nginx.conf optimizations: # use the number of logical cores / threads:
worker_processes 8; worker_connections 1024;
multi_accept on; # log buffer (reduce slow disc writes) access_log /var/log/nginx/access.log main buffer=16k;
# gzip config gzip on; gzip_disable "msie6"; gzip_min_length 1400; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Cache information about frequently accessed files open_file_cache max=2000 inactive=20s; open_file_cache_valid 60s; open_file_cache_min_uses 5; open_file_cache_errors off;
# buffers optimzed: client_max_body_size 20m; client_body_buffer_size 128k; # fix 169 upstream sent too big header while reading response header from upstream proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; proxy_read_timeout 1200s; fastcgi_send_timeout 1200s; fastcgi_read_timeout 1200s; # mitigate https://httpoxy.org: fastcgi_param HTTP_PROXY "";
tcp_nopush on; tcp_nodelay on; #tcp_nopush off; # -> 0,1s - 0,3s slower keepalive_timeout 5; # instead of 65 - less ressources, same performance
dotdeb packages include mod_pagespeed for nginx in wheezy
add dotdeb repos to /etc/apt/sources.list:
deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all
update and install nginx-extras from dotdeb:
apt-get update apt-get install nginx-extras
create cache dir:
mkdir /var/cache/ngx_pagespeed/ chown www-data:www-data /var/cache/ngx_pagespeed/
edit /etc/nginx/sites-available/default:
server { #.... pagespeed on; pagespeed RewriteLevel CoreFilters; pagespeed FileCachePath "/var/cache/ngx_pagespeed/"; pagespeed EnableFilters combine_css,combine_javascript,remove_comments,collapse_whitespace; #.... }
play with the filters:
https://developers.google.com/speed/pagespeed/module/config_filters
URL-Encoding with Umlauten is a problem. Here is howto fix it:
rewrite (*UTF8)^/[öüäÖÜÄßa-zA-Z][a-zA-Z]/index.php(.*)$ /index.php$1;
Cache PHP output for a very short time on busy sites to reduce php load:
Vhost config top:
fastcgi_cache_path /home/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
.... location ~ \.php$ {
# Setup var defaults set $no_cache ""; # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie if ($request_method !~ ^(GET|HEAD)$) { set $no_cache "1"; } # Drop no cache cookie if need be # (for some reason, add_header fails if included in prior if-block) if ($no_cache = "1") { add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/"; add_header X-Microcachable "0"; } # Bypass cache if no-cache cookie is set if ($http_cookie ~* "_mcnc") { set $no_cache "1"; } # Bypass cache if flag is set fastcgi_no_cache $no_cache; fastcgi_cache_bypass $no_cache; fastcgi_cache microcache; fastcgi_cache_key $server_name|$request_uri; fastcgi_cache_valid 404 30m; fastcgi_cache_valid 200 10s; fastcgi_max_temp_file_size 1M; fastcgi_cache_use_stale updating; fastcgi_pass_header Set-Cookie; fastcgi_pass_header Cookie; fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
Howto Block Bots in nginx.conf or included config. Here's an extensive List:
server { ... if ($http_user_agent ~* (AspiegelBot|MegaIndex|heritrix|panscient|HubSpot|libwww-perl|OpenVAS-VT|masscan|Linguee|Nimbostratus|Seekport|SMTBot|SEOkicks|SeobilityBot|360Spider|AhrefsBot|BLEXBot|MJ12bot|BUbiNG|Findxbot|Morfeus|larbin|ZmEu|Toata|talktalk|Baiduspider|webalta|nikto|wkito|pikto|scan|acunetix|morfeus|webcollage|youdao|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner|SemrushBot|GetWeb!|GetRight|Go!Zilla|Download\Demon|Go-Ahead-Got-It|TurnitinBot|GrabNet|Indy\ Library) ) { # Connection Closed Without Response # A non-standard status code used to instruct nginx to close the connection without sending a response to the client, # most commonly used to deny malicious or malformed requests. return 444; } ... }