A method for optimizing the performance of Nginx supporting SSL _nginx

This article is about performance tuning for Web servers. Does not include adjustments to database performance.
Initializing the server

This Web server runs in a EC2 t1.micro environment. I choose Nginx + PHP5-FPM to run the PHP page and I use SSL for security reasons.
Test Performance

I use Blitz.io for stress and performance testing. The following is the command of my stress test. The function is to gradually increase the user in 60 seconds. Throughout the process, Blitz.io creates one request per second and adds 4 users (Rise/run = 260/60).

Copy Code code as follows:

-P 1-250:60 https://mydomian.com

A detailed explanation

For enthusiasts, this is a detailed explanation. I will lead you through my thinking process in the following chapters.
If you edited the Nginx configuration, restart the Nginx server. If you edited the PHP5-FPM configuration, restart the service.

Trying #1: Enhancing hardware

My gut idea for improving performance is to enhance the server hardware and hopefully everything will work. I upgraded the EC2 instance from T1.micro to C1.medium (optimized for a high-traffic server, not a general-purpose server).

After that, I ran the Blitz.io load test. This is the screenshot of the result.

The server's peak performance can reach 50 successful hits per second. As the load continues to increase, the number of timeouts increases and the number of hits drops.

Try #2: Evaluate CPU Performance

I rerun the test while running htop in the background. I noticed that two CPU utilization was not more than 13%. The memory uses 300Mb. It appears that the server is not fully utilized. So I made the following changes. I edited/etc/ngnix/nginx.conf.

Copy Code code as follows:

Worker_processes 2;

Try #3, #4, #5: fine-tuning Nginx + PHP5-FPM

In the following attempts, I have changed the following values and still get #1同样的结果 with the attempt.

Try #3

Copy Code code as follows:

/etc/ngnix/nginx.conf

Worker_processes 2;
Events {
Worker_connections 19000;
Multi_accept on;
}
...

_________

Try #4

Copy Code code as follows:

/etc/ngnix/nginx.conf

Worker_processes 2;
Events {
Worker_connections 19000;
Multi_accept on;
}
HTTP {
gzip on;
Gzip_disable "Msie6";

Gzip_min_length 1000;
Gzip_proxied expired No-cache No-store private auth;
Gzip_types text/plain application/xml application/javascript text/css application/x-javascript;
...
}
...

________

Try #5
I didn't cancel the attempt #4的改变

Copy Code code as follows:

/etc/php5/fpm/pool.d/www.conf

Pm.max_children = 160
Pm.start_servers = 24
Pm.min_spare_servers = 20
Pm.max_spare_servers = 35
pm.max_requests = 1500

Try #6: Deploy another server

I have another Linode server. Has 1.5Gb of memory and 8 CPUs. I copy all nginx and PHP5-FPM settings to this server.

This is my command to use Blitz.io for stress testing.

Copy Code code as follows:

-P 1-250:60 http://labs.mydomian2.com

This is the result:

Linode Server is great! I was thinking, "is linode better than EC2?" ”。 Before I decided to go down this line of thought and move the code to Linode, I wanted to make sure there was no difference between the two servers.

trying to #7: Big revelation

I searched and found Nginx some SSL-related issues. The default nginx creates a password (cipher) using the dhe algorithm. Disabling the algorithm will improve performance.

All I edited/etc/nginx/nginx.conf removed the Kedh cipher algorithm.

Copy Code code as follows:

Worker_processes 2;
Events {
Worker_connections 1024;
}
HTTP {
gzip on;
Gzip_disable "Msie6";

Gzip_min_length 1000;
Gzip_proxied expired No-cache No-store private auth;
Gzip_types text/plain application/xml application/javascript text/css application/x-javascript;
Ssl_ciphers all:!kedh! Adh:rc4+rsa:+high:+medium:+low:+sslv2:+exp;
...
}
...

I reproduced the original stress test:

Copy Code code as follows:

-P 1-250:60 https://mydomian.com

This is the result:

It really works.!!!!

Try #8: I really need enhanced hardware

Great, EC2 and Linode are very close in performance. But do I really need a c1.medium instance to get this kind of performance? May not need ... So I changed the EC2 instance type back to T1.micro.

I have reduced worker_processes in/etc/nginx/nginx.conf because the micro instance has only one CPU.

Copy Code code as follows:

Worker_processes 1;
...

This is the result:

Well, extra hardware is helpful.
Conclusions

To get the best performance on an Nginx server that uses SSL, do the following:

• -The DH algorithm used by default is the biggest cause of low performance. Change the SSL password setting as follows:

Copy Code code as follows:

Ssl_ciphers all:!kedh! Adh:rc4+rsa:+high:+medium:+low:+sslv2:+exp;

• -Upgrade EC2 from T1.micro to C1.medium
• -Because C1.medium has two CPUs, all settings nginx have two worker processes.