1.
NGINX for FUN
& PERFORMANCEPHILIPP KRENN @xeraa ecosio

2.
Vienna

3.
ViennaDB
Papers We Love Vienna

4.
Electronic Data Interchange (EDI)

5.
nginx

6.
there's this russian server nginx. all the
porn sites use it. it must be decent.
— Jonathan VanascoJV
JV
http://www.destructuring.net/2006/10/09/nginx/

7.
From Subversion to Git

8.
Users
WORDPRESS.COM APP
SERVER + LOAD BALANCER

9.
UsersSTATIC CONTENT GITHUB

10.
UsersSSL TERMINATION WIKIPEDIA

11.
http://w3techs.com/technologies/cross/
web_server/ranking

12.
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html

13.
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html

14.
Public launch in 2004 by
IGOR SYSOEV
HTTPS://WWW.RAMBLER.RU

15.
BSD LICENSED
CROSS-PLATFORM C

16.
STABLE 1.6.2 (2014-09-16)
PREVIEW 1.7.11 (2015-03-24)
SUPPORT FROM NGINX INC.

17.
nginx is a lightweight event-driven
reverse proxy for web and mail services.
— http://nginx.org

18.
Apache
THREAD / PROCESS-ORIENTED
SPAWN A PROCESS FOR EACH CONNECTION (1MB+ RAM)
APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM USAGE

19.
Problem200KB RESPONSE
MILLISECONDS TO GENERATE OR RETRIEVE
10S TO TRANSMIT AT 160KBPS (20KB/S)
1000 CONNECTIONS !

20.
it's time for web servers to handle ten
thousand clients simultaneously
— Daniel Kegel

21.
C10K challenge
NGINX SOLUTION
EVENT-DRIVEN ARCHITECTURE

22.
Event-driven
SINGLE NONBLOCKING THREAD
ONE PROCESS PER CORE — NODE.JS, REDIS,...
STABLE MEMORY USAGE, NO CONTEXT SWITCHES

23.
Event-driven1. Receive request
2. Trigger events in a process
3. Process handles events and returns output
http://en.wikipedia.org/wiki/Reactor_pattern

24.
http://www.aosabook.org/en/nginx.html#fig.nginx.arch

25.
!

26.
EIERLEGENDE
WOLLMILCHSAU

27.
"EGG-LAYING
WOOL-MILK-
SOW"

28.
101Things nginx can do

29.
000 SSL Termination

30.
https://mozilla.github.io/server-side-tls/ssl-config-generator/

31.
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;

32.
# Better Perfect Forward Secrecy, generate: openssl dhparam 2048
ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:
DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:
DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:
AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:
CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:
!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

33.
# HSTS: 15768000 seconds = 6 months
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
....
}

34.
!
USE
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://www.ssllabs.com/ssltest/

35.
001 Load Balancing

36.
upstream backend_hosts {
server host0.example.com;
server host1.example.com;
server 10.10.10.10;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_hosts;
}
}

37.
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend_hosts;
}

38.
UPSTREAM BALANCING ALGORITHM
DEFAULT: ROUND ROBIN
least_conn
ip_hash
hash

39.
MOAR FEATURESCOOKIE STICKINESS
WEIGHTING OF NODES
...

40.
010 Proxying

41.
location / {
proxy_pass http://localhost:8000;
}

42.
011 Dynamic Pages

43.
location ~* .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 120;
}

44.
100 A/B Testing

45.
http {
split_clients "${remote_addr}" $designtest {
10% ".first";
10% ".second";
* "";
}
server {
listen 80;
server_name example.com;
index index${designtest}.html;
}
}

46.
101 Client-Side Caching

47.
location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|
zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|
ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
access_log off;
expires max;
}

48.
!

49.
Apache is like Microsoft Word, it has a
million options but you only need six.

50.
nginx does those six things, and it does
five of them 50 times faster than
Apache.
— Chris LeaCL
CL
http://maisonbisson.com/post/12249/chris-lea-on-nginx-and-wordpress/

51.
GREAT! BUT...

52.
...IT DOESN'T WORK THE
Apache WAY
FOR EXAMPLE .htaccess

53.
FOR EVERY REQUEST, CHECK
EVERY DIRECTORY, READ AND
PARSE EVERY FILE
Changes effective immediately

54.
http://example.com/assets/Uploads/gallery/image.jpg

55.
DigitalOcean512MB RAM, 20GB SSD
UBUNTU 14.04 IN AMS2 + AMS3

56.
ApacheBench
$ sudo apt-get install apache2-utils

57.
$ ab -n 25000 -c 10 http://example.com
25,000 REQUESTS
CONCURRENCY 10, 50, 250, 1000

