 'arameter$ in$ide the htt' module to $'eed u'
our nginx a little bit more)
5ne of the ma(or and re3uired feature of any web$er&er i$ logging) 6ogging will gi&e the
$er&er admini$trator an inde'th detail of the %ind of re3ue$t$ that are being $er&ed, andal$o it hel'$ for trouble$hooting) + web $er&er log can al$o be u$ed to ma%e a web
analytic$ becau$e log 0le$ contain the com'lete detail$ of the re3ue$t$) The$e detail$
include the $ource addre$$ of the re3ue$t, u$er agent *the brow$er u$ed by the client,
the re$ource re3ue$ted in the re3ue$t *or the url acce$$ed, de$tination addre$$, referral
url etc etc)
Related: entral 6ogging Ser&er in 6inux
+lthough logging i$ an im'ortant and re3uired feature, it doe$ a lot of ./5 o'eration on
the di$%) Plea$e dont forget the fact that each and e&ery re3ue$t i$ logged a$ $oon a$ it
hit$ the $er&er and $er&ed)
Thi$ mean$ for e&ery re3ue$t the web $er&er ha$ to 'roce$$ the log$ and add the
rele&ant detail$ to the log 0le *which add$ u' to 'roce$$ing a$ well a$ ./5 u$age)) .f the
web$ite that you ho$t i$ getting too much tra<c, then am $ure your web $er&er i$ ha&ing
a realy bad time logging it)
Hence turning o7 the log$ com'letely on the web $er&er can $a&e a lot of ./5 a$ well a$
P; 'ower) Thi$ become$ &ery handy when you are ha&ing a high tra<c web$ite) .n
nginx you can com'letely turn of logging by the following o'tion)
>
12!4B
htt' ? include /etc/nginx/mime)ty'e$@ defaultIty'e a''lication/octet"$tream@ acce$$Ilog o7@A
acce$$Ilog o7 o'tion $hown in the abo&e htt' bloc% tell$ not to log re3ue$t$ that are
being 'roce$$ed by the $er&er)
hen you acce$$ a web$ite with a web brow$er, what really ha''en$ i$ that your brow$ere$tabli$he$ an HTTP connection with the target $er&er) The real o&erhead i$ the
beginning) hich mean$ the main time con$uming *although in $econd$, it matter$ when
'erformance i$ con$idered thing i$ to e$tabli$h the connection)
6et$ ta%e an exam'le, where you are acce$$ing a new$ related web $ite, and you are
Ki''ing through di7erent url$ on the web$ite to ha&e a 3uic% o&er&iew of di7erent new$
content$) .magine a $ituation where your client brow$er ha$ to ma%e new htt'
connection$ to the $er&er for each ;L6 you are acce$$ing on the $ite) That will be a little
$low for the $ite &i$itor$) -ecau$e acce$$ing each url ha$ another o&erhead of
e$tabli$hing an HTTP connection 0r$t)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 6/11
HTTP &er$ion 1) im'lemented a feature called a$ %ee' ali&e connection$ to $ol&e thi$
o&erhead of creating a connection for each re3ue$t) Howe&er there i$ a timeout 'eriod
for thi$) .n $hort the web $er&er$ allow you to $'ecify the timeout 'eriod for which to
%ee' the connection$ ali&e, $o that a connection made during that inter&al doe$ not
re3uire to create a connection)
In short connections are kept alive till the keep alive timeout you specify
+nd belie&e me nginx i$ much better in handling large number of acti&e connection$,
com'ared to any other web $er&er$) .t claim$ that it can handle u'to 1 connection$
ali&e by only utiliing 2)B - of memory) So if you are u$ing nginx, go ahead and rai$e
your %ee' ali&e &alue to $omething higher li%e #B)
>
1 %ee'ali&eItimeout #B@
.f you are a 6inux u$er, then am $ure you mu$t ha&e heard about gi' com're$$ion) +nd
you might already %now the amount of com're$$ion le&el that can be achie&ed with gi'
for com're$$ing text content) =ou get com're$$ion rate in the range of M$) hich i$ a
&ery awe$ome com're$$ion le&el)
+ ma(or 'ortion of a web 'age i$ alway$ text content) The com'onent$ that ma%e a web
'age loo% good a$ well a$ enhance it$ functionalitie$ are al$o text content) +lthough they
are all code in di7erent language$ li%e html, SS and e&en a&aScri't *which the brow$er
