porylo
4/20/2020 - 8:56 AM
31. Securing and optimizing Nginx - Buffers, Timeouts and File Handle
Configure buffers, timeouts and file handle
Create a separate custom conf file within /etc/nginx/ folder
mkdir /etc/nginx/global
cd /etc/nginx/global
sudo touch buffers.conf
sudo touch timeouts.conf
sudo touch file_handle_cache.conf
sudo nano buffers.conf
######
## NGINX.CONF BUFFER DIRECTIVES
######
# BUFFERS
client_body_buffer_sixe 10k;
client_header_buffer_size 1k;
clidnt_max_body_size 8m;
large_content_header_buffers 2 1k;
sudo nano file_handle_cache.conf
# FILE HANDLE CACHE
open_file_chache max=1500 inactive=30s;
open_file_cache_valid 30s;
open_file_cache_min_users 5;
open_file_cache_errors off;
Nginx will keep open 1500 files for 30 seconds. This excludes any file that has not been accessed for 30 sec; and only files that have been accessed in this timeframe
sudo nano timeouts.conf
######
## NGINX.CONF TIMEOUTS DIRECTIVES
######
# TIMEOUTS
client_header_timeout 3m;
client_body_timeout 3m;
keepalive_timeout 100;
keepalive_requests 1000;
send_timeout 3m;
Incude the above into main Nginx configuration
Navigate one folder up (to /etc/nginx)
sudo nano nginx.conf
Add a heading in the nginx.conf under section #Virtual Hosts Configs (under the line: include /etc/nginx/sites-enabled/*;). This is located in http context. (Tutor also says that this is the end of the file - however - fit the code before the final curly bracket)
##
# Buffers Timeouts File Handle Cache
##
*(use 'include directive'--> syntax for this is: include <path to the file>
include global/buffers.conf;
include global/timeouts.conf;
# include global/file_handle_cache.conf
*(comment out the file_handle_cache.conf- it will be uncommented once server is running. For it to work proprely it needs a stable asset environment.)
Save changes, exit nano
Test for errors and reload nginx
sudo nginx -t
sudo systemctl reload nginx