58.
Vanilla installationsudo apt-get install apache2
sudo apt-get install nginx
NO TWEAKS

59.
BEWARE
Unstable

60.
$ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png
...
Server Software: nginx/1.4.6
Server Hostname: 188.226.151.84
Server Port: 80
Document Path: /codemotion_intro.png
Document Length: 2461 bytes
Concurrency Level: 10
Time taken for tests: 7.734 seconds
Complete requests: 25000
Failed requests: 0
Total transferred: 67575000 bytes
HTML transferred: 61525000 bytes
Requests per second: 3232.56 [#/sec] (mean)
Time per request: 3.094 [ms] (mean)
Time per request: 0.309 [ms] (mean, across all concurrent requests)
Transfer rate: 8532.82 [Kbytes/sec] received
...

61.
Benchmarking 178.62.213.21 (be patient)
Completed 2500 requests
Completed 5000 requests
Completed 7500 requests
Completed 10000 requests
Completed 12500 requests
Completed 15000 requests
Completed 17500 requests
Completed 20000 requests
Completed 22500 requests
apr_socket_recv: Connection reset by peer (104)
Total of 24847 requests completed

62.
$ ab -n 25000 -c 10
http://188.226.151.84/assets/Uploads/gallery/codemotion_intro.png

63.
Add PHPsudo apt-get install php5-fpm
sudo apt-get install php5 libapache2-mod-php5

64.
File<?php phpinfo();

65.
ab -n 2500 -c 10 -l http://188.226.151.84/info.php
Concurrency Level: 10
Time taken for tests: 4.920 seconds
Complete requests: 2500
Failed requests: 0
Total transferred: 164667204 bytes
HTML transferred: 164252204 bytes
Requests per second: 508.18 [#/sec] (mean)
Time per request: 19.678 [ms] (mean)
Time per request: 1.968 [ms] (mean, across all concurrent requests)
Transfer rate: 32687.80 [Kbytes/sec] received

66.
BENCHMARK YOUR PROJECTS
BUILD
BENCHMARK
REPEAT

67.
Say Apache one
more time...

68.
Questions?
NOW OR @XERAA
HTTPS://SPEAKERDECK.COM/XERAA/

69.
Feedback
HTTPS://JOIND.IN/14161
HTTPS://JOIND.IN/EVENT/CODEMOTION-ROME-2015

70.
IMAGE CREDIT
Rome https://flic.kr/p/j9Lmu
Vienna https://flic.kr/p/4enYGH
Database https://flic.kr/p/6QVfAK
Paper https://flic.kr/p/7Ahvn1
Engine https://flic.kr/p/hD3SY4
X https://flic.kr/p/9vMs2
Kiss https://flic.kr/p/z8Phh
Branches https://flic.kr/p/aDgLJx

71.
Crowd https://flic.kr/p/Wd54U
Launch https://flic.kr/p/kjkJ5N
License https://flic.kr/p/nxAfZ
Release https://flic.kr/p/4rDBEK
Lightweight https://flic.kr/p/6h98Li
Apache https://flic.kr/p/8m9Mf1
Flow https://flic.kr/p/a5A3e1
Simultaneous https://flic.kr/p/easM1t
Speed https://flic.kr/p/afEu4o
Block https://flic.kr/p/8szrqe
Eierlegende Wollmilchsau https://flic.kr/p/GzQTT

72.
Taipei https://flic.kr/p/4hi1jB
Terminator https://flic.kr/p/6hDYBK
Load https://flic.kr/p/mhuXC5
Balance https://flic.kr/p/bpeZXt
Huge https://flic.kr/p/p8tTGE
Between https://flic.kr/p/cXHXH3
Dynamic https://flic.kr/p/qzpdr9
Two https://flic.kr/p/9Jpzfz
Fixed https://flic.kr/p/21CsBV
Word https://flic.kr/p/913FL2
Different https://flic.kr/p/aUwPzp

73.
Access https://flic.kr/p/KA324
Sad https://flic.kr/p/9g5Gg8
Ocean https://flic.kr/p/fQ3pxX
Bench https://flic.kr/p/kbpHr3
Vanilla https://flic.kr/p/b4iChr
PHP https://flic.kr/p/4o1dFf
Test https://flic.kr/p/adiTK3