Nginx Configuration Analyzer

Optimized for Yandex Cloud Managed Kubernetes

Built with anycoder

Optimized Nginx Configuration

worker_processes auto; worker_rlimit_nofile 100000; events { worker_connections 4096; multi_accept on; use epoll; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75s; keepalive_requests 1000; client_max_body_size 16m; client_body_buffer_size 128k; large_client_header_buffers 4 16k; server_tokens off; reset_timedout_connection on; types_hash_max_size 2048; gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; server { listen 80; server_name _; location / { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; } } }
Key Optimizations Explained:
Worker Processes
auto

Automatically sets worker processes to match CPU cores. Recommended for modern multi-core systems.

Official Nginx Documentation (2025)
File Descriptors
100,000

Increased from default to handle more concurrent connections in Kubernetes environment.

Nginx Tuning Guide (2025)
Event Model
epoll

Most efficient for Linux systems, especially in cloud environments.

Nginx Event Types (2025)
Yandex Cloud Specific Recommendations:
  • Enabled multi_accept to accept multiple connections at once, reducing latency in managed Kubernetes
  • Configured keepalive settings for better connection reuse in containerized environments
  • Added reset_timedout_connection to properly handle timeouts in cloud networking
  • Optimized proxy settings for Kubernetes service communication

Security Enhancements

# Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; # SSL Configuration (recommended for production) ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
Security Measures:

Added comprehensive security headers to protect against common web vulnerabilities. SSL configuration follows modern best practices for 2025.

Nginx SSL Module Documentation
OWASP Secure Headers Project

Performance Metrics

Expected Concurrent Connections
~40,000

With worker_connections=4096 and auto worker_processes (assuming 10 cores)

Memory Efficiency
Optimized

Open file cache and proper buffer sizes reduce memory overhead

Gzip Compression
Enabled (Level 6)

Balanced compression level for good performance and size reduction