Slide 1
Slide 1 text
NGINX for FUN
& PERFORMANCE
PHILIPP KRENN @xeraa ecosio
Slide 2
Slide 2 text
Vienna
Slide 3
Slide 3 text
ViennaDB
Papers We Love Vienna
Slide 4
Slide 4 text
Electronic Data Interchange (EDI)
Slide 5
Slide 5 text
nginx
Slide 6
Slide 6 text
there's this russian server nginx. all the
porn sites use it. it must be decent.
— Jonathan VanascoJV
JV http://www.destructuring.net/2006/10/09/nginx/
Slide 7
Slide 7 text
From Subversion to Git
Slide 8
Slide 8 text
Users
WORDPRESS.COM APP
SERVER + LOAD BALANCER
Slide 9
Slide 9 text
Users
STATIC CONTENT GITHUB
Slide 10
Slide 10 text
Users
SSL TERMINATION WIKIPEDIA
Slide 11
Slide 11 text
http://w3techs.com/technologies/cross/
web_server/ranking
Slide 12
Slide 12 text
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html
Slide 13
Slide 13 text
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html
Slide 14
Slide 14 text
Public launch in 2004 by
IGOR SYSOEV
HTTPS://WWW.RAMBLER.RU
Slide 15
Slide 15 text
BSD LICENSED
CROSS-PLATFORM C
Slide 16
Slide 16 text
STABLE 1.6.2 (2014-09-16)
PREVIEW 1.7.11 (2015-03-24)
SUPPORT FROM NGINX INC.
Slide 17
Slide 17 text
nginx is a lightweight event-driven
reverse proxy for web and mail services.
— http://nginx.org
Slide 18
Slide 18 text
Apache
THREAD / PROCESS-ORIENTED
SPAWN A PROCESS FOR EACH CONNECTION (1MB+ RAM)
APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM USAGE
Slide 19
Slide 19 text
Problem
200KB RESPONSE
MILLISECONDS TO GENERATE OR RETRIEVE
10S TO TRANSMIT AT 160KBPS (20KB/S)
1000 CONNECTIONS !
Slide 20
Slide 20 text
it's time for web servers to handle ten
thousand clients simultaneously
— Daniel Kegel
Slide 21
Slide 21 text
C10K challenge
NGINX SOLUTION
EVENT-DRIVEN ARCHITECTURE
Slide 22
Slide 22 text
Event-driven
SINGLE NONBLOCKING THREAD
ONE PROCESS PER CORE — NODE.JS, REDIS,...
STABLE MEMORY USAGE, NO CONTEXT SWITCHES
Slide 23
Slide 23 text
Event-driven
1. Receive request
2. Trigger events in a process
3. Process handles events and returns output
http://en.wikipedia.org/wiki/Reactor_pattern
Slide 24
Slide 24 text
http://www.aosabook.org/en/nginx.html#fig.nginx.arch
Slide 25
Slide 25 text
!
Slide 26
Slide 26 text
EIERLEGENDE
WOLLMILCHSAU
Slide 27
Slide 27 text
"EGG-LAYING
WOOL-MILK-
SOW"
Slide 28
Slide 28 text
101
Things nginx can do
Slide 29
Slide 29 text
000 SSL Termination
Slide 30
Slide 30 text
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Slide 31
Slide 31 text
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
Slide 32
Slide 32 text
# Better Perfect Forward Secrecy, generate: openssl dhparam 2048
ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:
DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:
DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:
AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:
CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:
!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
Slide 33
Slide 33 text
# HSTS: 15768000 seconds = 6 months
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
....
}
Slide 34
Slide 34 text
!
USE
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://www.ssllabs.com/ssltest/
Slide 35
Slide 35 text
001 Load Balancing
Slide 36
Slide 36 text
upstream backend_hosts {
server host0.example.com;
server host1.example.com;
server 10.10.10.10;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_hosts;
}
}
Slide 37
Slide 37 text
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend_hosts;
}
Slide 38
Slide 38 text
UPSTREAM BALANCING ALGORITHM
DEFAULT: ROUND ROBIN
least_conn
ip_hash
hash
Slide 39
Slide 39 text
MOAR FEATURES
COOKIE STICKINESS
WEIGHTING OF NODES
...
