From b467f0b33c2cb38e08da210acb7392ada4e3d48e Mon Sep 17 00:00:00 2001 From: Zsolt Ero Date: Wed, 20 Dec 2023 04:29:25 +0100 Subject: [PATCH] work --- config/nginx/nginx.conf | 28 ++++----- config/sysctl/60-ofm.conf | 1 - .../ideas-filesystems.txt | 0 kernel-ideas.txt => docs/kernel-ideas.txt | 17 ++++-- docs/nginx-ideas.txt | 43 +++++++++++++ nginx-ideas.txt | 61 ------------------- 6 files changed, 65 insertions(+), 85 deletions(-) rename ideas-filesystems.txt => docs/ideas-filesystems.txt (100%) rename kernel-ideas.txt => docs/kernel-ideas.txt (90%) create mode 100644 docs/nginx-ideas.txt delete mode 100644 nginx-ideas.txt diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf index f28f9d2..9df3f8c 100644 --- a/config/nginx/nginx.conf +++ b/config/nginx/nginx.conf @@ -2,21 +2,22 @@ user nginx; pid /var/run/nginx.pid; -# universal worker_processes auto; -worker_rlimit_nofile 100000; +worker_rlimit_nofile 300000; # needs to be < ulimit -n error_log /data/nginx/logs/nginx-error.log warn; events { - worker_connections 8000; + worker_connections 40000; + multi_accept on; } http { - open_file_cache max=200000 inactive=20s; - open_file_cache_valid 30s; - open_file_cache_min_uses 2; + # aggressive caching for read-only sources + open_file_cache max=1000000 inactive=60m; + open_file_cache_valid 60m; + open_file_cache_min_uses 1; open_file_cache_errors on; server_tokens off; @@ -28,23 +29,16 @@ http { sendfile on; tcp_nopush on; + tcp_nodelay on; reset_timedout_connection on; - client_body_timeout 10; - send_timeout 2; - keepalive_timeout 30; - keepalive_requests 100000; + send_timeout 20; max_ranges 0; gzip on; gzip_comp_level 1; - gzip_min_length 256; - gzip_proxied any; - gzip_vary on; - - gzip_types - text/plain; + gzip_types application/json; log_format access_json '{' '"time": "$time_iso8601", ' @@ -68,7 +62,7 @@ http { '"http_host": "$http_host"' '}'; - access_log /data/nginx/logs/nginx-access.log access_json; + access_log /data/nginx/logs/nginx-access.log access_json buffer=32k; include /data/nginx/config/*; include /data/nginx/sites/*; diff --git a/config/sysctl/60-ofm.conf b/config/sysctl/60-ofm.conf index a2d46f9..6bc7203 100644 --- a/config/sysctl/60-ofm.conf +++ b/config/sysctl/60-ofm.conf @@ -1,4 +1,3 @@ vm.swappiness = 1 net.core.somaxconn = 65535 -fs.file-max = 100000 diff --git a/ideas-filesystems.txt b/docs/ideas-filesystems.txt similarity index 100% rename from ideas-filesystems.txt rename to docs/ideas-filesystems.txt diff --git a/kernel-ideas.txt b/docs/kernel-ideas.txt similarity index 90% rename from kernel-ideas.txt rename to docs/kernel-ideas.txt index a32a98e..1b42d85 100644 --- a/kernel-ideas.txt +++ b/docs/kernel-ideas.txt @@ -1,11 +1,15 @@ -tcp_tw_reuse -tcp_fin_timeout -tcp_max_syn_backlog -TCP max buffer size - -Disable Swapping +# not using fs.file-max # not needed, recent Ubuntu has it on high by default + + +# not tested + +tcp_fin_timeout +TCP max buffer size + + + net.core.netdev_max_backlog = 262144 net.core.rmem_max = 16777216 net.core.somaxconn = 262144 @@ -19,3 +23,4 @@ net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_wmem = 4096 65536 16777216 + diff --git a/docs/nginx-ideas.txt b/docs/nginx-ideas.txt new file mode 100644 index 0000000..a88ccf9 --- /dev/null +++ b/docs/nginx-ideas.txt @@ -0,0 +1,43 @@ +# ideas https://calomel.org/nginx.html +# https://www.nginx.com/blog/tuning-nginx/ +# https://github.com/denji/nginx-tuning + + +# not using + +sendfile_max_chunk 512k; # no need for small files +keepalive_requests # default seems reasonable +keepalive_timeout # default seems reasonable + +gzip_vary on; # no need probably +gzip_min_length 10240; # only one file +gzip_proxied any; # no proxying + +types_hash_max_size 2048; # default should be good for the default set + + +# not tested + +client_body_buffer_size 128k; +client_max_body_size 128k; +client_header_buffer_size 1k; +large_client_header_buffers 2 1k; + + + + +# SSL optimizations +SSL Session Cache +SSL OCSP Stapling +ssl_session_cache shared:SSL:10m; +ssl_session_timeout 10m; +ssl_prefer_server_ciphers on; + +client_header_timeout 12; # default is 60 + + +location / { + try_files $uri =404; +} + + diff --git a/nginx-ideas.txt b/nginx-ideas.txt deleted file mode 100644 index c256169..0000000 --- a/nginx-ideas.txt +++ /dev/null @@ -1,61 +0,0 @@ -# ideas https://calomel.org/nginx.html - -open_file_cache -tcp_nodelay - -client_body_buffer_size -client_max_body_size -client_header_buffer_size 1k; -large_client_header_buffers 4 8k; -server_tokens 1k; - -Disable Access Logs -Enable HTTP/2 or HTTP/3 -SSL Session Cache -SSL OCSP Stapling - -keepalive_timeout 65; -types_hash_max_size 2048; - -# SSL optimizations -ssl_session_cache shared:SSL:10m; -ssl_session_timeout 10m; -ssl_prefer_server_ciphers on; - -# Caching -open_file_cache max=10000 inactive=20s; -open_file_cache_valid 30s; -open_file_cache_min_uses 2; -open_file_cache_errors on; - -multi_accept on - - -client_body_timeout 12; -client_header_timeout 12; -send_timeout 10; - - -# gzip -gzip on; -gzip_types text/plain text/css application/javascript application/json image/svg+xml; -gzip_vary on; -gzip_min_length 10240; -gzip_comp_level 5; -gzip_proxied any; - -access_log /var/log/nginx/access.log main buffer=32k; - -# https://www.nginx.com/blog/tuning-nginx/ -net.core.somaxconn - backlog -net.core.netdev_max_backlog - -sys.fs.file-max -nofile - -keepalive_requests -keepalive_timeout -keepalive - - -https://github.com/denji/nginx-tuning