You’ll now review a tuned configuration based on the configuration in the set up a reverse proxy and API gateway section of the Learn how to deploy NGINX Learning Path.
Use this example configuration as a starting point, then size each directive for your workload and validate the result with repeatable measurements.
Use the same top-level configuration from Tune a static file server .
The following is a tuned configuration (/etc/nginx/conf.d/loadbalancer.conf):
# Upstreams for https
upstream ssl_file_server_com {
server <fileserver_1_ip_or_dns>:443;
server <fileserver_2_ip_or_dns>:443;
keepalive 1024;
}
# HTTPS reverse proxy and API gateway
server {
listen 443 ssl reuseport backlog=65535;
root /usr/share/nginx/html;
index index.html index.htm;
server_name $hostname;
ssl_certificate /etc/nginx/ssl/ecdsa.crt;
ssl_certificate_key /etc/nginx/ssl/ecdsa.key;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384;
# API gateway path
location ~ ^/api_old/.*$ {
limit_except GET {
deny all;
}
rewrite ^/api_old/(.*)$ /api_new/$1 last;
}
location /api_new {
internal;
proxy_pass https://ssl_file_server_com;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# Reverse proxy path
location / {
limit_except GET {
deny all;
}
proxy_pass https://ssl_file_server_com;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
The following are performance-relevant directives that weren’t described in the static file server section :
keepalive
: Controls the cache of idle connections to upstream servers. For NGINX 1.29.7 and later, upstream keepalive is enabled by default with a small cache. Set keepalive explicitly when you want to tune the upstream idle connection cache for your workload.
For older NGINX versions, enable upstream keepalive with the keepalive directive. Also set
proxy_http_version
to 1.1 and clear the Connection header with
proxy_set_header
.
The value 1024 is a cache size for idle upstream connections per worker, not a total upstream connection limit. Keep this value small enough that upstream servers can still accept new connections.
rewrite
: Rewrites the old API path to the internal API path. Regular expression-heavy configurations can make PCRE performance more important, as discussed in
Kernel, compiler, and libraries
.
proxy_pass
: Forwards matching requests to the upstream server group. Use the same upstream block for related locations when you want them to share the same upstream connection pool.
internal
and
limit_except
: Included for request handling and access control, not as primary performance settings.
proxy_cache_path
: Not in the example configuration, but it’s worth considering when responses can be cached by the reverse proxy or API gateway.
When you use this directive, review
proxy_cache_lock
and
proxy_cache_valid
.
For more information, see the NGINX Admin Guide section on content caching .
NGINX variables: The example uses $hostname in server_name. For the full list of built-in variables, see the NGINX
variable index
.
You’ve now reviewed reverse proxy and API gateway directives that affect upstream connection reuse, request rewriting, access control, and caching decisions.
Next, you’ll test NGINX optimizations with a repeatable wrk workload.