nginx installation and tuning
TRANSCRIPT
![Page 1: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/1.jpg)
NGINX Installation and TuningIntroduced by Andrew AlexeevPresented by Owen GarrettNginx, Inc.
![Page 2: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/2.jpg)
About this webinar
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
![Page 3: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/3.jpg)
Agenda• Installing NGINX
– Installation source, NGINX features
• Tuning NGINX– Operating System tuning– NGINX software tuning
• Benchmarking NGINXWe’re covering a lot of material.
Please feel free to take screenshots and read up afterwards.
![Page 4: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/4.jpg)
BEFORE YOU INSTALL NGINX…
![Page 5: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/5.jpg)
What can NGINX do for you?
Internet
N
Web ServerServe content from disk
Application GatewayFastCGI, uWSGI, Passenger…
ProxyCaching, Load Balancing…HTTP traffic
Application AccelerationSSL and SPDY terminationPerformance MonitoringHigh Availability
Advanced Features: Bandwidth ManagementContent-based RoutingRequest ManipulationResponse Rewriting
AuthenticationVideo DeliveryMail ProxyGeoLocation
![Page 6: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/6.jpg)
Deployment PlanDetermine the functionality you’ll need from NGINX:
• Authentication• Proxy to API gateways• GZIP• GeoIP• etc. etc.
Modules list at nginx.org
![Page 7: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/7.jpg)
Three questions before installing NGINX
1. What functionality do you require?
• Standard modules• NGINX Plus functionality• Optional NGINX and third-party modules
3. How do you want to install?
• “Official” NGINX packages (nginx.org)• Build from Source• From Operating System repository• From Amazon AWS Marketplace
2. What branch do you want to track?
• Mainline (1.7)• Stable (1.6)• Something older?
http://nginx.com/blog/nginx-1-6-1-7-released/
![Page 8: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/8.jpg)
Recommended Install1. Standard modules (nginx.org) or NGINX Plus2. Mainline (1.7)3. Install from nginx.org or nginx-plus repository
nginx.org builds do not include:
• Modules with complex 3rd-party dependencies:• GeoIP, Image_Filter, Perl, XSLT
• Modules that are part of NGINX Plus• Third-party modules e.g. Lua, Phusion Passenger
http://nginx.com/products/technical-specs/
![Page 9: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/9.jpg)
Difference between NGINX and NGINX Plus
http://nginx.com/products/feature-matrix/
NGINX
• High-performance, open source web server and accelerating proxy.
• Community support through mailing lists on nginx.org, stackoverflow, subject experts etc.
NGINX Plus
• Adds Enterprise Load Balancing and Application Delivery features.
• Full support and updates from NGINX Inc., the team who built and manage NGINX.
![Page 10: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/10.jpg)
INSTALLING NGINX
![Page 11: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/11.jpg)
Installation process$ wget http://nginx.org/keys/nginx_signing.key$ sudo apt-key add nginx_signing.key
# cat > /etc/apt/sources.list.d/nginx.listdeb http://nginx.org/packages/mainline/ubuntu/ trusty nginxdeb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
# apt-get update# apt-cache policy nginxnginx: Installed: (none) Candidate: 1.7.0-1~trusty Version table: 1.7.0-1~trusty 0 500 http://nginx.org/packages/mainline/ubuntu/ trusty/nginx amd64 Packages 1.4.6-1ubuntu3 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
http://nginx.org/en/linux_packages.html#mainline
![Page 12: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/12.jpg)
Verify that it is working
# /etc/init.d/nginx status * nginx is running
# /usr/sbin/nginx –vnginx version: nginx/1.7.0
![Page 13: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/13.jpg)
TUNING NGINX#1: UNDERSTAND WHAT’S HAPPENING
![Page 14: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/14.jpg)
Common tools• vmstat
![Page 15: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/15.jpg)
Common tools• strace
![Page 16: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/16.jpg)
Other tools• tcpdump /
wireshark• Chrome
dev tools• System log
(dmesg –c)
![Page 17: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/17.jpg)
TUNING NGINX:#2: TUNING THE OPERATING SYSTEM
![Page 18: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/18.jpg)
Tuning the operating system• Basic tunables:
– Backlog queue: limits number of pending connections
– File descriptors: limit number of active connections
– Ephemeral ports: limit number of upstream connections
![Page 19: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/19.jpg)
Configuring Tunables - HOWTO• /proc:
# echo "1" > /proc/sys/net/ipv4/tcp_syncookies
• sysctl.conf:
# vi /etc/sysctl.conf
# Prevent against the common 'syn flood attack'net.ipv4.tcp_syncookies = 1
# sysctl –p
![Page 20: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/20.jpg)
The Backlog Queue• What happens when a connection is received?
