Ubuntu Hardy - Nginx configuration

Whether you have installed Nginx using the package manager or from source, you will need to look at the main configuration file and see what may need changing and optimising.

Although I'll make some suggestions, the aim is not to change a great deal at this point. Rather, we will look at the main settings, see what they mean and what a change will actually do.


Defaults

So why only a few changes to the default? Well, it's difficult to give a definitive configuration as there are so many variables to consider such as expected site traffic, Slice size, site type, etc.

During this article we'll discuss the main settings and you can make any decisions as to what you feel are best for your site. Any changes I do suggest are simply that: suggestions.

My advice is very simple: experiment. Find what works best on your setup.

nginx.conf

Assuming you installed via the package manager, open up the main Nginx config file:

sudo nano /etc/nginx/nginx.conf

If you installed from source, the location may be different:

sudo nano /usr/local/nginx/conf/nginx.conf

The default file is very similar in both case (again, assuming you followed the articles shown above):

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx/access.log;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;

    include /etc/nginx/sites-enabled/*;

}

The main difference you will see if you installed from source is the path in the 'include' setting which would be something like:

include /usr/local/nginx/sites-enabled/*;

Beyond that, any changes are minor and can be adjusted as discussed below although I won't mention some of the more obvious settings such access logs and pid's.

user

Default:

user www-data;

As you can imagine, this sets the nginx user.

I always push for consistency across servers and the default web server user on Debian based systems is www-data. As such, keep this as the www-data user.

You can also add a group to this setting and it may be an idea to do so as follows:

user www-data www-data;

worker_processes

Default:

worker_processes  1;

Nginx can have more than one worker process running at the same time.

To take advantage of SMP and to enable good efficiency I would recommend changing this to read:

worker_processes  4;

Although you can experiment with this number (and I encourage you to do so) setting it at more than 4 processes may actually cause Nginx to be less efficienct on your Slice.

worker_connections

Default:

events {
    worker_connections  1024;
}

Note the worker_connections setting is placed inside the 'events' module.

Sets the number of connections that each worker can handle. This is a good default setting.

You can work out the maximum clients value from this and the worker_processes settings:

max_clients = worker_processes * worker_connections

http module

Next comes the http module which contains base settings for http access:

include       /etc/nginx/mime.types;
default_type  application/octet-stream;

Unless you have an overwhelming desire, I would leave these settings alone (again, for those who installed via source, adjust the paths to those of your install).

You can, of course, add more includes if you want to customise it but messing with mime-types usually ends up with broken web pages and download errors.

Mind you, it is good fun to play with!

sendfile

Default:

sendfile        on;

Sendfile is used when the server (Nginx) can actually ignore the contents of the file it is sending. It uses the kernel sendfile support instead of using it's own resources on the request.

It is generally used for larger files (such as images) which do not need use of a multiple request/confirmation system to be served - thus freeing resources for items that do need that level of 'supervision' from Nginx.

Keep it an on unless you know why you need to turn it off.

tcp

Default:

#tcp_nopush     on;
tcp_nodelay        on;

tcp_nopush: Sends the HTTP response headers in one packet. You can read more about tcp_nopush on this page.

I would change the default here and uncomment the setting as it is useful when combined with the sendfile option we set earlier.

tcp_nodelay: Disables the Nagle buffering algorithm. Well, that cleared that one up!

Actually, it is for use with items than do not require a response. General web use does require a response from the client and so, going against the default, I would change this to off.

You can read more about tcp_nodelay here.

So there you are. After saying I wouldn't change a lot, I have changed the two default tcp settings. Your experience may show otherwise and, again, all I can say is experiment with your site/app - what do you need?

keepalive

Default:

#keepalive_timeout  0;
keepalive_timeout  65;

The default is very high and can easily be reduced to a few seconds (an initial setting of 2 or 3 is a good place to start and you will rarely need more than that). If no new requests are received during this time the connection is killed.

OK, but what does it mean? Well, once a connection has been established and the client has requested a file, this says "sit there and ignore everyone else until the time limit is reached or you get a new request from the client".

Why would you want a higher time? In cases where there will be a lot of interactivity on the site. However, in most cases, people will go to a page, read it for a while and then click for the next page. You don't want the connection sat there doing nothing and ignoring other users.

gzip

Default:

gzip  on;

Good. We like gzip. It allows for instant, real time compression.

However, I would add a few more settings as follows:

gzip_comp_level 2;
gzip_proxied any;
gzip_types      text/plain text/html text/css application/x-javascript text/xml application/xml 
application/xml+rss text/javascript;

I think those are self explanatory and simply add to the gzip setting. You can read more about the various gzip settings on this page.

include

Default:

include /etc/nginx/sites-enabled/*;

If you installed from source, we added this line:

include /usr/local/nginx/sites-enabled/*;

Either way, it defines what files to include that are located outside of the main nginx.conf.

In this case, it points to the sites-enabled directory so it will include any symlinks. Thus enabling any 'available' sites.

Summary

There is a lot going on in this article, especially from such a small config file.

However, taking one setting at a time, we can see that each one is not only essential but pretty flexible.

The next article will take you through setting up virtual hosts and then move onto mongrel and thin integration for your Ruby on Rails applications.

PickledOnion.

Article Comments:

adrian Olaru commented Thu Aug 14 14:41:23 UTC 2008:

Starting nginx: 2008/08/14 14:37:35 [warn] 7036#0: duplicate MIME type "text/html" in /usr/local/nginx/conf/nginx.conf:22.

This happens anytime I start nginx. I can't see the 2nd "text/html". Any ideas?

adrian Olaru commented Thu Aug 14 14:44:34 UTC 2008:

It seems "text/html" is always compressed so there is no need the set it.

Andy commented Fri Aug 15 20:52:42 UTC 2008:

Hello, regarding the keepalive_timeout 65;: I have an admin section at /admin of my site. Is there a way to set a low value for the timeout but exclude the admin section? or the opposite of that and increase the /admin timeout? Is that recommended? We will be doing file uploads which could eat up some time.

Felix commented Sun Jan 18 22:36:24 UTC 2009:

You can override. As stated in [1], keepalive_timeout can be set in the following contexts: http, server, location

[1] http://wiki.codemongers.com/NginxHttpCoreModule#keepalive_timeout

florida web design commented Thu Mar 19 17:28:45 UTC 2009:

@Andy

Please, somebody, correct me if I'm wrong, but I don't think that's useful. What you're thinking of is session time-out which is not involved here at all. Your keep-alive time is just how long the server stays synchronized with a client (web user) so that more files, etc. may be transferred without starting a new connection. This is very useful for sites that use a terrible lot of Ajax that sends a request every few seconds or so. Not useful for a blog/cms/shopping cart. Useful for an Ajax Linux console like SliceHost has.

Dean Close commented Wed Jun 10 02:15:32 UTC 2009:

If you installed from source following the article the mime types are included with this path;

include /usr/local/nginx/conf/mime.types;

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)