Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
NGINX for FUN
& PERFORMANCEPHILIPP KRENN @xeraa ecosio
Vienna
ViennaDB
Papers We Love Vienna
Electronic Data Interchange (EDI)
nginx
there's this russian server nginx. all the
porn sites use it. it must be decent.
— Jonathan VanascoJV
JV
http://www.destru...
From Subversion to Git
Users
WORDPRESS.COM APP
SERVER + LOAD BALANCER
UsersSTATIC CONTENT GITHUB
UsersSSL TERMINATION WIKIPEDIA
http://w3techs.com/technologies/cross/
web_server/ranking
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html
http://news.netcraft.com/archives/2015/03/19/march-2015-web-
server-survey.html
Public launch in 2004 by
IGOR SYSOEV
HTTPS://WWW.RAMBLER.RU
BSD LICENSED
CROSS-PLATFORM C
STABLE 1.6.2 (2014-09-16)
PREVIEW 1.7.11 (2015-03-24)
SUPPORT FROM NGINX INC.
nginx is a lightweight event-driven
reverse proxy for web and mail services.
— http://nginx.org
Apache
THREAD / PROCESS-ORIENTED
SPAWN A PROCESS FOR EACH CONNECTION (1MB+ RAM)
APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM ...
Problem200KB RESPONSE
MILLISECONDS TO GENERATE OR RETRIEVE
10S TO TRANSMIT AT 160KBPS (20KB/S)
1000 CONNECTIONS !
it's time for web servers to handle ten
thousand clients simultaneously
— Daniel Kegel
C10K challenge
NGINX SOLUTION
EVENT-DRIVEN ARCHITECTURE
Event-driven
SINGLE NONBLOCKING THREAD
ONE PROCESS PER CORE — NODE.JS, REDIS,...
STABLE MEMORY USAGE, NO CONTEXT SWITCHES
Event-driven1. Receive request
2. Trigger events in a process
3. Process handles events and returns output
http://en.wikip...
http://www.aosabook.org/en/nginx.html#fig.nginx.arch
!
EIERLEGENDE
WOLLMILCHSAU
"EGG-LAYING
WOOL-MILK-
SOW"
101Things nginx can do
000 SSL Termination
https://mozilla.github.io/server-side-tls/ssl-config-generator/
server {
listen 443 ssl;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key...
# Better Perfect Forward Secrecy, generate: openssl dhparam 2048
ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLS...
# HSTS: 15768000 seconds = 6 months
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling
resolver 8.8.8....
!
USE
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://www.ssllabs.com/ssltest/
001 Load Balancing
upstream backend_hosts {
server host0.example.com;
server host1.example.com;
server 10.10.10.10;
}
server {
listen 80;
ser...
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_a...
UPSTREAM BALANCING ALGORITHM
DEFAULT: ROUND ROBIN
least_conn
ip_hash
hash
MOAR FEATURESCOOKIE STICKINESS
WEIGHTING OF NODES
...
010 Proxying
location / {
proxy_pass http://localhost:8000;
}
011 Dynamic Pages
location ~* .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index....
100 A/B Testing
http {
split_clients "${remote_addr}" $designtest {
10% ".first";
10% ".second";
* "";
}
server {
listen 80;
server_name e...
101 Client-Side Caching
location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|
zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|
ppt|txt|tar|mid|midi|wav|bmp|rtf|j...
!
Apache is like Microsoft Word, it has a
million options but you only need six.
nginx does those six things, and it does
five of them 50 times faster than
Apache.
— Chris LeaCL
CL
http://maisonbisson.com...
GREAT! BUT...
...IT DOESN'T WORK THE
Apache WAY
FOR EXAMPLE .htaccess
FOR EVERY REQUEST, CHECK
EVERY DIRECTORY, READ AND
PARSE EVERY FILE
Changes effective immediately
http://example.com/assets/Uploads/gallery/image.jpg
DigitalOcean512MB RAM, 20GB SSD
UBUNTU 14.04 IN AMS2 + AMS3
ApacheBench
$ sudo apt-get install apache2-utils
$ ab -n 25000 -c 10 http://example.com
25,000 REQUESTS
CONCURRENCY 10, 50, 250, 1000
Vanilla installationsudo apt-get install apache2
sudo apt-get install nginx
NO TWEAKS
BEWARE
Unstable
$ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png
...
Server Software: nginx/1.4.6
Server Hostname: 188.226.1...
Benchmarking 178.62.213.21 (be patient)
Completed 2500 requests
Completed 5000 requests
Completed 7500 requests
Completed ...
$ ab -n 25000 -c 10
http://188.226.151.84/assets/Uploads/gallery/codemotion_intro.png
Add PHPsudo apt-get install php5-fpm
sudo apt-get install php5 libapache2-mod-php5
File<?php phpinfo();
ab -n 2500 -c 10 -l http://188.226.151.84/info.php
Concurrency Level: 10
Time taken for tests: 4.920 seconds
Complete requ...
BENCHMARK YOUR PROJECTS
BUILD
BENCHMARK
REPEAT
Say Apache one
more time...
Questions?
NOW OR @XERAA
HTTPS://SPEAKERDECK.COM/XERAA/
Feedback
HTTPS://JOIND.IN/14161
HTTPS://JOIND.IN/EVENT/CODEMOTION-ROME-2015
IMAGE CREDIT
Rome https://flic.kr/p/j9Lmu
Vienna https://flic.kr/p/4enYGH
Database https://flic.kr/p/6QVfAK
Paper https://...
Crowd https://flic.kr/p/Wd54U
Launch https://flic.kr/p/kjkJ5N
License https://flic.kr/p/nxAfZ
Release https://flic.kr/p/4r...
Taipei https://flic.kr/p/4hi1jB
Terminator https://flic.kr/p/6hDYBK
Load https://flic.kr/p/mhuXC5
Balance https://flic.kr/...
Access https://flic.kr/p/KA324
Sad https://flic.kr/p/9g5Gg8
Ocean https://flic.kr/p/fQ3pxX
Bench https://flic.kr/p/kbpHr3
...
Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015
Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015
Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015
Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015
Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015
Upcoming SlideShare
Loading in …5
×

Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015

782 views

Published on

Codemotion Rome 2015 - Is it fast yet? Performance is getting ever more important and using nginx is one of the easiest hacks to make your system faster. This talk takes a look at why and how nginx is so fast — it's all about being event-driven. Additionally, we discuss where you can make use of nginx's power, specifically for terminating SSL connections, providing a load balancer or proxy, and to run static websites as well as dynamic web-applications with PHP.

Published in: Software
  • Be the first to comment

Nginx for Fun & Performance - Philipp Krenn - Codemotion Rome 2015

  1. 1. NGINX for FUN & PERFORMANCEPHILIPP KRENN @xeraa ecosio
  2. 2. Vienna
  3. 3. ViennaDB Papers We Love Vienna
  4. 4. Electronic Data Interchange (EDI)
  5. 5. nginx
  6. 6. there's this russian server nginx. all the porn sites use it. it must be decent. — Jonathan VanascoJV JV http://www.destructuring.net/2006/10/09/nginx/
  7. 7. From Subversion to Git
  8. 8. Users WORDPRESS.COM APP SERVER + LOAD BALANCER
  9. 9. UsersSTATIC CONTENT GITHUB
  10. 10. UsersSSL TERMINATION WIKIPEDIA
  11. 11. http://w3techs.com/technologies/cross/ web_server/ranking
  12. 12. http://news.netcraft.com/archives/2015/03/19/march-2015-web- server-survey.html
  13. 13. http://news.netcraft.com/archives/2015/03/19/march-2015-web- server-survey.html
  14. 14. Public launch in 2004 by IGOR SYSOEV HTTPS://WWW.RAMBLER.RU
  15. 15. BSD LICENSED CROSS-PLATFORM C
  16. 16. STABLE 1.6.2 (2014-09-16) PREVIEW 1.7.11 (2015-03-24) SUPPORT FROM NGINX INC.
  17. 17. nginx is a lightweight event-driven reverse proxy for web and mail services. — http://nginx.org
  18. 18. Apache THREAD / PROCESS-ORIENTED SPAWN A PROCESS FOR EACH CONNECTION (1MB+ RAM) APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM USAGE
  19. 19. Problem200KB RESPONSE MILLISECONDS TO GENERATE OR RETRIEVE 10S TO TRANSMIT AT 160KBPS (20KB/S) 1000 CONNECTIONS !
  20. 20. it's time for web servers to handle ten thousand clients simultaneously — Daniel Kegel
  21. 21. C10K challenge NGINX SOLUTION EVENT-DRIVEN ARCHITECTURE
  22. 22. Event-driven SINGLE NONBLOCKING THREAD ONE PROCESS PER CORE — NODE.JS, REDIS,... STABLE MEMORY USAGE, NO CONTEXT SWITCHES
  23. 23. Event-driven1. Receive request 2. Trigger events in a process 3. Process handles events and returns output http://en.wikipedia.org/wiki/Reactor_pattern
  24. 24. http://www.aosabook.org/en/nginx.html#fig.nginx.arch
  25. 25. !
  26. 26. EIERLEGENDE WOLLMILCHSAU
  27. 27. "EGG-LAYING WOOL-MILK- SOW"
  28. 28. 101Things nginx can do
  29. 29. 000 SSL Termination
  30. 30. https://mozilla.github.io/server-side-tls/ssl-config-generator/
  31. 31. server { listen 443 ssl; ssl_certificate /path/to/signed_cert_plus_intermediates; ssl_certificate_key /path/to/private_key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m;
