NGINX configuration for a high-traffic Cloupanel site handling 100K clicks per day.
File is located at
/etc/nginx/nginx.conf
I’ve created an optimized NGINX configuration for high-traffic site. Here are the key optimizations and changes made:
-
Worker Processes & Connections
- Increased
worker_rlimit_nofileto 65535 to handle more concurrent connections - Optimized
worker_connectionsto 65535 - Enabled
multi_acceptfor better high-traffic handling - Disabled
accept_mutexfor better performance under high load
- Increased
-
FastCGI Caching
- Implemented FastCGI caching with a 100MB zone size
- Cache valid responses for 60 minutes
- Added cache bypass options for dynamic content
- Optimized buffer sizes for typical Laravel responses
-
Performance Optimizations
- Tuned keepalive settings for high-traffic scenarios
- Optimized buffer sizes for different types of requests
- Implemented efficient file caching settings
- Added rate limiting to prevent abuse
-
Security Enhancements
- Implemented strict SSL configuration
- Added security headers
- Protected sensitive Laravel directories
- Rate limiting for PHP requests
-
Compression
- Optimized Gzip compression settings
- Added Brotli compression support
- Configured caching for static assets
-
PHP-FPM Optimization
- Tuned FastCGI parameters for better performance
- Implemented request limiting
- Added connection limiting
- Optimized timeouts
-
Logging
- Enhanced log format to include response times
- Buffered logging for better performance
- Disabled logging for common static files
To implement this configuration:
- Backup your current configuration
- Adjust paths and server names according to your setup
- Test the configuration with
nginx -t - Gradually implement changes in staging before production
user root;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log notice;
worker_rlimit_nofile 65535;
include /etc/nginx/modules-enabled/*.conf;
events {
use epoll;
worker_connections 65535;
# multi_accept on;
epoll_events 512;
}
http {
##
# Basic Settings
##
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
real_ip_recursive on;
set_real_ip_from 127.0.0.1;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
#real_ip_header X-Forwarded-For;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
##
# Define fastcgi_cache settings
##
# FastCGI Cache Settings
fastcgi_cache_key "$scheme$request_method$host$request_uri$cookie_pll_language";
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
fastcgi_cache_methods GET HEAD;
fastcgi_buffers 256 32k; # Reduced number of buffers, still maintaining good performance
fastcgi_buffer_size 256k; # Reduced to better match common response sizes
fastcgi_connect_timeout 3s; # Reduced to fail faster
fastcgi_send_timeout 180s; # Increased for better reliability with slow upstream
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_keep_conn on;
fastcgi_cache_lock on;
fastcgi_cache_lock_age 1s; # Increased to reduce cache stampede
fastcgi_cache_lock_timeout 5s; # Increased for better reliability
# Proxy Settings
proxy_buffers 4 256k; # Optimized for typical response sizes
proxy_buffer_size 128k; # Adjusted for headers
proxy_busy_buffers_size 256k; # Reduced to save memory
proxy_connect_timeout 600; # Reduced to fail faster
proxy_send_timeout 600; # Balanced timeout
proxy_read_timeout 600; # Balanced timeout
# TCP Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# aio threads; # Enable async I/O with threads
# directio 512; # Enable direct I/O for files > 512 bytes
# Timeout Settings
send_timeout 60; # Reduced to free resources faster
keepalive_timeout 65; # Optimal for most cases
keepalive_requests 2048; # Increased for better performance
# Client Request Settings
client_body_buffer_size 16k; # Increased for better performance
client_header_buffer_size 2k; # Increased slightly
large_client_header_buffers 4 8k; # Reduced buffer size
client_body_timeout 15; # Reduced for faster failure detection
client_header_timeout 15; # Reduced for faster failure detection
client_max_body_size 100M; # Increased to handle larger uploads
# Performance Settings
server_tokens off;
port_in_redirect off;
access_log off;
# File Cache Settings
open_file_cache max=500000 inactive=60s; # Increased cache size
open_file_cache_valid 120s; # Increased validity
open_file_cache_min_uses 2; # Reduced to cache more files
open_file_cache_errors on;
types_hash_max_size 4096; # Increased for more MIME types
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
include /etc/nginx/blocked_ips;
# include /etc/nginx/blocked_bots;
pagespeed off;
pagespeed XHeaderValue 1;
##
# SSL Settings - Hardened Configuration
##
ssl_conf_command Options KTLS; # Kernel TLS for better performance
# Strict ciphersuite selection - most secure TLS 1.3 ciphersuites only, prioritizing security
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
# TLS 1.3 only - no fallback to older versions
ssl_protocols TLSv1.3;
# Optimized session cache settings
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 4h;
ssl_session_tickets off;
# Use only the strongest curve
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
# Use more reliable DNS resolvers with DNSSEC support
resolver 9.9.9.9 149.112.112.112 valid=3600s;
resolver_timeout 2s;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# 0-RTT can be risky for some applications - disable if you handle sensitive data
ssl_early_data on;
# Strict security headers
add_header Strict-Transport-Security "max-age=63072000" always;
# HTTP/3 support with strict settings
add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Limit the requests for php
##
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s;
##
# Gzip Settings
##
gzip on;
# gzip_static on;
gzip_min_length 1000;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_disable "MSIE [4-6]\.";
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 32 16k;
##
# Brotli Settings
##
brotli on;
brotli_comp_level 8;
brotli_static on;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
MySQL configuration for a high-traffic setup with 100K clicks and 38GB of RAM. I’ll create an optimized version focusing on key performance areas.