– SYN / SYNACK [syn_backlog queue] or syncookie– ACK [listen backlog queue] / NGINX:accept()
– net.ipv4.tcp_max_syn_backlog– net.ipv4.tcp_syncookies
– net.core.somaxconn• NGINX: listen backlog=1024
– net.core.netdev_max_backlog
![Page 21: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/21.jpg)
File Descriptors• What happens when a connection is processed?
File descriptors are the key resource – estimate 2 per connection.
– fs.file_max
– /etc/security/limits.conf
– worker_rlimit_nofile 200000;
![Page 22: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/22.jpg)
Ephemeral Ports• What happens when NGINX proxies connections?
Each TCP connection requires a unique 4-tuple:[src_ip:src_port, dst_ip:dst_port]
Ephemeral port range and lifetime:– net.ipv4.ip_local_port_range– net.ipv4.tcp_fin_timeout
![Page 23: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/23.jpg)
Keep checking kernel messages
# dmesg -c
# tail -f /var/log/kern.log
![Page 24: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/24.jpg)
TUNING NGINX:#3: TUNING THE SOFTWARE
![Page 25: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/25.jpg)
Tuning NGINX
#1: You don’t need to “tune” very much
#2: Don’t tune just for a benchmark
#3: Use our Prof Services team to help
![Page 26: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/26.jpg)
Common tunings
worker_processes auto; – set to ‘auto’ or higherworker_connections – set to less than file descriptor count.accept_mutex: disable for busy services
![Page 27: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/27.jpg)
The proxy should use keepalives
Close TCP Connection(two-way handshake)
Open TCP Connection(three-way handshake) Write HTTP request Read HTTP response
Wait(timeout)
NGINX or server closes the connection
NGINX re-uses connection for another requestserver { listen 80; location / { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Connection ""; }}
upstream backend { server webserver1 max_conns=256; server webserver2 max_conns=256; queue 4096 timeout=15s;
# maintain a maximum of 20 idle connections to each upstream server keepalive 20;}
![Page 28: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/28.jpg)
BENCHMARKING NGINX
![Page 29: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/29.jpg)
Why benchmark NGINX?
1. To find how fast NGINX can go
2. To tune NGINX for your workload
3. To find where the bottlenecks are
4. All of the above
![Page 30: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/30.jpg)
IN CONCLUSION…
![Page 31: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/31.jpg)
In conclusion:• Install from the nginx repo
– NGINX or NGINX Plus
• Basic tuning and configuration– dmesg / kern.log
• Benchmark / stress test
• NGINX Professional Services and Training
http://nginx.com/
![Page 32: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/32.jpg)
![Page 33: NGINX Installation and Tuning](https://reader034.vdocument.in/reader034/viewer/2022052401/55d584e1bb61ebc34b8b45ce/html5/thumbnails/33.jpg)
https://speakerdeck.com/dctrwatson/c1m-and-nginx
https://www.youtube.com/watch?v=yL4Q7D4ynxU
https://gist.github.com/dctrwatson/0b3b52050254e273ff11