  32. 32. # Better Perfect Forward Secrecy, generate: openssl dhparam 2048 ssl_dhparam /path/to/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256: kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA: ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256: DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES: CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK: !aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on;
  33. 33. # HSTS: 15768000 seconds = 6 months add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling resolver 8.8.8.8 8.8.4.4; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; .... }
  34. 34. ! USE https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://www.ssllabs.com/ssltest/
  35. 35. 001 Load Balancing
  36. 36. upstream backend_hosts { server host0.example.com; server host1.example.com; server 10.10.10.10; } server { listen 80; server_name example.com; location / { proxy_pass http://backend_hosts; } }
  37. 37. location / { proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend_hosts; }
  38. 38. UPSTREAM BALANCING ALGORITHM DEFAULT: ROUND ROBIN least_conn ip_hash hash
  39. 39. MOAR FEATURESCOOKIE STICKINESS WEIGHTING OF NODES ...
  40. 40. 010 Proxying
  41. 41. location / { proxy_pass http://localhost:8000; }
  42. 42. 011 Dynamic Pages
  43. 43. location ~* .php$ { fastcgi_split_path_info ^(.+.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; fastcgi_read_timeout 120; }
  44. 44. 100 A/B Testing
  45. 45. http { split_clients "${remote_addr}" $designtest { 10% ".first"; 10% ".second"; * ""; } server { listen 80; server_name example.com; index index${designtest}.html; } }
  46. 46. 101 Client-Side Caching
  47. 47. location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css| zip|tgz|gz|rar|bz2|doc|xls|exe|pdf| ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { access_log off; expires max; }
  48. 48. !
  49. 49. Apache is like Microsoft Word, it has a million options but you only need six.
  50. 50. nginx does those six things, and it does five of them 50 times faster than Apache. — Chris LeaCL CL http://maisonbisson.com/post/12249/chris-lea-on-nginx-and-wordpress/
  51. 51. GREAT! BUT...
  52. 52. ...IT DOESN'T WORK THE Apache WAY FOR EXAMPLE .htaccess
  53. 53. FOR EVERY REQUEST, CHECK EVERY DIRECTORY, READ AND PARSE EVERY FILE Changes effective immediately
  54. 54. http://example.com/assets/Uploads/gallery/image.jpg
  55. 55. DigitalOcean512MB RAM, 20GB SSD UBUNTU 14.04 IN AMS2 + AMS3
  56. 56. ApacheBench $ sudo apt-get install apache2-utils
  57. 57. $ ab -n 25000 -c 10 http://example.com 25,000 REQUESTS CONCURRENCY 10, 50, 250, 1000
  58. 58. Vanilla installationsudo apt-get install apache2 sudo apt-get install nginx NO TWEAKS
  59. 59. BEWARE Unstable
