Nginx性能优化 #
一、性能优化概述 #
1.1 优化方向 #
| 方向 | 说明 |
|---|---|
| 内核参数 | Linux内核网络参数优化 |
| 进程配置 | Worker进程数量和绑定 |
| 连接优化 | 连接数、超时、缓冲 |
| 文件优化 | 文件描述符、缓存 |
| 网络优化 | TCP参数、缓冲区 |
1.2 性能指标 #
- QPS:每秒请求数
- 并发连接数:同时处理的连接数
- 响应时间:请求处理时间
- CPU利用率
- 内存使用
二、内核参数优化 #
2.1 文件描述符 #
编辑 /etc/sysctl.conf:
text
fs.file-max = 1000000
fs.nr_open = 1000000
2.2 TCP参数 #
text
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_max_tw_buckets = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 8192 131072 16777216
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.ip_local_port_range = 1024 65535
2.3 应用配置 #
bash
sysctl -p
2.4 参数说明 #
| 参数 | 说明 |
|---|---|
| somaxconn | 监听队列最大长度 |
| tcp_max_syn_backlog | SYN队列长度 |
| tcp_tw_reuse | 复用TIME_WAIT连接 |
| tcp_fin_timeout | FIN超时时间 |
| tcp_keepalive_time | Keepalive时间 |
| ip_local_port_range | 本地端口范围 |
三、进程配置优化 #
3.1 Worker进程数 #
nginx
worker_processes auto;
设置为auto,Nginx会自动检测CPU核心数。
3.2 CPU亲和性 #
nginx
worker_cpu_affinity auto;
或手动绑定:
nginx
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
3.3 Worker优先级 #
nginx
worker_priority -5;
3.4 Worker限制 #
nginx
worker_rlimit_nofile 65535;
worker_rlimit_sigpending 65535;
四、事件模型优化 #
4.1 事件模型选择 #
nginx
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
}
4.2 参数说明 #
| 参数 | 说明 |
|---|---|
| use | 事件模型(epoll/kqueue) |
| worker_connections | 每个Worker最大连接数 |
| multi_accept | 一次接受多个连接 |
| accept_mutex | 连接互斥锁 |
4.3 accept_mutex说明 #
高并发场景建议关闭accept_mutex:
nginx
accept_mutex off;
五、HTTP优化 #
5.1 基本优化 #
nginx
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 10000;
reset_timedout_connection on;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;
}
5.2 参数说明 #
| 参数 | 说明 |
|---|---|
| sendfile | 零拷贝传输 |
| tcp_nopush | 优化数据包发送 |
| tcp_nodelay | 禁用Nagle算法 |
| keepalive_timeout | 长连接超时 |
| keepalive_requests | 长连接请求数 |
5.3 隐藏版本号 #
nginx
server_tokens off;
5.4 哈希表优化 #
nginx
http {
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
server_names_hash_max_size 512;
}
六、缓冲优化 #
6.1 请求缓冲 #
nginx
http {
client_body_buffer_size 16k;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 4 8k;
}
6.2 响应缓冲 #
nginx
http {
output_buffers 1 32k;
postpone_output 1460;
}
6.3 代理缓冲 #
nginx
http {
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
proxy_temp_path /var/cache/nginx/proxy_temp;
proxy_max_temp_file_size 1024m;
}
6.4 FastCGI缓冲 #
nginx
http {
fastcgi_buffering on;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 32k;
}
七、文件缓存优化 #
7.1 静态文件缓存 #
nginx
http {
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
}
7.2 参数说明 #
| 参数 | 说明 |
|---|---|
| max | 最大缓存文件数 |
| inactive | 不活跃删除时间 |
| valid | 验证间隔 |
| min_uses | 最小使用次数 |
| errors | 缓存错误信息 |
7.3 代理缓存 #
nginx
http {
proxy_cache_path /var/cache/nginx/proxy
levels=1:2
keys_zone=cache:100m
max_size=10g
inactive=60m
use_temp_path=off;
server {
location / {
proxy_cache cache;
proxy_cache_valid 200 1h;
}
}
}
八、连接池优化 #
8.1 upstream连接池 #
nginx
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
keepalive_timeout 60s;
keepalive_requests 1000;
}
server {
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
8.2 参数说明 #
| 参数 | 说明 |
|---|---|
| keepalive | 保持的空闲连接数 |
| keepalive_timeout | 连接超时时间 |
| keepalive_requests | 每个连接最大请求数 |
九、SSL优化 #
9.1 会话缓存 #
nginx
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
}
9.2 OCSP装订 #
nginx
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
9.3 协议优化 #
nginx
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
十、Gzip优化 #
10.1 压缩配置 #
nginx
http {
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 4;
gzip_min_length 1000;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/javascript;
}
10.2 预压缩 #
nginx
location /static/ {
gzip_static on;
}
十一、日志优化 #
11.1 缓冲日志 #
nginx
access_log /var/log/nginx/access.log buffer=32k flush=5s;
11.2 条件日志 #
nginx
map $status $loggable {
~^[23] 0;
default 1;
}
access_log /var/log/nginx/access.log combined if=$loggable;
11.3 关闭不必要的日志 #
nginx
location /health {
access_log off;
return 200 "OK";
}
location /static/ {
access_log off;
}
十二、监控配置 #
12.1 状态监控 #
nginx
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
12.2 监控指标 #
text
Active connections: 10
server accepts handled requests
100 100 200
Reading: 0 Writing: 1 Waiting: 9
| 指标 | 说明 |
|---|---|
| Active connections | 活跃连接数 |
| accepts | 总接受连接数 |
| handled | 总处理连接数 |
| requests | 总请求数 |
| Reading | 读取请求头的连接数 |
| Writing | 响应客户端的连接数 |
| Waiting | 等待请求的连接数 |
十三、性能测试 #
13.1 ab测试 #
bash
ab -n 10000 -c 100 http://localhost/
ab -n 100000 -c 1000 http://localhost/
13.2 wrk测试 #
bash
wrk -t12 -c400 -d30s http://localhost/
13.3 h2load测试 #
bash
h2load -n 10000 -c 100 -m 10 https://localhost/
13.4 压测指标 #
- Requests per second:QPS
- Time per request:平均响应时间
- Transfer rate:传输速率
十四、完整优化配置 #
nginx
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
worker_priority -5;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 10000;
reset_timedout_connection on;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;
client_body_buffer_size 16k;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 4 8k;
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 4;
gzip_min_length 1000;
gzip_types text/plain text/css application/json application/javascript;
access_log /var/log/nginx/access.log buffer=32k flush=5s;
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
}
server {
listen 80 backlog=65535;
server_name example.com;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location /static/ {
alias /var/www/static/;
gzip_static on;
expires 30d;
access_log off;
}
}
}
十五、总结 #
本章我们学习了:
- 内核参数优化:文件描述符、TCP参数
- 进程配置优化:Worker进程数、CPU亲和性
- 事件模型优化:epoll、连接数、互斥锁
- HTTP优化:sendfile、keepalive、超时
- 缓冲优化:请求缓冲、响应缓冲、代理缓冲
- 文件缓存优化:open_file_cache
- 连接池优化:upstream keepalive
- SSL优化:会话缓存、OCSP装订
- 性能测试:ab、wrk、h2load
掌握性能优化后,让我们进入下一章,学习Docker部署!
最后更新:2026-03-27