{"id":41358,"date":"2026-05-24T17:26:40","date_gmt":"2026-05-24T10:26:40","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=41358"},"modified":"2026-05-24T17:26:40","modified_gmt":"2026-05-24T10:26:40","slug":"huong-dan-toi-uu-nginx","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn t\u1ed1i \u01b0u Nginx: T\u0103ng t\u1ed1c website ch\u1ecbu t\u1ea3i l\u1edbn"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#1-Kiem-tra-hieu-nang-Nginx-hien-tai-truoc-khi-bat-dau-toi-uu\" >1. Ki\u1ec3m tra hi\u1ec7u n\u0103ng Nginx hi\u1ec7n t\u1ea1i tr\u01b0\u1edbc khi b\u1eaft \u0111\u1ea7u t\u1ed1i \u01b0u<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#2-Cau-hinh-worker-processes-va-worker-connections-Dat-bao-nhieu-la-chuan\" >2. C\u1ea5u h\u00ecnh worker_processes v\u00e0 worker_connections: \u0110\u1eb7t bao nhi\u00eau l\u00e0 chu\u1ea9n?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#3-Toi-uu-bo-dem-Buffer-va-thoi-gian-Timeout-de-triet-tieu-loi-nghen-co-chai\" >3. T\u1ed1i \u01b0u b\u1ed9 \u0111\u1ec7m Buffer v\u00e0 th\u1eddi gian Timeout \u0111\u1ec3 tri\u1ec7t ti\u00eau l\u1ed7i ngh\u1ebdn c\u1ed5 chai<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#4-Kich-hoat-tinh-nang-nen-Gzip-giam-den-70-dung-luong-bang-thong-tai-trang\" >4. K\u00edch ho\u1ea1t t\u00ednh n\u0103ng n\u00e9n Gzip gi\u1ea3m \u0111\u1ebfn 70% dung l\u01b0\u1ee3ng b\u0103ng th\u00f4ng t\u1ea3i trang<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#5-Thiet-lap-Cache-Static-Files-giup-giam-tai-truy-van-sau-cho-CPU\" >5. Thi\u1ebft l\u1eadp Cache Static Files gi\u00fap gi\u1ea3m t\u1ea3i truy v\u1ea5n s\u00e2u cho CPU<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#6-Bao-mat-co-ban-va-chan-Request-ao-bang-Rate-Limiting-tren-Nginx\" >6. B\u1ea3o m\u1eadt c\u01a1 b\u1ea3n v\u00e0 ch\u1eb7n Request \u1ea3o b\u1eb1ng Rate Limiting tr\u00ean Nginx<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#7-Goi-y-ha-tang-toi-uu-Khi-nao-ban-can-nang-cap-Server\" >7. G\u1ee3i \u00fd h\u1ea1 t\u1ea7ng t\u1ed1i \u01b0u: Khi n\u00e0o b\u1ea1n c\u1ea7n n\u00e2ng c\u1ea5p Server?