Nginx 性能调优指南
下面是一份 真正可落地的《Nginx 性能调优指南(CPU/内存自适应版)》,内容涵盖 CPU、自适应 worker、内存、自适应 buffer、连接数、网络栈、文件缓存、反向代理优化、SSL/HTTP2 优化。
内容非常实战,适合生产环境(2C2G ~ 64C256G 都能用)。
Nginx 的性能主要依赖四个部分:
| 部分 | 影响因素 |
|---|---|
| worker 数量 | CPU 核心数 |
| worker_connections | 文件描述符限制、系统 ulimit |
| buffer 大小 | 内存大小 |
| upstream keepalive 数量 | 并发请求数 |
| 网络优化 | TCP 参数、epoll、队列 |
所以所有调优必须围绕 CPU × 连接数 × 内存。
worker 数量(auto)
worker_processes auto;
自动等于 CPU 核心数。
推荐:永远用 auto。
worker_rlimit_nofile 200000;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
}
不同 CPU 建议
| CPU | worker_processes | worker_connections | Max 并发估算 |
|---|---|---|---|
| 1 核 | auto(1) | 20480 | ~20K |
| 2 核 | auto(2) | 32768 | ~60K |
| 4 核 | auto(4) | 65535 | ~200K |
| 8 核+ | auto | 65535 | ~500K |
Nginx buffer 不宜设置过大,不仅浪费内存,还可能 放大攻击面。
你的机器:2C / 2G
建议:
client_body_buffer_size 512k;
client_header_buffer_size 4k;
large_client_header_buffers 4 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
proxy_buffer_size 16k;
内存动态分级(表格)
| 内存 | client_body_buffer | proxy_buffers | large_client_header |
|---|---|---|---|
| 1 - 2G | 256k–512k | 8*16k | 4 16k |
| 4 - 8G | 512k–1M | 8*32k | 4 32k |
| 16G+ | 2M–4M | 16*32k | 8 64k |
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off; # 不缓存(更实时)
如需要缓存,可开启:
proxy_buffering on;
proxy_cache_path ...
对于 upstream:
upstream backend {
server 127.0.0.1:8000;
keepalive 64;
}
keepalive 的建议值:
| CPU | keepalive |
|---|---|
| 1–2 核 | 32–64 |
| 4–8 核 | 128 |
| 16 核以上 | 256 |
gzip on;
gzip_types text/plain text/css application/json application/javascript;
gzip_comp_level 5;
gzip_min_length 1k;
gzip_vary on;
记住新版写法:
listen 443 ssl;
http2 on;
优化:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_tickets on;
写入 /etc/sysctl.conf:
# 最大文件数
fs.file-max = 1000000
# TCP 优化
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
# TIME_WAIT
net.ipv4.tcp_tw_reuse = 1
# Ephemeral ports
net.ipv4.ip_local_port_range = 1024 65000
# TCP buffers
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
应用:
sysctl -p
👉 自动检测 CPU 和内存,并生成 nginx.conf 参数。
#!/bin/bash
CPU=$(nproc)
MEM_MB=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}')
# buffer 按内存分级
if [ $MEM_MB -lt 2000 ]; then
BODY_BUFFER="512k"
PROXY_BUFFER="16k"
elif [ $MEM_MB -lt 8000 ]; then
BODY_BUFFER="1m"
PROXY_BUFFER="32k"
else
BODY_BUFFER="2m"
PROXY_BUFFER="64k"
fi
cat <<EOF
worker_processes $CPU;
worker_rlimit_nofile 200000;
events {
worker_connections 65535;
use epoll;
multi_accept on;
}
http {
client_body_buffer_size $BODY_BUFFER;
client_header_buffer_size 4k;
large_client_header_buffers 4 16k;
proxy_buffer_size $PROXY_BUFFER;
proxy_buffers 8 $PROXY_BUFFER;
proxy_busy_buffers_size $(( ${PROXY_BUFFER%k} * 2 ))k;
}
EOF