How to Optimize Nginx for High Traffic Websites
Nginx is already one of the fastest web servers available, but default configurations are conservative. To handle thousands of concurrent connections on your Breeze server, you need to tune worker processes, connection limits, buffering, caching, and compression settings for your specific workload.
Worker Process Tuning
Edit the main Nginx configuration:
sudo nano /etc/nginx/nginx.conf# Set workers to match CPU cores
worker_processes auto;
# Increase the maximum number of open files
worker_rlimit_nofile 65535;
events {
# Maximum connections per worker
worker_connections 4096;
# Use the most efficient connection method on Linux
use epoll;
# Accept as many connections as possible at once
multi_accept on;
}Verify your OS file descriptor limits support the configured values:
ulimit -n
# If too low, add to /etc/security/limits.conf:
# www-data soft nofile 65535
# www-data hard nofile 65535HTTP-Level Optimizations
http {
# Enable sendfile for efficient file serving
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# Keepalive settings
keepalive_timeout 30;
keepalive_requests 1000;
# Reduce timeouts for slow clients
client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;
# Buffer sizes
client_body_buffer_size 16k;
client_header_buffer_size 1k;
client_max_body_size 50m;
large_client_header_buffers 4 8k;
# Hide server version
server_tokens off;
}Gzip Compression
Compress responses to reduce bandwidth usage and improve page load times:
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 4;
gzip_min_length 256;
gzip_types
text/plain
text/css
text/javascript
application/javascript
application/json
application/xml
application/xml+rss
image/svg+xml
font/woff2;Static File Caching
Tell browsers to cache static assets aggressively:
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~* \.(css|js)$ {
expires 7d;
add_header Cache-Control "public";
access_log off;
}
location ~* \.(woff|woff2|ttf|otf|eot)$ {
expires 365d;
add_header Cache-Control "public, immutable";
access_log off;
}FastCGI Caching for PHP
Cache dynamic PHP responses to avoid hitting the backend on every request:
# Define the cache zone in the http block
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=phpcache:100m inactive=60m max_size=1g;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# In your server block
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_cache phpcache;
fastcgi_cache_valid 200 10m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_bypass $cookie_sessionid;
fastcgi_no_cache $cookie_sessionid;
add_header X-Cache-Status $upstream_cache_status;
}Rate Limiting
Protect your server from abuse without blocking legitimate traffic:
# Define rate limit zones in the http block
limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Apply in location blocks
location / {
limit_req zone=general burst=20 nodelay;
}
location /login {
limit_req zone=login burst=3 nodelay;
}Open File Cache
Cache file metadata to reduce disk I/O:
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;Testing and Benchmarking
After applying optimizations, validate and benchmark:
# Test configuration
sudo nginx -t
# Reload
sudo systemctl reload nginx
# Benchmark with wrk
wrk -t4 -c400 -d30s https://yourdomain.com/
# Monitor connections in real time
watch -n1 'ss -s'Summary Checklist
- Worker processes set to
autoand connections to 4096+ - Sendfile, tcp_nopush, and tcp_nodelay enabled
- Gzip compression for text-based content types
- Browser caching headers for static assets
- FastCGI caching for dynamic content
- Rate limiting to prevent abuse
- Open file cache for reduced disk I/O