File locate at
/etc/mysql/mariadb.conf.d/100-cloudpanel.cnf
##or
/etc/mysql/mysql.conf.d/
I’ve made several important optimizations for 38GB RAM server handling 100K clicks. Here are the key changes and explanations:
-
Memory Usage:
- Set
innodb_buffer_pool_sizeto 28GB (75% of your 38GB RAM) - Increased
innodb_buffer_pool_instancesto 16 for better concurrency
- Set
-
Connection Handling:
- Increased
max_connectionsto 2000 to handle high traffic - Increased
back_logto 1000 for better connection queue handling - Adjusted thread cache and timeout settings
- Increased
-
InnoDB Optimizations:
- Increased
innodb_log_file_sizeto 2GB for better performance - Set
innodb_flush_log_at_trx_commit = 2for better performance while maintaining good reliability - Optimized I/O settings with increased read/write threads
- Added
innodb_io_capacitysettings optimized for SSD
- Increased
-
Buffer and Cache Settings:
- Increased various buffer sizes (join, read, sort) for better performance
- Disabled query cache as it’s inefficient for high-concurrency workloads
- Increased temp table sizes to 512M
-
Table Handling:
- Increased table cache settings for better concurrent table access
- Increased
open_files_limitto handle more concurrent open tables
-
Monitoring:
- Enabled slow query log with 2-second threshold
- Disabled binary logging unless you need replication
Important notes:
- You’ll need to ensure your system’s ulimit settings can handle these values
- Monitor the server’s performance and adjust these values based on actual usage patterns
- Ensure your filesystem and OS are also optimized for these settings
MariaDB
[mysqld]
# === Required Settings ===
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
log-error = /var/log/mysql/error.log
datadir = /home/mysql/
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
init-connect = 'SET NAMES utf8mb4'
thread_cache_size = 32
table_open_cache = 2048
sort_buffer_size = 8M
# === InnoDB Settings ===
innodb_file_per_table
innodb = force
innodb_buffer_pool_instances = 16
innodb_buffer_pool_size = 28G
innodb_file_per_table = 1
innodb_sort_buffer_size = 16M
innodb_flush_log_at_trx_commit = 2
innodb_log_file_size = 2GB
innodb_stats_on_metadata = OFF
innodb_buffer_pool_instances = 8
innodb_io_capacity = 3000
innodb_io_capacity_max = 6000
innodb_read_io_threads = 16
innodb_write_io_threads = 16
innodb_log_buffer_size = 10M
innodb_flush_method = O_DIRECT
innodb_log_buffer_size = 64M
innodb_thread_concurrency = 32
# === Connection Settings ===
max_connections = 2000 # Increased for high traffic
back_log = 1000 # Increased for high traffic
thread_cache_size = 200 # Increased for better thread handling
thread_stack = 256K
interactive_timeout = 300 # Increased timeout
wait_timeout = 300 # Increased timeout
# === Buffer Settings ===
join_buffer_size = 8M # Increased for better JOIN performance
read_buffer_size = 4M # Increased for better read performance
read_rnd_buffer_size = 8M # Increased for better random read performance
sort_buffer_size = 8M # Increased for better sorting performance
# === Table Settings ===
table_definition_cache = 60000 # Increased for more concurrent tables
table_open_cache = 60000 # Increased for more concurrent tables
open_files_limit = 100000 # Increased accordingly
max_heap_table_size = 512M # Increased for better temp table handling
tmp_table_size = 512M # Increased for better temp table handling
# === Query Cache Settings ===
query_cache_size = 0
query_cache_type = 0
# === Logging Settings ===
slow_query_log = 1
slow_query_log_file = /var/lib/mysql/mysql_slow.log
long_query_time = 2 # Log queries slower than 2 seconds
log_queries_not_using_indexes = 0
# === Binary Logging ===
disable_log_bin
MySQL
[mysqld]
# === Required Settings ===
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
log-error = /var/log/mysql/error.log
datadir = /home/mysql/
default-authentication-plugin = mysql_native_password
character_set_server = utf8mb4
collation_server = utf8mb4_general_ci
init-connect = 'SET NAMES utf8mb4'
# === InnoDB Settings ===
innodb_file_per_table
innodb = force
innodb_buffer_pool_instances = 16
innodb_buffer_pool_size = 28G
innodb_sort_buffer_size = 16M
innodb_flush_log_at_trx_commit = 2
innodb_log_file_size = 2G
innodb_stats_on_metadata = 0
innodb_io_capacity = 3000
innodb_io_capacity_max = 6000
innodb_read_io_threads = 16
innodb_write_io_threads = 16
innodb_flush_method = O_DIRECT
innodb_log_buffer_size = 64M
innodb_thread_concurrency = 32
# === Connection Settings ===
max_connections = 2000
back_log = 1000
thread_cache_size = 200
thread_stack = 256K
interactive_timeout = 300
wait_timeout = 300
# === Buffer Settings ===
join_buffer_size = 8M
read_buffer_size = 4M
read_rnd_buffer_size = 8M
sort_buffer_size = 8M
# === Table Settings ===
table_definition_cache = 60000
table_open_cache = 60000
open_files_limit = 100000
max_heap_table_size = 512M
tmp_table_size = 512M
# === Query Cache Settings ===
query_cache_size = 0
query_cache_type = 0
# === Logging Settings ===
slow_query_log = 1
slow_query_log_file = /var/lib/mysql/mysql_slow.log
long_query_time = 2
log_queries_not_using_indexes = 0
# === Binary Logging ===
disable_log_bin
# === Added Safety Settings ===
max_allowed_packet = 1024M
[mysqldump]
set-gtid-purged=OFF
[client]
ssl-mode=DISABLED