nginx proxy pass [ best practices ] 2 for sysctl tcp

.https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/ http://www.queryadmin.com/1654/tuning-linux-kernel-tcp-parameters-sysctl/ https://blogs.dropbox.com/tech/2017/09/optimizing-web-servers-for-high-throughput-and-low-latency/ Don’t USE net.ipv4.tcp_tw_recycle=1 —don’t use it—it was already broken for users behind NAT, but if you upgrade your kernel, it will be broken for everyone. net.ipv4.tcp_timestamps=0 —don’t disable them unless you know all side-effects and you are OK with them. For example, one of non-obvious side effects is that you will loose window scaling and SACK options on syncookies. https://read01.com/zh-tw/KBgmj7.html Don’t USE net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 /*Only you know, sometime can do*/

繼續閱讀

nginx proxy pass [ best practices ]

1、/etc/nginx/nginx.conf worker_processes 1; #auto; events { worker_connections 3000; #786; # multi_accept on; } http {  server_tokens off; #open this line resolver 8.8.8.8 8.8.4.4 valid=300s; #resolver dns server  proxy_cache_path /var/cache/proxy-nginx levels=1:2 keys_zone=proxy-cache:10m max_size=3g inactive=1d use_temp_path=off;  add_header X-Cache $upstream_cache_status; #讓Header顯示是否有Cache:HIT命中 MISS失敗 BYPASS略過  proxy_headers_hash_max_size 51200; #add this line  proxy_headers_hash_bucket_size 6400; #add this line  log_format main ‘$remote_addr $status $request $body_bytes_sent [$time_local] $http_user_agent $http_referer $http_x_forwarded_for $upstream_addr $upstream_status $upstream_cache_status $upstream_response_time’;

繼續閱讀

nginx proxy pass

see http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices.html http://sueboy.blogspot.tw/2017/11/nginx-proxy-pass-best-practices-2-for.html server { listen 80; server_name aaaa.bbbbb.com; location / { proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection “upgrade”; proxy_pass http://xxx.xxx.xxx.xxx:80; } } proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Original-Host $http_host; proxy_set_header X-Original-Scheme $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; client_max_body_size 10m; client_body_buffer_size 128k; # client_body_temp_path /var/nginx/client_body_temp; proxy_connect_timeout 90; proxy_send_timeout 90;

繼續閱讀

作者的圖片

Sue boy

Sueboy Can support You

CIO

Taiwan