%now$ to inter'ret at the end of the day they are text content)
Sending all data a$ it i$ o&er the wire to client$ i$ alway$ a bit $low) So each and e&ery
web $er&er $u''ort$ com're$$ion mechani$m to com're$$ the data that are being $ent
out to the client$) +l$o all modern web brow$er$ %now$ how to decom're$$ it)
8nabling com're$$ion can be &ery hel'ful to 'eo'le who are on $low networ%$ acce$$ing
your web$ite) 8nabling com're$$ion i$ not a tough ta$%) Similar to the 're&iou$ly $hown
o'tion$, com're$$ion and gi' o'tion i$ enabled in$ide the htt' bloc% $ection in
nginx)conf 0le)
.f you ha&e done com're$$ion with gi' tool in linux, then you mu$t be %nowing that it
ta%e$ a little bit of time to com're$$ the content de'ending u'on the $ie) +nd you might
al$o %now that if you increa$e the com're$$ion le&el, the end re$ult doe$ not ma%e anylarge $ub$tancial di7erence, but it will ta%e a little more time along with a little more P;
u$age)
Similarly while con0guring com're$$ion on our nginx web $er&er, we need to ta%e an
extra care of what to com're$$, when to com're$$, and the le&el of com're$$ion) +l$o we
need to ha&e a mechani$m where we can di$able com're$$ion for older web brow$er$
that doe$ not $u''ort thi$ feature)
So the 0r$t $te' i$ to enable com're$$ion) Thi$ can be done by adding the below
'arameter in$ide the htt' bloc%)
>
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 7/11
1 gi' on@
The $econd $te' i$ to tell nginx, to only com're$$, when the $ie of the data being $ent i$
abo&e our $'eci0ed limit) Thi$ can be done a$ $hown below)
>
1 gi'IminIlength 2B#@
5<cial nginx web $ite de$cribe$ the abo&e min length 'arameter in a nice way) -elow i$
the de$cri'tion of the min length 'arameter from the o<cial nginx htt' module $ection)
6esponses shorter than this byte$length will not be compressed. 7ength is determined
from the 89ontent$7ength8 header.
Now a$ we di$cu$$ed earlier, too much com're$$ion doe$ not ma%e a $ub$tantial
di7erence, but will only add u' to P; u$age) om're$$ion le&el i$ mentioned from a
$cale of 1 to M) e do need com're$$ion, but not at a higher le&el) -ecau$e e&en the
ba$ic gi' com're$$ion doe$ a 'retty nice (ob) So let$ %ee' the &alue of com're$$ion
le&el $omewhere between from ! to B *Oe'ending u'on your wi$h
>
1 gi'Icom'Ile&el !@
Now we need to tell our nginx web $er&er about the ty'e$ of data that need$ to be
com're$$ed) Thi$ i$ generally text content ranging from r$$, c$$, html, (a&a$cri't etc) Thi$
can be done by adding the following line)
>
1 gi'Ity'e$ text/'lain text/c$$ a''lication/($on a''lication/x"(a&a$cri't text/xml a''lication/xml a''li
So our 0nal htt' bloc% $ection will loo% $omething li%e the one $hown below)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 8/11
>
12!4
B#JM111121!141B
htt' ? include /etc/nginx/mime)ty'e$@defaultIty'e a''lication/octet"$tream@
acce$$Ilog o7@%ee'ali&eItimeout #B@gi' on@ gi'IminIlength 2B#@ gi'Icom'Ile&el !@ gi'Ity'e$ text/'lain text/c$$ a''lication/($on a''lication/x"(a&a$cri't text/xml a''lication/xml a''l A
+nother a$'ect of nginx that can $ub$tantially im'ro&e 'erformance i$ to enable caching
for metadata) Plea$e note the fact that thi$ doe$ not enable caching for the content, but
it$ caching for metadata) Thi$ feature of nginx *which i$ again 'art of the htt' bloc%
$ection, i$ called a$ Open_le_cache) The 0r$t thing to do i$ to enable it)
>
1 o'enI0leIcache maxQ1 inacti&eQ!$@
Plea$e note the fact that there i$ no ON $witch for thi$, but there i$ an o7 $witch) -efore
we under$tand the abo&e con0guration 'arameter, let$ $ee what are the content$ that
will be cached with thi$)
• 5'en 9ile Oe$cri'tor$
• 9ile Oe$cri'tor modi0cation time, their $ie etc)
•