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-toi-uu-nginx\/#8-Cac-cau-hoi-thuong-gap-khi-toi-uu-hieu-nang-Nginx\" >8. C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p khi t\u1ed1i \u01b0u hi\u1ec7u n\u0103ng Nginx<\/a><\/li><\/ul><\/nav><\/div>\n<p>Website c\u1ee7a b\u1ea1n \u0111ang ch\u1ea1y m\u01b0\u1ee3t m\u00e0 b\u1ed7ng d\u01b0ng &#8220;s\u1eadp ngu\u1ed3n&#8221; ho\u1eb7c t\u1ea3i si\u00eau ch\u1eadm m\u1ed7i khi c\u00f3 \u0111\u1ee3t traffic t\u0103ng \u0111\u1ed9t bi\u1ebfn? CPU server nh\u1ea3y v\u1ecdt l\u00ean 100% trong khi dung l\u01b0\u1ee3ng th\u1ef1c t\u1ebf kh\u00f4ng qu\u00e1 l\u1edbn? R\u1ea5t c\u00f3 th\u1ec3, c\u1ea5u h\u00ecnh Nginx m\u1eb7c \u0111\u1ecbnh c\u1ee7a b\u1ea1n \u0111ang b\u1ecb qu\u00e1 t\u1ea3i.<\/p>\n<p>Nginx n\u1ed5i ti\u1ebfng l\u00e0 nh\u1eb9 v\u00e0 nhanh, nh\u01b0ng c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh (out-of-the-box) ch\u1ec9 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp \u0111\u1ec3 ch\u1ea1y \u1edf m\u1ee9c c\u01a1 b\u1ea3n nh\u1ea5t. Trong b\u00e0i vi\u1ebft n\u00e0y, <strong>InterData<\/strong> s\u1ebd h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u00e1ch can thi\u1ec7p tr\u1ef1c ti\u1ebfp v\u00e0o file c\u1ea5u h\u00ecnh <code>nginx.conf<\/code>\u00a0\u0111\u1ec3 v\u1eaft ki\u1ec7t hi\u1ec7u n\u0103ng ph\u1ea7n c\u1ee9ng, gi\u00fap server ch\u1ecbu t\u1ea3i t\u1ed1t h\u01a1n g\u1ea5p 3 &#8211; 4 l\u1ea7n.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41362\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/05\/Huong-dan-toi-uu-NGINX-1.jpg\" alt=\"H\u01b0\u1edbng d\u1eabn t\u1ed1i \u01b0u NGINX\" width=\"1000\" height=\"667\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/05\/Huong-dan-toi-uu-NGINX-1.jpg 1000w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/05\/Huong-dan-toi-uu-NGINX-1-300x200.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/05\/Huong-dan-toi-uu-NGINX-1-768x512.jpg 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"1-Kiem-tra-hieu-nang-Nginx-hien-tai-truoc-khi-bat-dau-toi-uu\"><\/span>1. Ki\u1ec3m tra hi\u1ec7u n\u0103ng Nginx hi\u1ec7n t\u1ea1i tr\u01b0\u1edbc khi b\u1eaft \u0111\u1ea7u t\u1ed1i \u01b0u<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 t\u1ed1i \u01b0u h\u00f3a Nginx, b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean b\u1eaft bu\u1ed9c ph\u1ea3i \u0111o l\u01b0\u1eddng hi\u1ec7u n\u0103ng hi\u1ec7n t\u1ea1i b\u1eb1ng c\u00e1c c\u00f4ng c\u1ee5 stress test nh\u01b0 ApacheBench (ab) ho\u1eb7c WRK. Vi\u1ec7c n\u00e0y gi\u00fap x\u00e1c \u0111\u1ecbnh gi\u1edbi h\u1ea1n ch\u1ecbu t\u1ea3i c\u1ee7a m\u00e1y ch\u1ee7 (RPS &#8211; Requests Per Second) v\u00e0 \u0111\u1ed9 tr\u1ec5 ph\u1ea3n h\u1ed3i (Latency) tr\u01b0\u1edbc khi can thi\u1ec7p s\u00e2u v\u00e0o c\u00e1c file c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng.