https://github.com/cynegeirus/nginx

This repository contains a highly optimized NGINX configuration for handling high volumes of concurrent traffic with performance and security in mind. The setup is ideal for web applications, reverse proxies, and services requiring low latency, efficient resource usage, and structured logging.
https://github.com/cynegeirus/nginx

nginx nginx-configuration nginx-module nginx-proxy nginx-reverse-proxy nginx-server performance performance-optimization performance-tuning

Last synced: 5 months ago
JSON representation

This repository contains a highly optimized NGINX configuration for handling high volumes of concurrent traffic with performance and security in mind. The setup is ideal for web applications, reverse proxies, and services requiring low latency, efficient resource usage, and structured logging.

• Host: GitHub
• URL: https://github.com/cynegeirus/nginx
• Owner: cynegeirus
• License: mit
• Created: 2025-04-23T09:25:10.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2025-04-23T09:32:13.000Z (6 months ago)
• Last Synced: 2025-04-23T10:32:16.614Z (6 months ago)
• Topics: nginx, nginx-configuration, nginx-module, nginx-proxy, nginx-reverse-proxy, nginx-server, performance, performance-optimization, performance-tuning
• Homepage:
• Size: 12.7 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# High-Performance NGINX Configuration for Heavy Traffic

This repository contains a highly optimized NGINX configuration for handling high volumes of concurrent traffic with performance and security in mind. The setup is ideal for web applications, reverse proxies, and services requiring low latency, efficient resource usage, and structured logging.

## 💡 Key Features

- **Multi-worker support** for CPU scaling

- **High connection and file limits** to handle thousands of concurrent clients

- **File cache optimizations** for faster static content delivery

- **Custom JSON logging** for integration with modern log analysis systems (e.g., Graylog, ELK)

- **Advanced GZIP compression** with a wide range of MIME types

- **SSL support** including TLS 1.3

- **Keep-alive optimizations** for long-lived client connections

- **Tuned upstream proxy settings** for backend resilience and performance

---

## 📂 Included Files

| File | Description |

|------|-------------|

| `nginx.conf` | Main NGINX configuration file with core HTTP, worker, and performance settings. |

| `proxy.conf` | Dedicated reverse proxy configuration for caching, buffering, and timeout handling. |

| Other files under `conf.d/`, `sites-enabled/`, `modules-enabled/` | Modular configurations for specific sites, virtual hosts, and modules. |

---

## 🔧 Highlights from `nginx.conf`

- **Worker configuration**

  ```nginx

  worker_processes 2;

  worker_connections 2048;

  worker_rlimit_nofile 100000;

  ```

- **Connection handling**

  ```nginx

  use epoll;

  multi_accept on;

  sendfile on;

  tcp_nopush on;

  tcp_nodelay on;

  ```

- **Keepalive and timeout tuning**

  ```nginx

  keepalive_timeout 30;

  keepalive_requests 100000;

  client_body_timeout 10;

  send_timeout 2;

  ```

- **GZIP compression**

  Includes extended MIME types for modern web assets, fonts, images, and office formats.

- **Security**

  ```nginx

  ssl_protocols TLSv1.2 TLSv1.3;

  ssl_prefer_server_ciphers on;

  server_tokens off;

  ```

> ⚠️ **Note:** `SSLv3` is **not recommended** due to known vulnerabilities. You should only use `TLSv1.2` and `TLSv1.3`.

---

## 📦 Highlights from `proxy.conf`

- **Caching setup**

  ```nginx

  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m;

  ```

- **Timeouts**

  ```nginx

  proxy_connect_timeout 5s;

  proxy_send_timeout 60s;

  proxy_read_timeout 60s;

  ```

- **Buffer tuning**

  ```nginx

  proxy_buffer_size 16k;

  proxy_buffers 32 16k;

  proxy_busy_buffers_size 64k;

  ```

- **Upstream failover**

  ```nginx

  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

  ```

- **Security headers and versioning**

  Proper headers are set to forward client info and manage protocol details.

---

## 📊 Logging Format

Custom JSON-formatted logs for use with structured log platforms:

```nginx

log_format custom_json_log escape=json '{ "remote_addr": "$remote_addr", "request": "$request", ... }';

```

Logs are saved to:

- `/var/log/nginx/access.log`

- `/var/log/nginx/error.log`

---

## ✅ Recommendations

- Increase your system's open file limits with:

  ```bash

    ulimit -n 100000

  ```

- Rotate logs with `logrotate` to avoid filling disk

- Consider removing `SSLv3` from SSL protocols if security is a top priority

---

## License

This project is licensed under the [MIT License](LICENSE). See the license file for details.

---

## Issues, Feature Requests or Support

Please use the Issue > New Issue button to submit issues, feature requests or support issues directly to me. You can also send an e-mail to akin.bicer@outlook.com.tr.