Understanding Nginx Architecture, Process Model, FastCGI Integration, and Performance Optimization

NGINX is a high‑performance load balancer, cache, and web server that powers over 40% of the busiest sites. It offers core, basic, and third‑party modules, each handling specific tasks such as request routing, static file serving, dynamic content processing, caching, SSL/TLS, and extensibility.

The server runs a master process that manages multiple worker processes. The master handles signals, monitors workers, and performs graceful reloads, while each worker processes client connections using a single thread and an asynchronous, non‑blocking event loop (epoll on Linux, kqueue on BSD, etc.).

NGINX delegates dynamic script execution to FastCGI. The typical workflow involves the location ~ \.php$ block forwarding PHP requests to a FastCGI manager (e.g., PHP‑FPM) listening on 127.0.0.1:9000. PHP‑FPM spawns a pool of CGI workers, manages their lifecycle, and communicates with NGINX via sockets.

while (true) {
    for t in run_tasks:
        t.handler();
    update_time(&now);
    timeout = ETERNITY;
    for t in wait_tasks: /* sorted already */
        if (t.time <= now) {
            t.timeout_handler();
        } else {
            timeout = t.time - now;
            break;
        }
    nevents = poll_function(events, timeout);
    for i in nevents:
        task t;
        if (events[i].type == READ) {
            t.handler = read_handler;
        } else { /* events[i].type == WRITE */
            t.handler = write_handler;
        }
        run_tasks_add(t);
}

Performance tuning includes setting worker_processes to match CPU cores, using worker_cpu_affinity for CPU pinning, enabling epoll , and adjusting kernel parameters (e.g., net.core.somaxconn , net.ipv4.tcp_max_syn_backlog ). Memory allocators like TCMalloc can be linked via --with-google_perftools_module for lower latency.

Configuration best practices cover proper use of try_files instead of if , separating index directives to the server block, and setting appropriate buffer sizes ( client_header_buffer_size , large_client_header_buffers , proxy_buffer_size , fastcgi_buffers ) to avoid 400/413/502 errors.

Security considerations include disabling cgi.fix_pathinfo or adding a regex guard to prevent arbitrary file execution via crafted URLs, mitigating the NGINX+PHP path‑info vulnerability.