Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

nginx for Fun and Performance

nginx for Fun and Performance

CodeMotion Rome 2015 slides on features and performance characteristics of nginx.

Philipp Krenn

March 28, 2015
Tweet

More Decks by Philipp Krenn

Other Decks in Programming

Transcript

  1. there's this russian server nginx. all the porn sites use

    it. it must be decent. — Jonathan VanascoJV JV http://www.destructuring.net/2006/10/09/nginx/
  2. Apache THREAD / PROCESS-ORIENTED SPAWN A PROCESS FOR EACH CONNECTION

    (1MB+ RAM) APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM USAGE
  3. Problem 200KB RESPONSE MILLISECONDS TO GENERATE OR RETRIEVE 10S TO

    TRANSMIT AT 160KBPS (20KB/S) 1000 CONNECTIONS !
  4. Event-driven SINGLE NONBLOCKING THREAD ONE PROCESS PER CORE — NODE.JS,

    REDIS,... STABLE MEMORY USAGE, NO CONTEXT SWITCHES
  5. Event-driven 1. Receive request 2. Trigger events in a process

    3. Process handles events and returns output http://en.wikipedia.org/wiki/Reactor_pattern
  6. !

  7. # Better Perfect Forward Secrecy, generate: openssl dhparam 2048 ssl_dhparam

    /path/to/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256: kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA: ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256: DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES: CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK: !aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on;
  8. # HSTS: 15768000 seconds = 6 months add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling resolver 8.8.8.8 8.8.4.4; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; .... }
  9. upstream backend_hosts { server host0.example.com; server host1.example.com; server 10.10.10.10; }

    server { listen 80; server_name example.com; location / { proxy_pass http://backend_hosts; } }
  10. location / { proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header

    X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend_hosts; }
  11. http { split_clients "${remote_addr}" $designtest { 10% ".first"; 10% ".second";

    * ""; } server { listen 80; server_name example.com; index index${designtest}.html; } }
  12. ServerDensity HTTPS://BLOG.SERVERDENSITY.COM/MONITOR-NGINX/ SAAS: PARSES OUTPUT FOR GRAPHS AND ALERTS REQUIRES

    RECOMPILE WITH HTTP://NGINX.ORG/EN/DOCS/HTTP/ NGX_HTTP_STUB_STATUS_MODULE.HTML
  13. !

  14. nginx does those six things, and it does five of

    them 50 times faster than Apache. — Chris LeaCL CL http://maisonbisson.com/post/12249/chris-lea-on-nginx-and-wordpress/
  15. $ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png ... Server Software:

    nginx/1.4.6 Server Hostname: 188.226.151.84 Server Port: 80 Document Path: /codemotion_intro.png Document Length: 2461 bytes Concurrency Level: 10 Time taken for tests: 7.734 seconds Complete requests: 25000 Failed requests: 0 Total transferred: 67575000 bytes HTML transferred: 61525000 bytes Requests per second: 3232.56 [#/sec] (mean) Time per request: 3.094 [ms] (mean) Time per request: 0.309 [ms] (mean, across all concurrent requests) Transfer rate: 8532.82 [Kbytes/sec] received ...
  16. Benchmarking 178.62.213.21 (be patient) Completed 2500 requests Completed 5000 requests

    Completed 7500 requests Completed 10000 requests Completed 12500 requests Completed 15000 requests Completed 17500 requests Completed 20000 requests Completed 22500 requests apr_socket_recv: Connection reset by peer (104) Total of 24847 requests completed
  17. ab -n 2500 -c 10 -l http://188.226.151.84/info.php Concurrency Level: 10

    Time taken for tests: 4.920 seconds Complete requests: 2500 Failed requests: 0 Total transferred: 164667204 bytes HTML transferred: 164252204 bytes Requests per second: 508.18 [#/sec] (mean) Time per request: 19.678 [ms] (mean) Time per request: 1.968 [ms] (mean, across all concurrent requests) Transfer rate: 32687.80 [Kbytes/sec] received
  18. IMAGE CREDIT Rome https://flic.kr/p/j9Lmu Vienna https://flic.kr/p/4enYGH Database https://flic.kr/p/6QVfAK Paper https://flic.kr/p/7Ahvn1

    Engine https://flic.kr/p/hD3SY4 X https://flic.kr/p/9vMs2 Kiss https://flic.kr/p/z8Phh Branches https://flic.kr/p/aDgLJx
  19. Crowd https://flic.kr/p/Wd54U Launch https://flic.kr/p/kjkJ5N License https://flic.kr/p/nxAfZ Release https://flic.kr/p/4rDBEK Lightweight https://flic.kr/p/6h98Li

    Apache https://flic.kr/p/8m9Mf1 Flow https://flic.kr/p/a5A3e1 Simultaneous https://flic.kr/p/easM1t Speed https://flic.kr/p/afEu4o Block https://flic.kr/p/8szrqe Eierlegende Wollmilchsau https://flic.kr/p/GzQTT
  20. Taipei https://flic.kr/p/4hi1jB Terminator https://flic.kr/p/6hDYBK Load https://flic.kr/p/mhuXC5 Balance https://flic.kr/p/bpeZXt Huge https://flic.kr/p/p8tTGE

    Between https://flic.kr/p/cXHXH3 Dynamic https://flic.kr/p/qzpdr9 Two https://flic.kr/p/9Jpzfz Fixed https://flic.kr/p/21CsBV Monitoring https://flic.kr/p/kYQdb Word https://flic.kr/p/913FL2