Nginx Configuration, Optimization For WordPress
Nginx is taking over the internet, literally. The top 1000 websites measured by Alexa are nearly all running on Nginx as the days of Apache (with cPanel, usually) server dominance quickly come to an end. The truth about modern web servers like Nginx is that they don’t really need to be “optimized” very much. In fact, I would go so far as to say that “over-optimization” is probably one of the most common issues I see among website administrators these days. That being said, there are still some basic configuration items that should be addressed when setting up an Nginx VPS or server, and the most important file involved is /etc/nginx/nginx.conf on Ubuntu servers, although the location can (rarely) vary.
Like everything else related to server and network administration, these Nginx configuration settings are constantly evolving and often debated amongst programmers and system administrators. That being said, I’ve tried to include as many popular configuration options as possible along with recommended settings and an explanation of each one. Keep in mind that many Nginx configuration “recommendations” you might come across on blogs are in fact already enabled by default, so there is no need to re-specify them here in the Nginx configuration file (plus, this runs the risk of becoming outdated or inaccurate with each new Nginx version). I welcome any feedback or configuration suggestions for Nginx in the comments section.
sudo nano /etc/nginx/nginx.conf
After you’ve opened the Nginx configuration file using the command above, paste the below into it:
Last updated 2 May, 2016 and optimized for Ubuntu 14.04 LTS + CloudFlare.
## NOTICE: to be used with this server block // https://www.littlebizzy.com/blog/nginx-server-block-ssl
## do not change the below username unless you know what you are doing
user www-data;
## should be 1 per CPU core, or simply "auto" is fine for newer Nginx versions
worker_processes auto;
pid /run/nginx.pid;
events {
## debated but can be 1024 x number of CPU cores (2048 is enough for most single-site servers)
worker_connections 1024;
## allow multiple connections for better performance
multi_accept on;
## recommended for most any type of Linux server (event polling)
use epoll;
}
http {
## WARNING: do not enable any of below cache rules if set in WordPress: https://www.littlebizzy.com/blog/http-headers
## "expires" and "Pragma" headers are outdated, and Etags are enabled by default on newer Nginx versions
## Nginx adds its own Cache-Control header if the expires header exists but doesn't include the "public" directive
## if your site is behind CloudFlare keep in mind that only the first Cache Control header will be used
# add_header Cache-Control "public, max-age=300";
## cache metadata (only) of any files that are opened regularly (including errors)
## how many files cached and how often a file must be requested to remain in the cache
open_file_cache max=5000 inactive=15s;
## how long with the cached file data remain valid for
open_file_cache_valid 30s;
## how many requests per file within "inactivate" window to activate a file to be cached
open_file_cache_min_uses 1;
## should error message pages be cached as well
open_file_cache_errors on;
## buffers (comment these lines out if you see 414/400 errors)
## any body size request greater than this will be written to a temporary file
client_body_buffer_size 16K;
## usually 1k is recommended but 4k is safer to avoid browser errors
client_header_buffer_size 4k;
## allows super large cookies and browser headers (i.e. POST data)... usually 4 x 16k or 4 x 32k ("safer") is recommended
large_client_header_buffers 4 32k;
## timeouts should be capped to save memory
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 15;
send_timeout 15;
## useful nginx settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
## allow large post sizes and frontend uploads
client_max_body_size 512M;
## errors may occur without this on
types_hash_max_size 2048;
## for extra nginx security and stability
## hide nginx version
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
## prevent clickjacking
add_header X-Frame-Options SAMEORIGIN;
## prevent MIME type sniffing
add_header X-Content-Type-Options nosniff;
## guard against XSS attacks
add_header X-XSS-Protection "1; mode=block";
## mime types
include /etc/nginx/mime.types;
default_type application/octet-stream;
## disable unnecessary logging
access_log off;
## turn on with location /var/log/nginx/error.log ... (www-data owner/group with 755 permissions)
error_log /var/log/nginx/error.log;
## enable gzip compression (for non-SSL servers only)
gzip on;
## always enable vary https://www.maxcdn.com/blog/accept-encoding-its-vary-important/
## vary doesn't matter (won't work) if behind CloudFlare though https://support.cloudflare.com/hc/en-us/articles/200168086-Does-CloudFlare-gzip-resources-
# gzip_vary on;
gzip_comp_level 3;
gzip_min_length 1024;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
## rate limit access to any given file (recommended for login pages... server block rule required)
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_status 444;
## virtual host config
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
After making any Nginx configuration changes, be sure to first “test” and then restart Nginx:
sudo nginx -t
sudo service nginx restart
Leave a Reply