<\/p>\n<p>\u0110\u1eebng v\u1ed9i s\u1eeda code v\u1ed9i. H\u00e3y c\u00e0i \u0111\u1eb7t v\u00e0 ch\u1ea1y c\u00f4ng c\u1ee5\u00a0<code>wrk<\/code>\u00a0b\u1eb1ng 1 d\u00f2ng l\u1ec7nh sau:\u00a0<code>wrk -t12 -c400 -d30s http:\/\/yourdomain.com\/<\/code><\/p>\n<p>H\u00e3y ch\u00fa \u00fd \u0111\u1ebfn 2 ch\u1ec9 s\u1ed1 tr\u1ea3 v\u1ec1:\u00a0<strong>Requests\/sec<\/strong>\u00a0(s\u1ed1 y\u00eau c\u1ea7u x\u1eed l\u00fd m\u1ed7i gi\u00e2y) v\u00e0\u00a0<strong>Transfer\/sec<\/strong>\u00a0(b\u0103ng th\u00f4ng t\u1ea3i).<\/p>\n<p>Tr\u1ea3i nghi\u1ec7m th\u1ef1c t\u1ebf m\u00ecnh t\u1eebng g\u1eb7p: R\u1ea5t nhi\u1ec1u b\u1ea1n khi t\u1ed1i \u01b0u th\u01b0\u1eddng b\u1ecf qua b\u01b0\u1edbc n\u00e0y, d\u1eabn \u0111\u1ebfn vi\u1ec7c \u0111\u1ed5i c\u1ea5u h\u00ecnh xong kh\u00f4ng bi\u1ebft h\u1ec7 th\u1ed1ng th\u1ef1c s\u1ef1 nhanh h\u01a1n hay \u0111ang ch\u1ecbu t\u1ea3i k\u00e9m \u0111i do xung \u0111\u1ed9t t\u00e0i nguy\u00ean. \u0110o l\u01b0\u1eddng tr\u01b0\u1edbc v\u00e0 sau s\u1ebd cho b\u1ea1n c\u00e2u tr\u1ea3 l\u1eddi r\u00f5 r\u00e0ng nh\u1ea5t.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2-Cau-hinh-worker-processes-va-worker-connections-Dat-bao-nhieu-la-chuan\"><\/span>2. C\u1ea5u h\u00ecnh worker_processes v\u00e0 worker_connections: \u0110\u1eb7t bao nhi\u00eau l\u00e0 chu\u1ea9n?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Th\u00f4ng s\u1ed1\u00a0<code>worker_processes<\/code>\u00a0t\u1ed1i \u01b0u nh\u1ea5t n\u00ean \u0111\u01b0\u1ee3c \u0111\u1eb7t b\u1eb1ng ch\u00ednh s\u1ed1 l\u01b0\u1ee3ng nh\u00e2n CPU (Core) th\u1ef1c t\u1ebf c\u1ee7a m\u00e1y ch\u1ee7 ho\u1eb7c d\u00f9ng c\u1ea5u h\u00ecnh\u00a0<code>auto<\/code>. Trong khi \u0111\u00f3,\u00a0<code>worker_connections<\/code>\u00a0n\u00ean \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp t\u1eeb\u00a0<code>1024<\/code>\u00a0\u0111\u1ebfn\u00a0<code>4096<\/code>\u00a0t\u00f9y thu\u1ed9c v\u00e0o gi\u1edbi h\u1ea1n file descriptor (<code>ulimit -n<\/code>) m\u00e0 h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux cho ph\u00e9p s\u1eed d\u1ee5ng.<\/p>\n<p>C\u1ea7n hi\u1ec3u r\u00f5 c\u01a1 ch\u1ebf: N\u1ebfu \u0111\u1eb7t\u00a0<code>worker_processes<\/code>\u00a0qu\u00e1 nhi\u1ec1u so v\u1edbi s\u1ed1 core CPU c\u1ee7a server, b\u1ea1n s\u1ebd d\u00ednh l\u1ed7i\u00a0<strong>context switching<\/strong>\u00a0(chuy\u1ec3n \u0111\u1ed5i ng\u1eef c\u1ea3nh c\u1ee7a CPU) \u2013 CPU c\u1ee9 lu\u00e2n chuy\u1ec3n qua l\u1ea1i gi\u1eefa c\u00e1c ti\u1ebfn tr\u00ecnh m\u00e0 kh\u00f4ng x\u1eed l\u00fd \u0111\u01b0\u1ee3c bao nhi\u00eau vi\u1ec7c, g\u00e2y ph\u1ea3n t\u00e1c d\u1ee5ng.