Embed Size (px)
Citation preview
NGINX Installation and TuningIntroduced by Andrew AlexeevPresented by Owen GarrettNginx, Inc.
About this webinar
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
Agenda• Installing NGINX
– Installation source, NGINX features
• Tuning NGINX– Operating System tuning– NGINX software tuning
• Benchmarking NGINXWe’re covering a lot of material.
Please feel free to take screenshots and read up afterwards.
BEFORE YOU INSTALL NGINX…
What can NGINX do for you?
Internet
N
Web ServerServe content from disk
Application GatewayFastCGI, uWSGI, Passenger…
ProxyCaching, Load Balancing…HTTP traffic
Application AccelerationSSL and SPDY terminationPerformance MonitoringHigh Availability
Advanced Features: Bandwidth ManagementContent-based RoutingRequest ManipulationResponse Rewriting
AuthenticationVideo DeliveryMail ProxyGeoLocation
Deployment PlanDetermine the functionality you’ll need from NGINX:
• Authentication• Proxy to API gateways• GZIP• GeoIP• etc. etc.
Modules list at nginx.org
Three questions before installing NGINX
1. What functionality do you require?
• Standard modules• NGINX Plus functionality• Optional NGINX and third-party modules
3. How do you want to install?
• “Official” NGINX packages (nginx.org)• Build from Source• From Operating System repository• From Amazon AWS Marketplace
2. What branch do you want to track?
• Mainline (1.7)• Stable (1.6)• Something older?
http://nginx.com/blog/nginx-1-6-1-7-released/
Recommended Install1. Standard modules (nginx.org) or NGINX Plus2. Mainline (1.7)3. Install from nginx.org or nginx-plus repository
nginx.org builds do not include:
• Modules with complex 3rd-party dependencies:• GeoIP, Image_Filter, Perl, XSLT
• Modules that are part of NGINX Plus• Third-party modules e.g. Lua, Phusion Passenger
http://nginx.com/products/technical-specs/
Difference between NGINX and NGINX Plus
http://nginx.com/products/feature-matrix/
NGINX
• High-performance, open source web server and accelerating proxy.
• Community support through mailing lists on nginx.org, stackoverflow, subject experts etc.
NGINX Plus
• Adds Enterprise Load Balancing and Application Delivery features.
• Full support and updates from NGINX Inc., the team who built and manage NGINX.
INSTALLING NGINX
Installation process$ wget http://nginx.org/keys/nginx_signing.key$ sudo apt-key add nginx_signing.key
# cat > /etc/apt/sources.list.d/nginx.listdeb http://nginx.org/packages/mainline/ubuntu/ trusty nginxdeb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
# apt-get update# apt-cache policy nginxnginx: Installed: (none) Candidate: 1.7.0-1~trusty Version table: 1.7.0-1~trusty 0 500 http://nginx.org/packages/mainline/ubuntu/ trusty/nginx amd64 Packages 1.4.6-1ubuntu3 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
http://nginx.org/en/linux_packages.html#mainline
Verify that it is working
# /etc/init.d/nginx status * nginx is running
# /usr/sbin/nginx –vnginx version: nginx/1.7.0
TUNING NGINX#1: UNDERSTAND WHAT’S HAPPENING
Common tools• vmstat
Common tools• strace
Other tools• tcpdump /
wireshark• Chrome
dev tools• System log
(dmesg –c)
TUNING NGINX:#2: TUNING THE OPERATING SYSTEM
Tuning the operating system• Basic tunables:
– Backlog queue: limits number of pending connections
– File descriptors: limit number of active connections
– Ephemeral ports: limit number of upstream connections
Configuring Tunables - HOWTO• /proc:
# echo "1" > /proc/sys/net/ipv4/tcp_syncookies
• sysctl.conf:
# vi /etc/sysctl.conf
# Prevent against the common 'syn flood attack'net.ipv4.tcp_syncookies = 1
# sysctl –p
The Backlog Queue• What happens when a connection is received?
– SYN / SYNACK [syn_backlog queue] or syncookie– ACK [listen backlog queue] / NGINX:accept()
– net.ipv4.tcp_max_syn_backlog– net.ipv4.tcp_syncookies
– net.core.somaxconn• NGINX: listen backlog=1024
– net.core.netdev_max_backlog
File Descriptors• What happens when a connection is processed?
File descriptors are the key resource – estimate 2 per connection.
– fs.file_max
– /etc/security/limits.conf
– worker_rlimit_nofile 200000;
Ephemeral Ports• What happens when NGINX proxies connections?
Each TCP connection requires a unique 4-tuple:[src_ip:src_port, dst_ip:dst_port]
Ephemeral port range and lifetime:– net.ipv4.ip_local_port_range– net.ipv4.tcp_fin_timeout
Keep checking kernel messages
# dmesg -c
# tail -f /var/log/kern.log
TUNING NGINX:#3: TUNING THE SOFTWARE
Tuning NGINX
#1: You don’t need to “tune” very much
#2: Don’t tune just for a benchmark
#3: Use our Prof Services team to help
Common tunings
worker_processes auto; – set to ‘auto’ or higherworker_connections – set to less than file descriptor count.accept_mutex: disable for busy services
The proxy should use keepalives
Close TCP Connection(two-way handshake)
Open TCP Connection(three-way handshake) Write HTTP request Read HTTP response
Wait(timeout)
NGINX or server closes the connection
NGINX re-uses connection for another requestserver { listen 80; location / { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Connection ""; }}
upstream backend { server webserver1 max_conns=256; server webserver2 max_conns=256; queue 4096 timeout=15s;
# maintain a maximum of 20 idle connections to each upstream server keepalive 20;}
BENCHMARKING NGINX
Why benchmark NGINX?
1. To find how fast NGINX can go
2. To tune NGINX for your workload
3. To find where the bottlenecks are
4. All of the above
IN CONCLUSION…
In conclusion:• Install from the nginx repo
– NGINX or NGINX Plus
• Basic tuning and configuration– dmesg / kern.log
• Benchmark / stress test
• NGINX Professional Services and Training
http://nginx.com/
https://speakerdeck.com/dctrwatson/c1m-and-nginx
https://www.youtube.com/watch?v=yL4Q7D4ynxU
https://gist.github.com/dctrwatson/0b3b52050254e273ff11