  60. 60. $ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png ... Server Software: nginx/1.4.6 Server Hostname: 188.226.151.84 Server Port: 80 Document Path: /codemotion_intro.png Document Length: 2461 bytes Concurrency Level: 10 Time taken for tests: 7.734 seconds Complete requests: 25000 Failed requests: 0 Total transferred: 67575000 bytes HTML transferred: 61525000 bytes Requests per second: 3232.56 [#/sec] (mean) Time per request: 3.094 [ms] (mean) Time per request: 0.309 [ms] (mean, across all concurrent requests) Transfer rate: 8532.82 [Kbytes/sec] received ...
  61. 61. Benchmarking 178.62.213.21 (be patient) Completed 2500 requests Completed 5000 requests Completed 7500 requests Completed 10000 requests Completed 12500 requests Completed 15000 requests Completed 17500 requests Completed 20000 requests Completed 22500 requests apr_socket_recv: Connection reset by peer (104) Total of 24847 requests completed
  62. 62. $ ab -n 25000 -c 10 http://188.226.151.84/assets/Uploads/gallery/codemotion_intro.png
  63. 63. Add PHPsudo apt-get install php5-fpm sudo apt-get install php5 libapache2-mod-php5
  64. 64. File<?php phpinfo();
  65. 65. ab -n 2500 -c 10 -l http://188.226.151.84/info.php Concurrency Level: 10 Time taken for tests: 4.920 seconds Complete requests: 2500 Failed requests: 0 Total transferred: 164667204 bytes HTML transferred: 164252204 bytes Requests per second: 508.18 [#/sec] (mean) Time per request: 19.678 [ms] (mean) Time per request: 1.968 [ms] (mean, across all concurrent requests) Transfer rate: 32687.80 [Kbytes/sec] received
  66. 66. BENCHMARK YOUR PROJECTS BUILD BENCHMARK REPEAT
  67. 67. Say Apache one more time...
  68. 68. Questions? NOW OR @XERAA HTTPS://SPEAKERDECK.COM/XERAA/
  69. 69. Feedback HTTPS://JOIND.IN/14161 HTTPS://JOIND.IN/EVENT/CODEMOTION-ROME-2015
  70. 70. IMAGE CREDIT Rome https://flic.kr/p/j9Lmu Vienna https://flic.kr/p/4enYGH Database https://flic.kr/p/6QVfAK Paper https://flic.kr/p/7Ahvn1 Engine https://flic.kr/p/hD3SY4 X https://flic.kr/p/9vMs2 Kiss https://flic.kr/p/z8Phh Branches https://flic.kr/p/aDgLJx
  71. 71. Crowd https://flic.kr/p/Wd54U Launch https://flic.kr/p/kjkJ5N License https://flic.kr/p/nxAfZ Release https://flic.kr/p/4rDBEK Lightweight https://flic.kr/p/6h98Li Apache https://flic.kr/p/8m9Mf1 Flow https://flic.kr/p/a5A3e1 Simultaneous https://flic.kr/p/easM1t Speed https://flic.kr/p/afEu4o Block https://flic.kr/p/8szrqe Eierlegende Wollmilchsau https://flic.kr/p/GzQTT
  72. 72. Taipei https://flic.kr/p/4hi1jB Terminator https://flic.kr/p/6hDYBK Load https://flic.kr/p/mhuXC5 Balance https://flic.kr/p/bpeZXt Huge https://flic.kr/p/p8tTGE Between https://flic.kr/p/cXHXH3 Dynamic https://flic.kr/p/qzpdr9 Two https://flic.kr/p/9Jpzfz Fixed https://flic.kr/p/21CsBV Word https://flic.kr/p/913FL2 Different https://flic.kr/p/aUwPzp
  73. 73. Access https://flic.kr/p/KA324 Sad https://flic.kr/p/9g5Gg8 Ocean https://flic.kr/p/fQ3pxX Bench https://flic.kr/p/kbpHr3 Vanilla https://flic.kr/p/b4iChr PHP https://flic.kr/p/4o1dFf Test https://flic.kr/p/adiTK3

×