<\/p>\n<p>V\u1edbi\u00a0<code>worker_connections<\/code>, c\u00f4ng th\u1ee9c t\u00ednh t\u1ed5ng s\u1ed1 k\u1ebft n\u1ed1i t\u1ed1i \u0111a r\u1ea5t \u0111\u01a1n gi\u1ea3n:\u00a0<code>Max Clients = worker_processes * worker_connections<\/code>. Tuy nhi\u00ean, tr\u01b0\u1edbc khi \u0111\u1eb7t s\u1ed1 l\u1edbn, h\u00e3y ch\u1ea1y l\u1ec7nh\u00a0<code>ulimit -n<\/code>\u00a0tr\u00ean server \u0111\u1ec3 ki\u1ec3m tra gi\u1edbi h\u1ea1n h\u1ec7 \u0111i\u1ec1u h\u00e0nh. \u0110\u1eb7t v\u01b0\u1ee3t qu\u00e1 gi\u1edbi h\u1ea1n n\u00e0y, b\u1ea1n s\u1ebd ngay l\u1eadp t\u1ee9c g\u1eb7p l\u1ed7i &#8220;Too many open files&#8221;.<\/p>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 \u0111o\u1ea1n code m\u1eabu chu\u1ea9n c\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean trong\u00a0<code>nginx.conf<\/code>:<\/p>\n<pre><code class=\"language-nginx\">user nginx;\r\nworker_processes auto; # Nginx t\u1ef1 \u0111\u1ed9ng nh\u1eadn di\u1ec7n s\u1ed1 core CPU\r\npid \/var\/run\/nginx.pid;\r\n\r\nevents {\r\n    worker_connections 2048; # T\u0103ng l\u00ean t\u1eeb m\u1ee9c 1024 m\u1eb7c \u0111\u1ecbnh\r\n    use epoll; # S\u1eed d\u1ee5ng ph\u01b0\u01a1ng th\u1ee9c x\u1eed l\u00fd k\u1ebft n\u1ed1i hi\u1ec7u qu\u1ea3 nh\u1ea5t tr\u00ean Linux\r\n    multi_accept on; # Ch\u1ea5p nh\u1eadn nhi\u1ec1u k\u1ebft n\u1ed1i m\u1edbi c\u00f9ng l\u00fac\r\n}\r\n<\/code><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"3-Toi-uu-bo-dem-Buffer-va-thoi-gian-Timeout-de-triet-tieu-loi-nghen-co-chai\"><\/span>3. T\u1ed1i \u01b0u b\u1ed9 \u0111\u1ec7m Buffer v\u00e0 th\u1eddi gian Timeout \u0111\u1ec3 tri\u1ec7t ti\u00eau l\u1ed7i ngh\u1ebdn c\u1ed5 chai<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>T\u1ed1i \u01b0u h\u00f3a b\u1ed9 \u0111\u1ec7m (Buffers) gi\u00fap Nginx ghi d\u1eef li\u1ec7u ph\u1ea3n h\u1ed3i tr\u1ef1c ti\u1ebfp v\u00e0o RAM thay v\u00ec ghi xu\u1ed1ng \u1ed5 \u0111\u0129a c\u1ee9ng ch\u1eadm ch\u1ea1p. \u0110\u1ed3ng th\u1eddi, vi\u1ec7c gi\u1ea3m th\u1eddi gian Timeout (nh\u01b0\u00a0<code>keepalive_timeout<\/code>\u00a0xu\u1ed1ng 15-30 gi\u00e2y) gi\u00fap \u0111\u00f3ng c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng c\u00f2n ho\u1ea1t \u0111\u1ed9ng, gi\u1ea3i ph\u00f3ng dung l\u01b0\u1ee3ng b\u1ed9 nh\u1edb cho ng\u01b0\u1eddi d\u00f9ng m\u1edbi.