The worker_processes directive determines the number of worker processes Nginx should spawn. A typical Nginx instance runs one master process that manages multiple worker processes based on this setting. The default value is 'auto', which automatically creates a number of worker processes equal to the available CPU cores. When using SSL certificates, it's advisable to configure multiple worker processes since SSL handshakes involve disk I/O operations, and additional workers can improve performance.

Connection Handling Parameters

The worker_connections directive, located in the events block, specifies the maximum number of simultaneous connections each worker process can handle. The default is 1024. Note that concurrent connections don't directly equal served clients, as browsers open multiple connections to download page components like images and scripts. Different browsers also establish varying numbers of concurrent connections.

worker_rlimit_nofile addresses file descriptor limitations. Since each socket connection requires a file descriptor, the total connections Nginx can handle is constrained by the system's file descriptor limit. Exceeding this limit results in "too many opened files" errors in error.log. Check the current limit with:

$ ulimit -n

Ensure the Nginx user (typically www-data or nginx) has a file descriptor limit greater than the product of worker_processes and worker_connections. Setting it to 65535 is common practice.

Event Processing Models

The multi_accept directive in the events block enables workers to accept all queued connections at once. When 'off' (default), workers accept connections one by one. While enabling multi_accept can improve throughput for steady request streams, it might cause overflow if workers receive more connections than specified in worker_connections, leading to performance degradation as excess requests go unprocessed.

The use directive specifies the event model: select, poll, kqueue, epoll, or resig. Epoll is the default and recognized as a high-performance event-driven model suitable for most Linux systems.

Logging Configuration

error_log enables and configures error logging, crucial for debugging Nginx. It can be set globally, in http, server, or location contexts. Log levels include: debug, info, notice, warn, error, crit, alert, and emerg. Example: error_log /var/log/nginx/domain.error.log warn;

access_log records an entry for each processed client request, including timestamps and client/resource information. Use log_format to define custom log formats and access_log to specify the file location and format. Best practice suggests seperate access logs per virtual host in the server context, which overrides http-level settings.

Buffer and Body Size Settings

Nginx's buffer parameters like proxy_max_temp_file_size and proxy_buffers require careful configuration. Misconfiguration can generate warnings about responses being "buffered to a temporary file."

client_max_body_size (default 1M) limits the maximum request body size from clients, as specified in the Content-Length header. Requests exceeding this limit fail with HTTP 413. Increase this value for large file uploads.

client_body_buffer_size sets the memory buffer for request body data. If data fits within this size, it's stored in memory; otherwise, it's written to a temporary file (default: /var/lib/nginx/tmp/client_body/) with a warning. Configure client_body_temp_path appropriately and ensure the Nginx user has write permissions.

Proxy Buffer Configuration

proxy_buffer_size sets the buffer size for response headers from proxied servers (default 4k or 8k). Can be configured in http, server, or location blocks with location > server > http precedence.

proxy_buffers defines the number and size of buffers for response bodies:

proxy_buffers number size;

proxy_busy_buffers_size controls the buffer size that can be busy while sending to the client, typically set as a multiple of the individual proxy_buffers size.

proxy_max_temp_file_size and proxy_temp_path handle large proxy responses exceeding buffer capacity. When responses are larger than proxy_buffers and proxy_busy_buffers_size, Nginx writes them to temporary files. proxy_max_temp_file_size limits the temporary file size, while proxy_temp_path specifies the storage location.

SELinux Configuration

The error "setrlimit(RLIMIT_NOFILE, 65535) failed (1: Operation not permitted)" occurs when Nginx's worker_rlimit_nofile conflicts with the system's ulimit -n value, and SELinux prevents httpd processes from modifying this limit. Solution: execute setsebool -P httpd_setrlimit 1 and restart the system.