Comprehensive Guide to Nginx Architecture, Process Model, FastCGI Integration, and Performance Optimization

NGINX is a high‑performance web server and load balancer widely used for serving static content, reverse proxying, and handling dynamic requests via modules.

Key Features and Modules

Event‑driven architecture with asynchronous non‑blocking processing.

Core modules (HTTP, EVENT, MAIL), basic modules (Access, FastCGI, Proxy, Rewrite), and third‑party modules.

Handlers, Filters, and Proxies classify module functionality.

Process Model

NGINX runs a master process that manages multiple worker processes. Workers handle network events independently, each bound to a CPU core for optimal performance.

When the master receives a HUP signal, it reloads configuration, spawns new workers, and gracefully shuts down old ones.

Asynchronous Event Models

Linux: epoll (default, high efficiency).

Other platforms: select , poll , kqueue , rtsig , /dev/poll , eventport .

FastCGI and PHP‑FPM Integration

NGINX communicates with PHP via FastCGI. PHP‑FPM manages FastCGI processes, offering better performance and stability than spawn‑fcgi.

# Example Nginx location for PHP
location ~ \.php$ {
    root html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
}

PHP‑FPM configuration (php-fpm.conf) includes settings such as listen_address , start_servers , max_children , and rlimit_files .

Performance Tuning

Compile NGINX with --with-cc-opt='-O3' and CPU‑specific optimizations.

Use TCMalloc for faster memory allocation.

Adjust kernel parameters (e.g., net.core.somaxconn , net.ipv4.tcp_max_tw_buckets ) to handle high concurrency.

Configure worker_processes , worker_connections , worker_cpu_affinity , and enable epoll .

Optimize buffers ( proxy_buffer_size , fastcgi_buffers ) and enable gzip compression.

Error Handling and Common Issues

400 Bad Request – increase client_header_buffer_size and large_client_header_buffers .

413 Request Entity Too Large – set client_max_body_size and adjust PHP post_max_size / upload_max_filesize .

502 Bad Gateway – check upstream service health, increase FastCGI timeouts, and ensure enough PHP‑FPM workers.

504 Gateway Timeout – raise proxy/read timeouts and monitor backend load.

Security Vulnerability

A critical issue allows NGINX to treat any file as PHP when cgi.fix_pathinfo is enabled, potentially exposing arbitrary files to code execution. Mitigation includes disabling cgi.fix_pathinfo or adding a rule to reject requests where $fastcgi_script_name contains a PHP extension after a non‑PHP file.

if ($fastcgi_script_name ~ ..*/.*php) {
    return 403;
}

Overall, the guide combines architectural concepts, configuration snippets, tuning strategies, and security best practices for deploying NGINX in production environments.