Untuk menangani traffic ekstrem (100k+ req/sec) secara stabil, Nginx harus dikonfigurasi dengan pendekatan global base configuration + virtual domain modular.

Artikel ini membahas konfigurasi, seting global dasar yang bertugas mengatur:

• CPU & worker model
• Event loop & koneksi
• Memory & buffer
• Network I/O
• Proteksi dasar traffic
• Integrasi kernel Linux

Semua detail aplikasi dan domain didefinisikan terpisah di virtual host (server {}).

1. Filosofi Arsitektur

1.1 Pemisahan Tanggung Jawab

Pendekatan ini:

• Mudah diskalakan
• Aman untuk multi-tenant
• Stabil di traffic ekstrem
• Mudah di-automation (Ansible / Terraform)

2. Worker & Event Model (Global)

worker_processes auto;
worker_rlimit_nofile 1048576;

• worker_processes auto → 1 worker per CPU core
• worker_rlimit_nofile → batas maksimal socket & file

Event Loop

events {
    worker_connections 16384;
    multi_accept on;
    use epoll;
}

Kapasitas koneksi teoritis:

CPU core × worker_connections

3. Network & File I/O Optimization

sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;

4. Keepalive Strategy

keepalive_timeout 15;
keepalive_requests 50000;

Tujuan:

• Kurangi TCP handshake
• Tingkatkan throughput
• Hindari socket leak

5. Timeout Agresif (Anti Slow Client)

client_body_timeout 5s;
client_header_timeout 5s;
send_timeout 5s;

Ini wajib untuk traffic besar agar:

• Client lambat tidak menghabiskan resource
• Memory tetap stabil

6. Buffer & Memory Management

client_body_buffer_size 64k;
client_header_buffer_size 1k;
large_client_header_buffers 2 8k;
client_max_body_size 20M;

Prinsip:

• Buffer kecil → lebih banyak koneksi
• Header dibatasi → mitigasi abuse

7. Logging Strategy

access_log off;
error_log /var/log/nginx/error.log warn;

Kenapa access log dimatikan secara global?

• Disk I/O bottleneck
• CPU overhead tinggi
• Bisa diaktifkan per domain jika perlu

8. Gzip Global (CPU Friendly)

gzip on;
gzip_comp_level 4;

Level 4 = balance ideal antara CPU & bandwidth.
Jika pakai CDN → gzip bisa dimatikan di origin.

9. File Descriptor Cache

open_file_cache max=500000 inactive=30s;

Mengurangi:

• syscall ke filesystem
• latency baca file static

10. Rate Limit & Connection Zone (Global)

limit_conn_zone $binary_remote_addr zone=conn_limit:50m;
limit_req_zone  $binary_remote_addr zone=req_limit:50m rate=20r/s;

📌 Harus didefinisikan di http {}, lalu dipakai di tiap domain.

11. Struktur Direktori yang Direkomendasikan

/etc/nginx/
├── nginx.conf            # GLOBAL BASE
├── conf.d/
│   ├── site1.conf        # server {} per domain
│   ├── site2.conf
│   └── default.conf

🔥 FULL GLOBAL BASE CONFIG (1 FILE)

Sebelum seting wajib backup file asli:

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sudo rm -rf /etc/nginx/nginx.conf
sudo nano /etc/nginx/nginx.conf

📍 Lokasi: /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
worker_rlimit_nofile 1048576;

events {
    worker_connections 16384;
    multi_accept on;
    use epoll;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server_tokens off;

    sendfile on;
    sendfile_max_chunk 512k;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 15;
    keepalive_requests 50000;

    client_body_timeout 5s;
    client_header_timeout 5s;
    send_timeout 5s;

    client_body_buffer_size 64k;
    client_header_buffer_size 1k;
    large_client_header_buffers 2 8k;
    client_max_body_size 20M;

    access_log off;
    error_log /var/log/nginx/error.log warn;

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 4;
    gzip_buffers 16 8k;
    gzip_min_length 1024;

    gzip_types
        text/plain
        text/css
        application/json
        application/javascript
        application/xml
        text/xml
        text/javascript;

    open_file_cache max=500000 inactive=30s;
    open_file_cache_valid 60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    limit_conn_zone $binary_remote_addr zone=conn_limit:50m;
    limit_req_zone  $binary_remote_addr zone=req_limit:50m rate=20r/s;

    include /etc/nginx/conf.d/*.conf;
}

Test kode pastikan tidak error:

sudo nginx -t 
sudo systemctl reload nginx

JIka erro bisa restore:

sudo cp /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
sudo nginx -t
sudo systemctl reload nginx

⚙️ OS / KERNEL TUNING (WAJIB & DETAIL)

1️⃣ Setup Kernel TCP & Network

📍 Lokasi: /etc/sysctl.conf
(atau buat file terpisah /etc/sysctl.d/99-nginx.conf — lebih rapi)

net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535

net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1

net.ipv4.ip_local_port_range = 1024 65535

Apply:

sudo sysctl -p
# atau
sudo sysctl --system

2️⃣ File Descriptor Limit

📍 Lokasi: /etc/security/limits.conf

nginx soft nofile 1048576
nginx hard nofile 1048576

Pastikan juga systemd tidak membatasi:

Langkah awal buat folder dan file :

mkdir -p /etc/systemd/system/nginx.service.d
nano /etc/systemd/system/nginx.service.d/limits.conf

📍 /etc/systemd/system/nginx.service.d/limits.conf

[Service]
LimitNOFILE=1048576

Reload:

sudo systemctl daemon-reexec
sudo systemctl restart nginx

3️⃣ Verifikasi

nginx -t
ulimit -n
ss -s

Kesimpulan Akhir

Dengan:

• Global base Nginx yang bersih
• Virtual domain modular
• Kernel Linux yang dituning
• Logging minimal

➡️ 100k+ req/sec adalah target realistis, bukan optimasi berlebihan.

Konfigurasi ini siap production, aman untuk:

• Multi-domain
• CDN origin
• Static heavy workload
• Edge server