<\/p>\n<p>H\u00e3y c\u00f9ng \u0111i\u1ec1u ch\u1ec9nh c\u00e1c th\u00f4ng s\u1ed1 sau:<\/p>\n<p><strong>V\u1ec1 Buffer:<\/strong><\/p>\n<ul>\n<li><code>client_body_buffer_size<\/code>: \u0110\u1eb7t m\u1ee9c\u00a0<code>10k<\/code>\u00a0\u0111\u1ebfn\u00a0<code>16k<\/code>\u00a0cho c\u00e1c y\u00eau c\u1ea7u t\u1eeb Client.<\/li>\n<li><code>client_max_body_size<\/code>: Gi\u1edbi h\u1ea1n dung l\u01b0\u1ee3ng file upload (v\u00ed d\u1ee5:\u00a0<code>20M<\/code>\u00a0ho\u1eb7c\u00a0<code>50M<\/code>\u00a0t\u00f9y nhu c\u1ea7u). N\u1ebfu \u0111\u1eb7t qu\u00e1 nh\u1ecf, ng\u01b0\u1eddi d\u00f9ng s\u1ebd g\u1eb7p l\u1ed7i 413 Payload Too Large.<\/li>\n<li><code>client_header_buffer_size<\/code>: \u0110\u1eb7t\u00a0<code>1k<\/code>\u00a0l\u00e0 \u0111\u1ee7 cho h\u1ea7u h\u1ebft c\u00e1c tr\u00ecnh duy\u1ec7t.<\/li>\n<\/ul>\n<p><strong>V\u1ec1 Timeout:<\/strong><\/p>\n<ul>\n<li><code>keepalive_timeout<\/code>: N\u00ean \u0111\u1eb7t \u1edf m\u1ee9c\u00a0<code>15<\/code>\u00a0ho\u1eb7c\u00a0<code>30<\/code>\u00a0gi\u00e2y. M\u1eb7c \u0111\u1ecbnh l\u00e0 65 gi\u00e2y \u2013 qu\u00e1 d\u00e0i v\u00e0 r\u1ea5t d\u1ec5 b\u1ecb treo RAM khi l\u01b0\u1ee3ng truy c\u1eadp l\u1edbn.<\/li>\n<li><code>send_timeout<\/code>: \u0110\u1eb7t\u00a0<code>10<\/code>\u00a0gi\u00e2y \u0111\u1ec3 ng\u1eaft c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng nh\u1eadn ph\u1ea3n h\u1ed3i t\u1eeb ph\u00eda client.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"4-Kich-hoat-tinh-nang-nen-Gzip-giam-den-70-dung-luong-bang-thong-tai-trang\"><\/span>4. K\u00edch ho\u1ea1t t\u00ednh n\u0103ng n\u00e9n Gzip gi\u1ea3m \u0111\u1ebfn 70% dung l\u01b0\u1ee3ng b\u0103ng th\u00f4ng t\u1ea3i trang<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>K\u00edch ho\u1ea1t Gzip tr\u00ean Nginx gi\u00fap n\u00e9n c\u00e1c t\u1ec7p v\u0103n b\u1ea3n t\u0129nh nh\u01b0 HTML, CSS, JavaScript v\u00e0 JSON xu\u1ed1ng dung l\u01b0\u1ee3ng c\u1ef1c nh\u1ecf, gi\u00fap t\u0103ng t\u1ed1c \u0111\u1ed9 t\u1ea3i trang tr\u00ean thi\u1ebft b\u1ecb di \u0111\u1ed9ng. Tuy nhi\u00ean, ch\u1ec9 n\u00ean n\u00e9n c\u00e1c t\u1ec7p c\u00f3 dung l\u01b0\u1ee3ng t\u1eeb 1KB tr\u1edf l\u00ean v\u00e0 m\u1ee9c \u0111\u1ed9 n\u00e9n t\u1ed1i \u01b0u nh\u1ea5t l\u00e0 m\u1ee9c 5 ho\u1eb7c 6 \u0111\u1ec3 c\u00e2n b\u1eb1ng gi\u1eefa hi\u1ec7u qu\u1ea3 n\u00e9n v\u00e0 m\u1ee9c \u0111\u1ed9 s\u1eed d\u1ee5ng CPU.