Update 06/12/25 Β· Read 4 min
(Struktur artikel: internal architecture, tuning OS, tuning Nginx, tuning upstream, caching, cluster, anti-DDOS, observability, contoh config production)
Contents
- 1 π₯ 1. Cara Kerja Internal Nginx (Menentukan Konfigurasi)
- 2 π§ 2. Tuning Kernel Linux (WAJIB PADA TRAFFIC BESAR)
- 3 βοΈ 3. Tuning File Descriptor (ulimit)
- 4 𧱠4. Struktur Nginx Konfigurasi (High-Performance)
- 5 π 5. HTTP Level Tuning (Detailed)
- 6 π¦ 6. Tuning Static Buffer
- 7 π 7. Reverse Proxy Yang Efisien (Backend Node/Go/PHP)
- 8 β‘ 8. Load Balancing (High Availability)
- 9 π 9. Cache (Membunuh Overhead Backend)
- 10 π‘οΈ 10. Security & Anti-DoS (Advanced)
- 11 π 11. Monitoring & Tuning Real Time
- 12 π 12. Testing Benchmark High Concurrency
- 13 π 13. Contoh Konfigurasi PRODUCTION HIGH-TRAFFIC (complete)
- 14 π― 14. Kesimpulan Teknikal (Apa yang membedakan konfigurasi high-traffic?)
π₯ 1. Cara Kerja Internal Nginx (Menentukan Konfigurasi)
Sebelum mengkonfigurasi Nginx, kita wajib mengerti bagaimana Nginx menangani ribuan koneksi.
Model Event-Driven & Non-Blocking
- Nginx tidak membuat 1 thread per koneksi
- Nginx memiliki 1 event loop per worker process
- Event loop menangani ribuan koneksi sekaligus
Contoh Sederhana
Jika Anda punya server Nginx dengan:
- 4 CPU Core
- worker_process = 4
- worker_connections = 65,535
Maka kapasitas maksimum teoritis:
4 * 65535 = ~262.000 koneksi simultan
Dengan memory hanya Β± 200β300 MB untuk 200k koneksi.
Kalau Apache?
200k koneksi β 200k thread β server mati.
π§ 2. Tuning Kernel Linux (WAJIB PADA TRAFFIC BESAR)
Edit:
/etc/sysctl.conf
Parameter Penting:
# Maks koneksi di backlog
net.core.somaxconn = 65535
# Maks paket network di queue
net.core.netdev_max_backlog = 65535
# Mempercepat handshake lengkap ketika ada spike traffic
net.ipv4.tcp_syn_retries = 2
# Buffer TCP lebih longgar
net.ipv4.tcp_max_syn_backlog = 4096
# Mengurangi TIME_WAIT (menghemat memory)
net.ipv4.tcp_fin_timeout = 15
# Reuse koneksi
net.ipv4.tcp_tw_reuse = 1
# Port range luas agar server tidak kehabisan port
net.ipv4.ip_local_port_range = 1024 65535
Apply:
sysctl -p
Ini wajib jika server Anda menerima >10.000 koneksi bersamaan.
βοΈ 3. Tuning File Descriptor (ulimit)
Koneksi socket = file.
Jika Anda punya 50.000 koneksi, maka dibutuhkan 50.000 FD.
Set:
ulimit -n 1000000
Systemd service:
LimitNOFILE=1000000
Kalau ini terabaikan, server akan βkehabisan FDβ β crash.
𧱠4. Struktur Nginx Konfigurasi (High-Performance)
Mari bedah detail nginx.conf.
worker_processes
worker_processes auto;
Mengikuti jumlah CPU.
Kalau server punya 8 CPU, dia akan otomatis pakai 8 workers.
Setting Event
events {
use epoll; # sangat penting untuk Linux
worker_connections 65535;
multi_accept on; # terima banyak koneksi per event loop
}
epoll = high performance kernel polling.
Tanpa ini, Anda hanya memakai mode default (kalah performa).
