优化思路
- 充分利用 CPU:worker 进程、CPU 亲和
- 提升并发连接:文件描述符、TCP 参数
- 减少 I/O:sendfile、缓存、压缩
- 降低延迟:长连接、缓冲区、超时控制
- 可观测:状态页、日志、监控告警
二、Nginx 配置优化(完整版 nginx.conf)
nginx
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 10240;
multi_accept on;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 基础性能
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
# 长连接
keepalive_timeout 65;
keepalive_requests 1000;
# 缓冲区
client_body_buffer_size 128k;
client_header_buffer_size 4k;
large_client_header_buffers 8 8k;
client_max_body_size 10m;
# 超时
client_body_timeout 15s;
client_header_timeout 15s;
send_timeout 15s;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_time"';
access_log /var/log/nginx/access.log main;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 512;
gzip_types
text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss
image/svg+xml font/woff font/woff2;
include /etc/nginx/conf.d/*.conf;
}三、常用场景优化
1. 静态资源缓存(server/location 内)
nginx
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg)$ {
expires 365d;
add_header Cache-Control "public, max-age=31536000, immutable";
access_log off;
}2. 反向代理 / 负载均衡优化
nginx
upstream backend {
server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
keepalive 32;
}
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
proxy_buffering on;
proxy_buffers 8 4k;
}四、系统内核优化(/etc/sysctl.conf)
bash
运行
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
fs.file-max = 1048576生效:
bash
运行
sysctl -p文件描述符限制(/etc/security/limits.conf)
plaintext
* soft nofile 65535
* hard nofile 65535五、Nginx 监控
1. 内置状态页 stub_status
nginx
location /nginx-status {
stub_status;
allow 127.0.0.1;
deny all;
}访问返回:
plaintext
Active connections: 8
server accepts handled requests
12030 12030 45200
Reading: 0 Writing: 2 Waiting: 6指标说明:
- Active connections:当前活跃连接
- accepts:接受连接数
- handled:处理连接数
- requests:总请求数
- Reading/Writing/Waiting:读请求、写响应、空闲长连接
2. 常用监控命令
bash
运行
# 活跃连接数
ss -ant | grep :80 | grep ESTAB | wc -l
# 看 nginx 进程占用
ps aux | grep nginx
# 实时看请求日志
tail -f /var/log/nginx/access.log
# 统计 QPS
awk '{print $4}' access.log | uniq -c
# 统计状态码数量
awk '{print $9}' access.log | sort | uniq -c
# 访问量 TOP10 URL
awk '{print $7}' access.log | sort | uniq -c | sort -nr | head -103. 主流监控方案
- 简易 :
stub_status + 脚本 + 日志分析 - 中小规模:Prometheus + nginx-exporter + Grafana
- 企业级:ELK/ClickHouse + 可视化大盘 + 告警
六、常见问题与排查
- too many open files → 调大
worker_rlimit_nofile+ 系统 limits - 高并发 502→ 后端超时、连接满、proxy_read_timeout 过小
- CPU 高→ gzip 级别过高、无缓存、请求密集
- 慢响应→ 无长连接、缓冲区小、后端慢
- TIME_WAIT 过多 → 开启
tcp_tw_reuse
七、文档总结(可直接当面试 / 交付版)
Nginx 性能优化围绕 进程模型、连接、I/O、缓存、压缩、内核参数 六大方向;监控围绕 活跃连接、QPS、状态码、响应时间、错误日志 建立可观测体系。优化后可支撑 数万并发 且稳定低延迟。