Upgrade to Pro — share decks privately, control downloads, hide ads and more …

NGINX Installation and Tuning

NGINX Inc
April 30, 2014
Technology
5
4k

NGINX Installation and Tuning

For the recorded webinar, visit nginx.com/webinars.

You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.

NGINX Inc

April 30, 2014
Tweet

More Decks by NGINX Inc

See All by NGINX Inc
What's New in NGINX Plus R7?
nginx
1
110
Delivering High-Availability Web Services with NGINX Plus on AWS
nginx
0
300
Software Load Balancing
nginx
4
1k
Supercharge Application Delivery
nginx
2
260
Five things you didn't know NGINX could do
nginx
5
890
Benchmarking with NGINX
nginx
4
360
Video streaming with NGINX
nginx
2
560
Content Caching with NGINX
nginx
2
550
NGINX for API Developers
nginx
0
150

Other Decks in Technology

See All in Technology
20230929_SRE_NEXT_エラーバジェット運用までの取り組み-信頼性の低下に対するアクションを定義しよう / Let's define actions against unreliability
gonkun
1
520
【IoT-Tech Meetup #5】WireGuardを動かす環境やハードウェア紹介
soracom
PRO
0
150
2023-09-05_OCIJP_まれによくあるマルチクラウドでDB-AP分離構成のこと
hk_shino
2
220
DMM.com プラットフォーム事業本部 採用案内資料 /PF Business Division Recruitment
pf_businessdivision
0
150
Runbookに何を書き、どのようにアラートを振り分けるか?
egmc
0
480
Warningアラートを放置しない!アラート駆動でログやメトリックを自動収集する仕組みによる恩恵
mashiike
2
250
SLOを組織文化にするための挑戦
yukin01
0
130
テスト駆動開発でダイエットに挑戦して失敗した話
terahide
0
260
スタートアップのためのアジャイルプラクティス -論文100本ノック- #xpjug / Agile Practice for Startup - Papers -
kyonmm
PRO
0
500
信頼性目標とシステムアーキテクチャー / Reliability Objective and System Architecture
ymotongpoo
2
520
セキュアエレメントによるWireGuardのセキュリティ強化
kmwebnet
0
140
ログから学ぶgo build
nasa_desu
2
380

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
A designer walks into a library…
pauljervisheath
199
17k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Atom: Resistance is Futile
akmur
257
24k
Making Projects Easy
brettharned
104
5.1k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
How to train your dragon (web standard)
notwaldorf
70
4.7k
Statistics for Hackers
jakevdp
787
210k
Bash Introduction
62gerente
603
210k
Automating Front-end Workflow
addyosmani
1354
200k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
880

Transcript

  1. NGINX Installation and
    Tuning
    Introduced by Andrew Alexeev
    Presented by Owen Garrett
    Nginx, Inc.

    View Slide

  2. About this webinar
    You’re  ready  to  make  your  applica2ons  more  responsive,  scalable,  fast  and  
    secure.  Then  it’s  2me  to  get  started  with  NGINX.  In  this  webinar,  you  will  
    learn  how  to  install  NGINX  from  a  package  or  from  source  onto  a  Linux  
    host.  We’ll  then  look  at  some  common  opera2ng  system  tunings  you  could  
    make  to  ensure  your  NGINX  install  is  ready  for  prime  2me.  

    View Slide

  3. Agenda  
    •  Installing  NGINX  
    –  Installa2on  source,  NGINX  features  
    •  Tuning  NGINX  
    –  Opera2ng  System  tuning  
    –  NGINX  soHware  tuning  
    •  Benchmarking  NGINX  
    We’re  covering  a  lot  of  material.  
     
    Please  feel  free  to  take  screenshots  
    and  read  up  a9erwards.  