π 5. HTTP Level Tuning (Detailed)
http {
sendfile on; # Copy kernel level β efisien
tcp_nopush on; # Kumpulkan paket kirim sekaligus
tcp_nodelay on; # Jangan delay paket kecil (optimisasi paket)
keepalive_timeout 15; # Pastikan koneksi hidup secukupnya
keepalive_requests 2000; # Banyak request per keepalive
}
Penjelasan:
| Setting | Efek |
|---|---|
| sendfile | I/O kernel direct, tidak lewat user space |
| tcp_nopush | Optimalisasi burst paket TCP |
| tcp_nodelay | Cepat mengirim respons kecil |
| keepalive_requests | Efisiensi CPU & latency |
π¦ 6. Tuning Static Buffer
client_max_body_size 20m;
client_body_buffer_size 128k;
client_header_buffer_size 8k;
large_client_header_buffers 4 32k;
Kegunaan:
- Mencegah buffering berlebihan
- Mencegah DOS karena request header besar
π 7. Reverse Proxy Yang Efisien (Backend Node/Go/PHP)
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 512k;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_connect_timeout 5;
}
β‘ 8. Load Balancing (High Availability)
upstream backend {
least_conn;
server 192.168.1.10 max_fails=3 fail_timeout=20s;
server 192.168.1.11 max_fails=3 fail_timeout=20s;
server 192.168.1.12 max_fails=3 fail_timeout=20s;
}
Balancer:
| Algoritma | Fungsi |
|---|---|
| round_robin | rata-rata (default) |
| least_conn | terbaik untuk traffic tidak rata |
| ip_hash | untuk session based |
Untuk aplikasi realtime β least_conn
π 9. Cache (Membunuh Overhead Backend)
Define cache zone
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache_zone:200m max_size=10g inactive=60m;
Enable caching di route
location /api/getdata {
proxy_pass http://backend;
proxy_cache cache_zone;
proxy_cache_valid 200 1m;
proxy_cache_lock on;
}
Efek:
- Backend turun load sampai 90%
- Response super cepat
π‘οΈ 10. Security & Anti-DoS (Advanced)
limit_conn_zone $binary_remote_addr zone=conn_ip:10m;
limit_conn conn_ip 50;
limit_req_zone $binary_remote_addr zone=req_ip:10m rate=20r/s;
limit_req zone=req_ip burst=40 nodelay;
Fungsi:
- 1 IP max 50 koneksi
- 1 IP max 20 request/s (burst 40)
Server tetap stabil meski kena serangan.
π 11. Monitoring & Tuning Real Time
Tool recommended:
ngxtop(monitor HTTP stats real-time)netdata(grafik lengkap)prometheus + grafana(enterprise)
Hal yang wajib dipantau:
- CPU load
- RAM
- Open FD
- Latency P95 / P99
- Error rate
- Concurrency
π 12. Testing Benchmark High Concurrency
Menggunakan wrk
wrk -t12 -c20000 -d30s http://yourserver/
Parameter:
- 12 thread load tester
- 20.000 koneksi bersamaan
- 30 detik durasi
Ini yang dipakai industri untuk high performance test.
π 13. Contoh Konfigurasi PRODUCTION HIGH-TRAFFIC (complete)
worker_processes auto;
events {
worker_connections 65535;
use epoll;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
keepalive_requests 2000;
client_max_body_size 20m;
client_body_buffer_size 128k;
client_header_buffer_size 8k;
large_client_header_buffers 4 32k;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 512k;
upstream backend {
least_conn;
server 192.168.1.10;
server 192.168.1.11;
}
server {
listen 80;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
π― 14. Kesimpulan Teknikal (Apa yang membedakan konfigurasi high-traffic?)
Faktor TERPENTING:
| Komponen | Dampak |
|---|---|
| Kernel tuning | tanpa ini bottleneck muncul |
| epoll | performa tinggi |
| worker_processes | memanfaatkan semua CPU |
| worker_connections | ribuan koneksi simultan |
| Reverse proxy | optimisasi backend |
| Caching | backend jadi ringan |
| Load balancing | skalabilitas horizontal |
| Rate limit | tahan serangan |
| Monitoring | menghindari downtime |