Debian Lenny - Nginx configuration

Whether you have installed Nginx using the package manager or from source, you will need to look at the main configuration file and see what may need changing and optimizing.

Although I'll make some suggestions, the aim is not to change a great deal at this point. Rather, we will look at the main settings, see what they mean and what a change will actually do.


So why only a few changes to the default? Well, it's difficult to give a definitive configuration as there are so many variables to consider such as expected site traffic, Slice size, site type, etc.

In this article we will discuss the main settings and you can make any decisions as to what you feel are best for your site. Any changes I do suggest are simply that: suggestions.

My advice is very simple: experiment. Find what works best on your setup.


Assuming you installed via the package manager, open up the main Nginx config file:

sudo nano /etc/nginx/nginx.conf

If you installed from source, the location may be different:

sudo nano /usr/local/nginx/conf/nginx.conf

The default file is very similar in both cases (assuming you followed the articles shown above):

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/;

events {
    worker_connections  1024;

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/nginx/access.log;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

The main difference you will see if you installed from source is the path in the 'include' setting, which would be something like:

include /usr/local/nginx/sites-enabled/*;

Beyond that, any changes are minor and can be adjusted as discussed below, although I won't mention some of the more obvious settings such as access logs and pid's.



user www-data;

As you can imagine, this sets the nginx user.

I always push for consistency across servers and the default web server user on Debian based systems is www-data. As such, keep this as the www-data user.

You can also add a group to this setting and it may be an idea to do so as follows:

user www-data www-data;



worker_processes  1;

Nginx can have more than one worker process running at the same time.

To take advantage of SMP and to enable good efficiency I would recommend changing this to read:

worker_processes  4;

Although you can experiment with this number (and I encourage you to do so) setting it at more than 4 processes may actually cause Nginx to be less efficienct on your Slice.



events {
    worker_connections  1024;

Note the worker_connections setting is placed inside the 'events' module.

Sets the number of connections that each worker can handle. This is a good default setting.

You can work out the maximum clients value from this and the worker_processes settings:

max_clients = worker_processes * worker_connections

http module

Next comes the http module which contains base settings for http access:

include       /etc/nginx/mime.types;
default_type  application/octet-stream;

Unless you have an overwhelming desire, I would leave these settings alone (again, for those who installed via source, adjust the paths to those of your install.)

You can, of course, add more includes if you want to customize it but messing with mime-types usually ends up with broken web pages and download errors.

Mind you, it is good fun to play with!



sendfile        on;

Sendfile is used when the server (Nginx) can actually ignore the contents of the file it is sending. It uses the kernel sendfile support instead of using it's own resources on the request.

It is generally used for larger files (such as images) which do not need use of a multiple request/confirmation system to be served — thus freeing resources for items that do need that level of 'supervision' from Nginx.

Keep it on unless you know why you need to turn it off.



#tcp_nopush      on;
tcp_nodelay      on;

tcp_nopush: Sends the HTTP response headers in one packet. You can read more about tcp_nopush on this page.

I would change the default here and uncomment the setting as it is useful when combined with the sendfile option we set earlier.

tcp_nodelay: Disables the Nagle buffering algorithm. Well, that cleared that one up!

Actually, it is for use with items than do not require a response. General web use does require a response from the client and so, going against the default, I would change this to off.

You can read more about tcp_nodelay here.

So there you are. After saying I wouldn't change a lot, I have changed the two default tcp settings. Your experience may show otherwise, and, again, all I can say is experiment with your site/app — what do you need?



#keepalive_timeout  0;
keepalive_timeout  65;

The default is very high and can easily be reduced to a few seconds (an initial setting of 2 or 3 is a good place to start and you will rarely need more than that). If no new requests are received during this time the connection is killed.

OK, but what does it mean? Well, once a connection has been established and the client has requested a file, this says "sit there and ignore everyone else until the time limit is reached or you get a new request from the client."

Why would you want a higher time? In cases where there will be a lot of interactivity on the site. However, in most cases, people will go to a page, read it for a while and then click for the next page. You don't want the connection to sit there doing nothing, ignoring other users.



gzip  on;

Good. We like gzip. It allows for instant, real time compression.

However, I would add a few more settings as follows:

gzip_comp_level 2;
gzip_proxied any;
gzip_types      text/plain text/html text/css application/x-javascript text/xml
                application/xml application/xml+rss text/javascript;

I think those are self explanatory and simply add to the gzip setting. You can read more about the various gzip settings on this page.



include /etc/nginx/sites-enabled/*;

If you installed from source, we added this line:

include /usr/local/nginx/sites-enabled/*;

Either way, it defines what files to include that are located outside of the main nginx.conf.

In this case, it points to the 'sites-enabled' directory and will include any symlinked files; thus enabling any sites linked from the 'sites-available' directory.


There is a lot going on in this article, especially considering that 'nginx.conf' is such a small config file.

However, taking one setting at a time, we can see that each one is not only essential, but rather flexible too.

The next article will take you through setting up virtual hosts.

Ben B

Article Comments:

Ken commented Fri Aug 21 19:56:13 UTC 2009:

So I installed Nginx from source, as I usually do... and I'm trying to figure out why I can't open just a directory and its file listing over WWW without any index file. Does it need a thumbnail file? How do I implement it properly?

yosafat commented Fri Oct 02 17:13:02 UTC 2009:

so, does it mean that leaving the default nginx.conf will be fine?

DeadlyCreampuff commented Tue Oct 06 00:14:28 UTC 2009:

Great article :)

Want to comment?

(not made public)


(use plain text or Markdown syntax)