    View Slide

  4. BEFORE  YOU  INSTALL  NGINX…  

    View Slide

  5. What  can  NGINX  do  for  you?  
    Internet
    N
    Web  Server  
    Serve  content  from  disk  
    Applica2on  Gateway  
    FastCGI,  uWSGI,  Passenger…  
    Proxy  
    Caching,  Load  Balancing…  
    HTTP  traffic  
    þ Applica2on  Accelera2on  
    þ SSL  and  SPDY  termina2on  
    þ Performance  Monitoring  
    þ High  Availability  
    Advanced  Features:   þ Bandwidth  Management  
    þ Content-­‐based  Rou2ng  
    þ Request  Manipula2on  
    þ Response  Rewri2ng  
    þ Authen2ca2on  
    þ Video  Delivery  
    þ Mail  Proxy  
    þ GeoLoca2on  

    View Slide

  6. Deployment  Plan  
    Determine  the  func2onality  you’ll  need  
    from  NGINX:  
     
    •  Authen2ca2on  
    •  Proxy  to  API  gateways  
    •  GZIP  
    •  GeoIP  
    •  etc.  etc.  
    Modules  list  at  nginx.org  

    View Slide

  7. Three  ques2ons  before  installing  NGINX  
    1.  What  func  
    •  Standard  modules  
    •  NGINX  Plus  func2onality  
    •  Op2onal  NGINX  and  third-­‐party  modules  
     
    3.  How  do  you  want  to  install?  
     
    •  “Official”  NGINX  packages  (nginx.org)  
    •  Build  from  Source  
    •  From  Opera2ng  System  repository  
    •  From  Amazon  AWS  Marketplace  
    2.  What  branch  do  you  want  to  track?  
     
    •  Mainline  (1.7)  
    •  Stable  (1.6)  
    •  Something  older?  
    h`p://nginx.com/blog/
    nginx-­‐1-­‐6-­‐1-­‐7-­‐released/    

    View Slide

  8. Recommended  Install  
    1.  Standard  modules  (nginx.org)  or  NGINX  Plus  
    2.  Mainline  (1.7)  
    3.  Install  from  nginx.org  or  nginx-­‐plus  repository  
    nginx.org  builds  do  not  include:  
     
    •  Modules  with  complex  3rd-­‐party  dependencies:  
    •  GeoIP,  Image_Filter,  Perl,  XSLT  
    •  Modules  that  are  part  of  NGINX  Plus  
    •  Third-­‐party  modules  e.g.  Lua,  Phusion  Passenger  
    h`p://nginx.com/products/technical-­‐specs/      

    View Slide

  9. Difference  between  NGINX  and  NGINX  Plus  
    h`p://nginx.com/products/feature-­‐matrix/    
    NGINX  
    •  High-­‐performance,  open  
    source  web  server  and  
    accelera2ng  proxy.  
    •  Community  support  through  
    mailing  lists  on  nginx.org,  
    stackoverflow,  subject  
    experts  etc.  
    NGINX  Plus  
    •  Adds  Enterprise  Load  
    Balancing  and  Applica2on  
    Delivery  features.  
    •  Full  support  and  updates  
    from  NGINX  Inc.,  the  team  
    who  built  and  manage  
    NGINX.  

    View Slide

  10. INSTALLING  NGINX  

    View Slide

  11. Installa2on  process  
    $ wget http://nginx.org/keys/nginx_signing.key!
    $ sudo apt-key add nginx_signing.key!
    !
    # cat > /etc/apt/sources.list.d/nginx.list!
    deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx!
    deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx!
    !
    # apt-get update!
    # apt-cache policy nginx!
    nginx:!
    Installed: (none)!
    Candidate: 1.7.0-1~trusty!
    Version table:!
    1.7.0-1~trusty 0!
    500 http://nginx.org/packages/mainline/ubuntu/ trusty/nginx amd64 Packages!
    1.4.6-1ubuntu3 0!
    500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages!
    h`p://nginx.org/en/linux_packages.html#mainline    

    View Slide

  12. Verify  that  it  is  working  
    # /etc/init.d/nginx status!
    * nginx is running!
    !
    # /usr/sbin/nginx –v!
    nginx version: nginx/1.7.0!

    View Slide

  13. TUNING  NGINX  
    #1:  UNDERSTAND  WHAT’S  HAPPENING  

    View Slide

  14. Common  tools  
    •  vmstat    

    View Slide

  15. Common  tools  
    •  strace  

    View Slide

  16. Other  tools  
    •  tcpdump  /  
    wireshark  
    •  Chrome    
    dev  tools  
    •  System  log  
     (dmesg –c)  

    View Slide

  17. TUNING  NGINX:  
    #2:  TUNING  THE  OPERATING  SYSTEM  

    View Slide

  18. Tuning  the  opera2ng  system  
    •  Basic  tunables:  
    –  Backlog  queue:  limits  number  of  
    pending  connec2ons  
    –  File  descriptors:  limit  number  of  
    ac2ve  connec2ons  
    –  Ephemeral  ports:  limit  number  of  
    upstream  connec2ons  

    View Slide

  19. Configuring  Tunables  -­‐  HOWTO  
    •  /proc:  
    ! !!
    ! !# echo "1" > /proc/sys/net/ipv4/tcp_syncookies!
    !
    •  sysctl.conf:  
    ! !!
    ! !# vi /etc/sysctl.conf!
    !
    ! ! !# Prevent against the common 'syn flood attack'!
    ! ! !net.ipv4.tcp_syncookies = 1!
    ! !!
    ! !# sysctl –p!