<\/p>\n<p>M\u1ed9t sai l\u1ea7m kh\u00e1 ph\u1ed5 bi\u1ebfn l\u00e0 ch\u1ecdn m\u1ee9c n\u00e9n cao nh\u1ea5t (m\u1ee9c 9). \u0110\u1eebng l\u00e0m v\u1eady! CPU server s\u1ebd ph\u1ea3i v\u1eaft ki\u1ec7t s\u1ee9c \u0111\u1ec3 n\u00e9n th\u00eam v\u00e0i Kilobyte kh\u00f4ng \u0111\u00e1ng k\u1ec3. C\u00e2n b\u1eb1ng lu\u00f4n l\u00e0 ch\u00eca kh\u00f3a.<\/p>\n<p>\u0110\u00e2y l\u00e0 \u0111o\u1ea1n c\u1ea5u h\u00ecnh Gzip t\u1ed1i \u01b0u m\u00ecnh th\u01b0\u1eddng \u00e1p d\u1ee5ng:<\/p>\n<pre><code class=\"language-nginx\">gzip on;\r\ngzip_varying on;\r\ngzip_proxied any;\r\ngzip_comp_level 5; # M\u1ee9c n\u00e9n t\u1ed1i \u01b0u, kh\u00f4ng t\u1ed1n qu\u00e1 nhi\u1ec1u CPU\r\ngzip_min_length 1024; # Ch\u1ec9 n\u00e9n c\u00e1c file l\u1edbn h\u01a1n 1KB\r\ngzip_types text\/plain text\/css application\/json application\/javascript text\/xml application\/xml application\/xml+rss text\/javascript;\r\ngzip_disable \"MSIE [1-6]\\.\"; # B\u1ecf qua c\u00e1c tr\u00ecnh duy\u1ec7t IE qu\u00e1 c\u0169 kh\u00f4ng h\u1ed7 tr\u1ee3\r\n<\/code><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"5-Thiet-lap-Cache-Static-Files-giup-giam-tai-truy-van-sau-cho-CPU\"><\/span>5. Thi\u1ebft l\u1eadp Cache Static Files gi\u00fap gi\u1ea3m t\u1ea3i truy v\u1ea5n s\u00e2u cho CPU<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u1ea5u h\u00ecnh b\u1ed9 nh\u1edb \u0111\u1ec7m cho t\u00e0i nguy\u00ean t\u0129nh (Static Files Cache) tr\u00ean Nginx s\u1eed d\u1ee5ng ti\u00eau \u0111\u1ec1\u00a0<code>Cache-Control<\/code>\u00a0cho ph\u00e9p tr\u00ecnh duy\u1ec7t c\u1ee7a kh\u00e1ch truy c\u1eadp l\u01b0u tr\u1eef h\u00ecnh \u1ea3nh, CSS, JS v\u00e0 Font c\u1ee5c b\u1ed9 trong th\u1eddi gian d\u00e0i (th\u01b0\u1eddng l\u00e0 30 ng\u00e0y \u0111\u1ebfn 1 n\u0103m). \u0110i\u1ec1u n\u00e0y gi\u00fap gi\u1ea3m t\u1edbi 80% s\u1ed1 l\u01b0\u1ee3ng request tr\u1ef1c ti\u1ebfp g\u1eedi v\u1ec1 m\u00e1y ch\u1ee7 ch\u1ee7 qu\u1ea3n.<\/p>\n<p>C\u1ea5u h\u00ecnh m\u1eabu cho \u0111\u1ecbnh d\u1ea1ng \u1ea3nh, CSS, JS, Fonts:<\/p>\n<pre><code class=\"language-nginx\">location ~* \\.(jpg|jpeg|png|gif|ico|css|js|pdf|txt)$ {\r\n    expires 30d; # L\u01b0u cache 30 ng\u00e0y tr\u00ean tr\u00ecnh duy\u1ec7t kh\u00e1ch\r\n    access_log off; # T\u1eaft ghi log truy c\u1eadp file t\u0129nh \u0111\u1ec3 gi\u1ea3m t\u1ea3i I\/O cho \u1ed5 c\u1ee9ng\r\n    add_header Cache-Control \"public, no-transform\";\r\n}\r\n<\/code><\/pre>\n<p><strong>L\u01b0u \u00fd th\u1ef1c t\u1ebf:<\/strong>\u00a0Khi