High-Performance NGINX Configuration for Heavy Traffic

This repository contains a highly optimized NGINX configuration for handling high volumes of concurrent traffic with performance and security in mind. The setup is ideal for web applications, reverse proxies, and services requiring low latency, efficient resource usage, and structured logging.

💡 Key Features

• Multi-worker support for CPU scaling
• High connection and file limits to handle thousands of concurrent clients
• File cache optimizations for faster static content delivery
• Custom JSON logging for integration with modern log analysis systems (e.g., Graylog, ELK)
• Advanced GZIP compression with a wide range of MIME types
• SSL support including TLS 1.3
• Keep-alive optimizations for long-lived client connections
• Tuned upstream proxy settings for backend resilience and performance

---

📂 Included Files

File	Description
nginx.conf	Main NGINX configuration file with core HTTP, worker, and performance settings.
proxy.conf	Dedicated reverse proxy configuration for caching, buffering, and timeout handling.
Other files under conf.d/, sites-enabled/, modules-enabled/	Modular configurations for specific sites, virtual hosts, and modules.

---

🔧 Highlights from nginx.conf

• Worker configuration

  worker_processes 2;
  worker_connections 2048;
  worker_rlimit_nofile 100000;

• Connection handling

  use epoll;
  multi_accept on;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;

• Keepalive and timeout tuning

  keepalive_timeout 30;
  keepalive_requests 100000;
  client_body_timeout 10;
  send_timeout 2;

• GZIP compression Includes extended MIME types for modern web assets, fonts, images, and office formats.

• Security

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  server_tokens off;

⚠️ Note: SSLv3 is not recommended due to known vulnerabilities. You should only use TLSv1.2 and TLSv1.3.

---

📦 Highlights from proxy.conf

• Caching setup

  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m;

• Timeouts

  proxy_connect_timeout 5s;
  proxy_send_timeout 60s;
  proxy_read_timeout 60s;

• Buffer tuning

  proxy_buffer_size 16k;
  proxy_buffers 32 16k;
  proxy_busy_buffers_size 64k;

• Upstream failover

  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

• Security headers and versioning Proper headers are set to forward client info and manage protocol details.

---

📊 Logging Format

Custom JSON-formatted logs for use with structured log platforms:

log_format custom_json_log escape=json '{ "remote_addr": "$remote_addr", "request": "$request", ... }';

Logs are saved to:

• /var/log/nginx/access.log
• /var/log/nginx/error.log

---

✅ Recommendations

• Increase your system's open file limits with:

    ulimit -n 100000

• Rotate logs with logrotate to avoid filling disk
• Consider removing SSLv3 from SSL protocols if security is a top priority

---

License

This project is licensed under the MIT License. See the license file for details.

---

Issues, Feature Requests or Support

Please use the Issue > New Issue button to submit issues, feature requests or support issues directly to me. You can also send an e-mail to akin.bicer@outlook.com.tr.