    View Slide

  20. The  Backlog  Queue  
    •  What  happens  when  a  connec2on  is  received?  
    –  èSYN  /  çSYNACK  [syn_backlog  queue]  or  syncookie  
    –  èACK  [listen  backlog  queue]  /  NGINX:accept()!
    –  net.ipv4.tcp_max_syn_backlog!
    –  net.ipv4.tcp_syncookies!
    –  net.core.somaxconn!
    •  NGINX: listen backlog=1024!
    –  net.core.netdev_max_backlog !

    View Slide

  21. File  Descriptors  
    •  What  happens  when  a  connec2on  is  processed?  
    File  descriptors  are  the  key  resource  –  es2mate  2  per  connec2on.  
    –  fs.file_max!
    –  /etc/security/limits.conf!
    –  worker_rlimit_nofile 200000;!

    View Slide

  22. Ephemeral  Ports  
    •  What  happens  when  NGINX  proxies  connec2ons?  
    Each  TCP  connec2on  requires  a  unique  4-­‐tuple:  
    [src_ip:src_port, dst_ip:dst_port] !
    Ephemeral  port  range  and  life2me:  
    –  net.ipv4.ip_local_port_range!
    –  net.ipv4.tcp_fin_timeout!

    View Slide

  23. Keep  checking  kernel  messages  
         # dmesg -c!
    ! ! !# tail -f /var/log/kern.log!
     

    View Slide

  24. TUNING  NGINX:  
    #3:  TUNING  THE  SOFTWARE  

    View Slide

  25. Tuning  NGINX  
     
    #1:  You  don’t  need  to  “tune”  very  much  
     
    #2:  Don’t  tune  just  for  a  benchmark  
     
    #3:  Use  our  Prof  Services  team  to  help  

    View Slide

  26. Common  tunings  
    !
    worker_processes auto;  –  set  to  ‘auto’  or  higher!
    worker_connections  –  set  to  less  than  file  descriptor  
    count.  
    accept_mutex:  disable  for  busy  services  

    View Slide

  27. The  proxy  should  use  keepalives  
    Close  TCP  Connec(two-­‐way  handshake)  
    Open  TCP  Connec(three-­‐way  handshake)  
    Write  HTTP  request   Read  HTTP  response  
    Wait  
    (2meout)  
     
    NGINX  or  server  
    closes  the  
    connec2on  
    NGINX  re-­‐uses  connec2on  for  another  request  
    server {!
    listen 80;!
    location / {!
    proxy_pass http://backend;!
    proxy_http_version 1.1;!
    proxy_set_header Connection "";!
    }!
    }!
    !
    upstream backend {!
    server webserver1 max_conns=256;!
    server webserver2 max_conns=256;!
    queue 4096 timeout=15s;!
    !
    # maintain a maximum of 20 idle connections to each upstream server!
    keepalive 20;!
    }!

    View Slide

  28. BENCHMARKING  NGINX  

    View Slide

  29. Why  benchmark  NGINX?  
    1.  To find how fast NGINX can go
    2.  To tune NGINX for your workload
    3.  To find where the bottlenecks are
    4.  All of the above

    View Slide

  30. IN  CONCLUSION…  

    View Slide

  31. In  conclusion:  
    •  Install  from  the  nginx  repo  
    –  NGINX  or  NGINX  Plus  
    •  Basic  tuning  and  configura2on  
    –  dmesg  /  kern.log  
    •  Benchmark  /  stress  test  
    •  NGINX  Professional  Services  and  Training  
    h`p://nginx.com/    

    View Slide

  32. View Slide

  33. h`ps://speakerdeck.com/dctrwatson/c1m-­‐and-­‐nginx    
    h`ps://www.youtube.com/watch?v=yL4Q7D4ynxU    
    h`ps://gist.github.com/dctrwatson/0b3b52050254e273ff11    

    View Slide