Slide 40
Slide 40 text
010 Proxying
Slide 41
Slide 41 text
location / {
proxy_pass http://localhost:8000;
}
Slide 42
Slide 42 text
011 Dynamic Pages
Slide 43
Slide 43 text
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 120;
}
Slide 44
Slide 44 text
100 A/B Testing
Slide 45
Slide 45 text
http {
split_clients "${remote_addr}" $designtest {
10% ".first";
10% ".second";
* "";
}
server {
listen 80;
server_name example.com;
index index${designtest}.html;
}
}
Slide 46
Slide 46 text
101 Client-Side Caching
Slide 47
Slide 47 text
location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|
zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|
ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
access_log off;
expires max;
}
Slide 48
Slide 48 text
BUT WHAT ABOUT
Monitoring?
Slide 49
Slide 49 text
GoAccess
HTTP://GOACCESS.IO
"REAL-TIME WEB LOG
ANALYZER"
Slide 50
Slide 50 text
No content
Slide 51
Slide 51 text
ServerDensity
HTTPS://BLOG.SERVERDENSITY.COM/MONITOR-NGINX/
SAAS: PARSES OUTPUT FOR
GRAPHS AND ALERTS
REQUIRES RECOMPILE WITH HTTP://NGINX.ORG/EN/DOCS/HTTP/
NGX_HTTP_STUB_STATUS_MODULE.HTML
Slide 52
Slide 52 text
Munin
GOOD OLD MUNIN...
HTTP://WWW.NGINXTIPS.COM/NGINX-CONFIGURATION-FOR-MUNIN/
Slide 53
Slide 53 text
No content
Slide 54
Slide 54 text
!
Slide 55
Slide 55 text
Apache is like Microsoft Word, it has a
million options but you only need six.
Slide 56
Slide 56 text
nginx does those six things, and it does
five of them 50 times faster than
Apache.
— Chris LeaCL
CL http://maisonbisson.com/post/12249/chris-lea-on-nginx-and-wordpress/
Slide 57
Slide 57 text
GREAT! BUT...
Slide 58
Slide 58 text
...IT DOESN'T WORK THE
Apache WAY
FOR EXAMPLE .htaccess
Slide 59
Slide 59 text
FOR EVERY REQUEST, CHECK
EVERY DIRECTORY, READ AND
PARSE EVERY FILE
Changes effective immediately
Slide 60
Slide 60 text
http://example.com/assets/Uploads/gallery/image.jpg
Slide 61
Slide 61 text
No content
Slide 62
Slide 62 text
DigitalOcean
512MB RAM, 20GB SSD
UBUNTU 14.04 IN AMS2 + AMS3
Slide 63
Slide 63 text
ApacheBench
$ sudo apt-get install apache2-utils
Slide 64
Slide 64 text
$ ab -n 25000 -c 10 http://example.com
25,000 REQUESTS
CONCURRENCY 10, 50, 250, 1000
Slide 65
Slide 65 text
Vanilla installation
sudo apt-get install apache2
sudo apt-get install nginx
NO TWEAKS
Slide 66
Slide 66 text
BEWARE
Unstable
Slide 67
Slide 67 text
$ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png
...
Server Software: nginx/1.4.6
Server Hostname: 188.226.151.84
Server Port: 80
Document Path: /codemotion_intro.png
Document Length: 2461 bytes
Concurrency Level: 10
Time taken for tests: 7.734 seconds
Complete requests: 25000
Failed requests: 0
Total transferred: 67575000 bytes
HTML transferred: 61525000 bytes
Requests per second: 3232.56 [#/sec] (mean)
Time per request: 3.094 [ms] (mean)
Time per request: 0.309 [ms] (mean, across all concurrent requests)
Transfer rate: 8532.82 [Kbytes/sec] received
...
