Boost NGINX Performance: Essential Linux and NGINX Tuning Tips

Introduction

NGINX powers about 40% of the world’s busiest websites. While default Linux and NGINX settings work well for many scenarios, targeted tuning can unlock higher performance.

Linux Configuration

Backlog Queue

net.core.somaxconn – controls the size of the queue for connections waiting to be accepted by NGINX. Increase it for high‑traffic sites, matching the value with the

listen backlog

directive if set above 512.

net.core.netdev_max_backlog – sets the rate at which the NIC buffers packets before the CPU processes them. Raise it on high‑bandwidth machines.

File Descriptors

sys.fs.file_max – system‑wide limit of file descriptors.

nofile – per‑user limit, configured in

/etc/security/limits.conf

.

Temporary Ports

net.ipv4.ip_local_port_range – defines the range of ephemeral ports; expand if ports are exhausted (commonly 1024‑65000).

net.ipv4.tcp_fin_timeout – time before a closed port can be reused; can be safely reduced from the default 60 seconds to 30 or 15 seconds.

NGINX Configuration

Worker Processes

worker_processes

– number of worker processes; usually one per CPU core, set to

auto

for automatic matching.

worker_connections

– maximum connections per worker; default 512, raise according to hardware and traffic.

Keepalives

keepalive_requests

– number of requests a client can send over a single persistent connection (default 100).

keepalive_timeout

– idle time before a persistent connection is closed.

keepalive

– number of idle persistent connections from a worker to an upstream server.

To enable upstream keep‑alive, set

proxy_http_version 1.1

and

proxy_set_header Connection ""

.

Access Log Buffering

Enable buffering with the

access_log

directive’s

buffer=size

option and optionally

flush=time

to reduce CPU/IO overhead.

Sendfile

When enabled,

sendfile

transfers data directly between file descriptors in the kernel, achieving zero‑copy transmission and lower CPU usage. It is disabled by default.

Limits

limit_conn

/

limit_conn_zone

– restrict connections per client IP.

limit_rate

– cap bandwidth per connection.

limit_req

/

limit_req_zone

– limit request processing rate, useful for protecting login pages.

max_conns

– maximum concurrent connections to a single upstream server.

queue

– defines request queuing behavior when

max_conns

is reached.

Other Considerations

Cache

Enabling NGINX cache for load‑balanced backends can dramatically reduce response time and backend load.

Compression

Response compression saves bandwidth but consumes CPU; enable it when bandwidth savings outweigh the CPU cost, and avoid compressing already compressed assets such as JPEG images.