b\u1eadt cache tr\u00ecnh duy\u1ec7t cho CSS\/JS, n\u1ebfu b\u1ea1n c\u1eadp nh\u1eadt code giao di\u1ec7n m\u1edbi m\u00e0 kh\u00e1ch h\u00e0ng kh\u00f4ng th\u1ea5y thay \u0111\u1ed5i, h\u00e3y s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt &#8220;Query String&#8221; (v\u00ed d\u1ee5:\u00a0<code>style.css?v=1.1<\/code>) ho\u1eb7c &#8220;Filename Versioning&#8221; \u0111\u1ec3 bu\u1ed9c tr\u00ecnh duy\u1ec7t t\u1ea3i b\u1ea3n m\u1edbi nh\u1ea5t.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"6-Bao-mat-co-ban-va-chan-Request-ao-bang-Rate-Limiting-tren-Nginx\"><\/span>6. B\u1ea3o m\u1eadt c\u01a1 b\u1ea3n v\u00e0 ch\u1eb7n Request \u1ea3o b\u1eb1ng Rate Limiting tr\u00ean Nginx<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Rate Limiting tr\u00ean Nginx ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean thu\u1eadt to\u00e1n Leaky Bucket, cho ph\u00e9p gi\u1edbi h\u1ea1n s\u1ed1 l\u01b0\u1ee3ng request t\u1ed1i \u0111a t\u1eeb m\u1ed9t \u0111\u1ecba ch\u1ec9 IP trong m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh. \u0110\u00e2y l\u00e0 l\u00e1 ch\u1eafn hi\u1ec7u qu\u1ea3 nh\u1ea5t \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c request spam, tool qu\u00e9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt t\u1ef1 \u0111\u1ed9ng t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp v\u00e0o \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n.<\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 khai b\u00e1o v\u00f9ng nh\u1edb l\u01b0u tr\u1eef th\u00f4ng tin IP v\u00e0 gi\u1edbi h\u1ea1n t\u1ea7n su\u1ea5t (v\u00ed d\u1ee5: t\u1ed1i \u0111a 5 request m\u1ed7i gi\u00e2y cho m\u1ed7i IP) nh\u01b0 sau:<\/p>\n<pre><code class=\"language-nginx\"># \u0110\u1eb7t trong block http\r\nlimit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r\/s;\r\n\r\n# \u0110\u1eb7t trong block server ho\u1eb7c location c\u1ea7n b\u1ea3o v\u1ec7 (nh\u01b0 trang login)\r\nlocation \/login\/ {\r\n    limit_req zone=mylimit burst=10 nodelay;\r\n}\r\n<\/code><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"7-Goi-y-ha-tang-toi-uu-Khi-nao-ban-can-nang-cap-Server\"><\/span>7. G\u1ee3i \u00fd h\u1ea1 t\u1ea7ng t\u1ed1i \u01b0u: Khi n\u00e0o b\u1ea1n c\u1ea7n n\u00e2ng c\u1ea5p Server?