Slide 68
Slide 68 text
No content
Slide 69
Slide 69 text
Benchmarking 178.62.213.21 (be patient)
Completed 2500 requests
Completed 5000 requests
Completed 7500 requests
Completed 10000 requests
Completed 12500 requests
Completed 15000 requests
Completed 17500 requests
Completed 20000 requests
Completed 22500 requests
apr_socket_recv: Connection reset by peer (104)
Total of 24847 requests completed
Slide 70
Slide 70 text
$ ab -n 25000 -c 10
http://188.226.151.84/assets/Uploads/gallery/codemotion_intro.png
Slide 71
Slide 71 text
No content
Slide 72
Slide 72 text
Add PHP
sudo apt-get install php5-fpm
sudo apt-get install php5 libapache2-mod-php5
Slide 73
Slide 73 text
File
Slide 74
Slide 74 text
ab -n 2500 -c 10 -l http://188.226.151.84/info.php
Concurrency Level: 10
Time taken for tests: 4.920 seconds
Complete requests: 2500
Failed requests: 0
Total transferred: 164667204 bytes
HTML transferred: 164252204 bytes
Requests per second: 508.18 [#/sec] (mean)
Time per request: 19.678 [ms] (mean)
Time per request: 1.968 [ms] (mean, across all concurrent requests)
Transfer rate: 32687.80 [Kbytes/sec] received
Slide 75
Slide 75 text
No content
Slide 76
Slide 76 text
BENCHMARK YOUR PROJECTS
BUILD
BENCHMARK
REPEAT
Slide 77
Slide 77 text
No content
Slide 78
Slide 78 text
Say Apache one
more time...
Slide 79
Slide 79 text
Questions?
NOW OR @XERAA
HTTPS://SPEAKERDECK.COM/XERAA/
Slide 80
Slide 80 text
Feedback
HTTPS://JOIND.IN/14161
HTTPS://JOIND.IN/EVENT/CODEMOTION-ROME-2015
Slide 81
Slide 81 text
IMAGE CREDIT
Rome https://flic.kr/p/j9Lmu
Vienna https://flic.kr/p/4enYGH
Database https://flic.kr/p/6QVfAK
Paper https://flic.kr/p/7Ahvn1
Engine https://flic.kr/p/hD3SY4
X https://flic.kr/p/9vMs2
Kiss https://flic.kr/p/z8Phh
Branches https://flic.kr/p/aDgLJx
Slide 82
Slide 82 text
Crowd https://flic.kr/p/Wd54U
Launch https://flic.kr/p/kjkJ5N
License https://flic.kr/p/nxAfZ
Release https://flic.kr/p/4rDBEK
Lightweight https://flic.kr/p/6h98Li
Apache https://flic.kr/p/8m9Mf1
Flow https://flic.kr/p/a5A3e1
Simultaneous https://flic.kr/p/easM1t
Speed https://flic.kr/p/afEu4o
Block https://flic.kr/p/8szrqe
Eierlegende Wollmilchsau https://flic.kr/p/GzQTT
Slide 83
Slide 83 text
Taipei https://flic.kr/p/4hi1jB
Terminator https://flic.kr/p/6hDYBK
Load https://flic.kr/p/mhuXC5
Balance https://flic.kr/p/bpeZXt
Huge https://flic.kr/p/p8tTGE
Between https://flic.kr/p/cXHXH3
Dynamic https://flic.kr/p/qzpdr9
Two https://flic.kr/p/9Jpzfz
Fixed https://flic.kr/p/21CsBV
Monitoring https://flic.kr/p/kYQdb
Word https://flic.kr/p/913FL2
Slide 84
Slide 84 text
Different https://flic.kr/p/aUwPzp
Access https://flic.kr/p/KA324
Sad https://flic.kr/p/9g5Gg8
Ocean https://flic.kr/p/fQ3pxX
Bench https://flic.kr/p/kbpHr3
Vanilla https://flic.kr/p/b4iChr
PHP https://flic.kr/p/4o1dFf
Test https://flic.kr/p/adiTK3