8rror $tatu$ li%e no 'ermi$$ion, no 0le etc
The 0r$t 'arameter, max=10000 tell$ nginx web $er&er to only cache thi$ many number
of entrie$) 5ld inacti&e entrie$ are automatically Ku$hed out) Plea$e note the fact that
the inactive $witch tell$ the time after which a cache entry will be remo&ed if inacti&e)
5ther o'enI0leIcache o'tion$ that need$ to be con0gured are mentioned below)
1) Ralidity of a cache entry *open_le_cache_valid)
2) inimum number of time$ the cache entry ha$ to be acce$$ed before
the inactive number of $econd$, $o that it $tay$ in cache
*open_le_cache_min_uses
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 9/11
!) ache error$ while $earching a 0le *open_le_cache_eos
So our o'en 0le cache con0guration will loo% $omething li%e the below)
>
12!4
o'enI0leIcache maxQ1 inacti&eQ!$@o'enI0leIcacheI&alid #$@o'enI0leIcacheIminIu$e$ 2@o'enI0leIcacheIerror$ on@
.f you ha&e a &ery high tra<c web $ite with nginx, $etting the abo&e o'en 0le cache
'arameter$ 'ro'erly can really boo$t the 'erformance)
+lthough we did $ee the %ee' ali&e $tu7 in nginx, there are yet few more 'arameter$ that
i$ &ery hel'ful in $'eci0ng the number of connection$ to be %e't ali&e from a client) +l$o
we ha&e few more o'tion$ to clo$e connection$ when the client doe$ not re$'ond)
The 0r$t one i$ to limit the total number of re3ue$t$ that can be $er&ed through a %ee'
ali&e connection) The default &alue if not mentioned i$ 1 *which mean$ a client can
ma%e 1 $ucce$$full re3ue$t in$ide one %ee' ali&e connection)) 8&en that i$ too high for
one client, if you want you can increa$e thi$ &alue to $omething li%e 2 or $omething) Thi$ can be done a$ $hown below)
>
1 %ee'ali&eIre3ue$t$ 2@
ee'ing connection$ o'en for a client which i$ not re$'onding i$ not a good idea, it$
alway$ better to clo$e that connection and free u' memory a$$ociated with it) Thi$ can
be done a$ $hown below)
>
1 re$etItimedoutIconnection on@
+nother nice o'tion that need$ to enabled for fa$ter tc' data tran$fer i$ $end0le) There i$
an excellent article from techre'ublic, that ex'lain$ the entire $tu7 in detail)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 10/11
Read: hat i$ $end0le* and how i$ it u$eful
Thi$ o'tion can be enabled in nginx a$ $hown below)
>
12
$end0le on@tc'Ino'u$h on@
tcp_nopush o'tion will ma%e nginx to $end all header 0le$ in a $ingle 'ac%et rather than
$e'erate 'ac%et$)
So our 0nal nginx)conf 0le will loo% $omething li%e the below $hown one)
>
12!4B#
JM111121!141B1#1J11M
221222!242B
wor%erI'roce$$e$ auto@wor%erIrlimitIno0le 1@e&ent$ ? u$e e'oll@ wor%erIconnection$ 124@ multiIacce't on
Ahtt' ? include /etc/nginx/mime)ty'e$@ defaultIty'e a''lication/octet"$tream@ acce$$Ilog o7@ %ee'ali&eItimeout #B@ %ee'ali&eIre3ue$t$ 2@ re$etItimedoutIconnection on@ $end0le on@ tc'Ino'u$h on@ gi' on@ gi'IminIlength 2B#@ gi'Icom'Ile&el !@
gi'Ity'e$ text/'lain text/c$$ a''lication/($on a''lication/x"(a&a$cri't text/xml a''lication/xml a o'enI0leIcache maxQ1 inacti&eQ!$@ o'enI0leIcacheI&alid #$@ o'enI0leIcacheIminIu$e$ 2@ o'enI0leIcacheIerror$ on@A
5nce you ha&e con0gured the re3uired change$ to im'ro&e the $'eed, i would $ugge$t to
do a web $er&er 'erformance te$t, with +- tool or any other tool to con0rm it$ $er&ingthe 'ur'o$e)
8/9/2019 Nginx Performance Tuning
http://slidepdf.com/reader/full/nginx-performance-tuning 11/11
Read: How to do web $er&er 'erformance te$t
Plea$e let me %now if thi$ article wa$ hel'ful) There are more number of o'tion$ in nginx,
i will $urely u'date thi$ article from time to time, a$ i 0nd or learn $omething new about
thi$) +l$o 'lea$e do not forget to 'oint out any wrong or incorrect information if any i$
're$ent in thi$ article through comment$ *a$ thi$ will hel' u$ a$ well a$ our reader$