@@ -324,46 +324,70 @@ Resources:
324324
325325 user nginx;
326326 worker_processes auto;
327- error_log /var/log/nginx/error.log notice;
327+
328+ # number of file descriptors used for nginx
329+ # the limit for the maximum FDs on the server is usually set by the OS.
330+ # if you don't set FD's then OS settings will be used which is by default 2000
331+ worker_rlimit_nofile 100000;
332+
333+ # only log critical errors
334+ error_log /var/log/nginx/error.log crit;
328335 pid /run/nginx.pid;
329336 ssl_engine pkcs11;
330337
331338 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
332339 include /usr/share/nginx/modules/*.conf;
333340
334341 events {
335- worker_connections 1024;
342+ # determines how much clients will be served per worker
343+ # max clients = worker_connections * worker_processes
344+ # max clients is also limited by the number of socket connections available on the system (~64k)
345+ worker_connections 4000;
346+
347+ # optimized to serve many clients with each thread, essential for linux -- for testing environment
348+ use epoll;
349+
350+ # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
351+ multi_accept on;
336352 }
337353
338354 http {
339- log_format json_combined escape=json
340- '{'
341- '"time":"$time_iso8601",'
342- '"process":"$pid",'
343- '"filename":"$request_filename",'
344- '"remoteIP":"$remote_addr",'
345- '"method":"$request_method",'
346- '"request":"$request_uri",'
347- '"status":"$status",'
348- '"responseTime":"$request_time",'
349- '"referer":"$http_referer",'
350- '"userAgent":"$http_user_agent",'
351- '"bytesSent":"$bytes_sent",'
352- '"bytesReceived":"$request_length",'
353- '"host":"$host",'
354- '"connection_requests":"$connection_requests",'
355- '"connection_active":"$connections_active",'
356- '"connection_read":"$connections_reading",'
357- '"connection_write":"$connections_writing",'
358- '"connection_wait":"$connections_waiting"'
359- '}';
360-
361- access_log /var/log/nginx/access.log json_combined;
355+ # cache informations about FDs, frequently accessed files
356+ # can boost performance, but you need to test those values
357+ open_file_cache max=200000 inactive=20s;
358+ open_file_cache_valid 30s;
359+ open_file_cache_min_uses 2;
360+ open_file_cache_errors on;
361+
362+ # to boost I/O on HDD we can disable access logs
363+ access_log off;
364+
362365 charset utf-8;
363366
364- sendfile on;
365- tcp_nopush on;
366- keepalive_timeout 65;
367+ # copies data between one FD and other from within the kernel
368+ # faster than read() + write()
369+ sendfile on;
370+
371+ # send headers in one piece, it is better than sending them one by one
372+ tcp_nopush on;
373+
374+ # don't buffer data sent, good for small data bursts in real time
375+ # https://brooker.co.za/blog/2024/05/09/nagle.html
376+ # https://news.ycombinator.com/item?id=10608356
377+ tcp_nodelay on;
378+
379+ # allow the server to close connection on non responding client, this will free up memory
380+ reset_timedout_connection on;
381+
382+ # request timed out -- default 60
383+ client_body_timeout 10;
384+
385+ # if client stop responding, free up memory -- default 60
386+ send_timeout 2;
387+
388+ # server will close connection after this time -- default 75
389+ keepalive_timeout 30;
390+
367391 types_hash_max_size 4096;
368392
369393 include /etc/nginx/mime.types;
@@ -374,6 +398,8 @@ Resources:
374398 # for more information.
375399 include /etc/nginx/conf.d/*.conf;
376400
401+ server_tokens off;
402+
377403 server {
378404 listen 443 ssl;
379405 http2 on;
@@ -393,6 +419,7 @@ Resources:
393419 proxy_set_header X-Forwarded-Proto https;
394420 proxy_set_header X-Forwarded-Port 443;
395421 proxy_set_header Proxy "";
422+ proxy_set_header Connection "";
396423
397424 proxy_pass http://127.0.0.1:8080;
398425 proxy_buffering on;
0 commit comments