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u1ea7n nh\u1ea5n m\u1ea1nh m\u1ed9t th\u1ef1c t\u1ebf ph\u0169 ph\u00e0ng: Vi\u1ec7c t\u1ed1i \u01b0u h\u00f3a ph\u1ea7n m\u1ec1m (Nginx) ch\u1ec9 gi\u00fap b\u1ea1n khai th\u00e1c tri\u1ec7t \u0111\u1ec3 nh\u1eefng g\u00ec ph\u1ea7n c\u1ee9ng \u0111ang c\u00f3. N\u1ebfu website c\u1ee7a b\u1ea1n c\u00f3 l\u01b0\u1ee3ng truy c\u1eadp t\u0103ng tr\u01b0\u1edfng li\u00ean t\u1ee5c, ho\u1eb7c \u0111ang ch\u1ea1y c\u00e1c t\u00e1c v\u1ee5 n\u1eb7ng c\u1ea7n x\u1eed l\u00fd CPU li\u00ean t\u1ee5c, c\u1ea5u h\u00ecnh t\u1ed1i \u01b0u Nginx \u0111\u1ebfn m\u1ea5y c\u0169ng s\u1ebd ch\u1ea1m ng\u01b0\u1ee1ng gi\u1edbi h\u1ea1n v\u1eadt l\u00fd c\u1ee7a thi\u1ebft b\u1ecb c\u0169.<\/p>\n<p>L\u00fac n\u00e0y, gi\u1ea3i ph\u00e1p b\u1ec1n v\u1eefng nh\u1ea5t l\u00e0 di chuy\u1ec3n h\u1ec7 th\u1ed1ng sang m\u1ed9t m\u00f4i tr\u01b0\u1eddng \u1ea3o h\u00f3a m\u1ea1nh m\u1ebd, c\u00f3 kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng t\u00e0i nguy\u00ean linh ho\u1ea1t v\u00e0 t\u1ed1c \u0111\u1ed9 \u1ed5 c\u1ee9ng c\u1ef1c nhanh.<\/p>\n<blockquote><p>N\u1ebfu \u0111ang t\u00ecm ki\u1ebfm m\u1ed9t h\u01b0\u1edbng \u0111i m\u1edbi, b\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o d\u1ecbch v\u1ee5\u00a0<strong><a href=\"https:\/\/interdata.vn\/thue-vps\/\" target=\"_blank\" rel=\"noopener\">thu\u00ea VPS<\/a><\/strong>\u00a0ch\u1ea5t l\u01b0\u1ee3ng cao t\u1ea1i <a href=\"https:\/\/interdata.vn\/\" target=\"_blank\" rel=\"noopener\"><strong>InterData<\/strong><\/a>. V\u1edbi h\u1ea1 t\u1ea7ng s\u1eed d\u1ee5ng 100% \u1ed5 c\u1ee9ng NVMe si\u00eau t\u1ed1c, CPU server chuy\u00ean d\u1ee5ng th\u1ebf h\u1ec7 m\u1edbi v\u00e0 b\u0103ng th\u00f4ng r\u1ed9ng, vi\u1ec7c tri\u1ec3n khai v\u00e0 t\u1ed1i \u01b0u Nginx c\u1ee7a b\u1ea1n tr\u00ean VPS InterData s\u1ebd \u0111\u1ea1t \u0111\u01b0\u1ee3c hi\u1ec7u su\u1ea5t v\u01b0\u1ee3t tr\u1ed9i nh\u1ea5t m\u00e0 kh\u00f4ng lo b\u1ecb ngh\u1ebdn c\u1ed5 chai ph\u1ea7n c\u1ee9ng.<\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"8-Cac-cau-hoi-thuong-gap-khi-toi-uu-hieu-nang-Nginx\"><\/span>8. C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p khi t\u1ed1i \u01b0u hi\u1ec7u n\u0103ng Nginx<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Q: T\u1ea1i sao Nginx c\u1ee7a t\u00f4i b\u00e1o l\u1ed7i &#8220;502 Bad Gateway&#8221; sau khi thay \u0111\u1ed5i c\u1ea5u h\u00ecnh?<\/strong><\/p>\n<p>A: L\u1ed7i n\u00e0y x\u1ea3y ra khi Nginx (\u0111\u00f3ng vai tr\u00f2 Reverse Proxy) kh\u00f4ng nh\u1eadn \u0111\u01b0\u1ee3c ph\u1ea3n h\u1ed3i t\u1eeb d\u1ecbch v\u1ee5 ph\u00eda sau (nh\u01b0 PHP-FPM, Node.js). Nguy\u00ean nh\u00e2n ph\u1ed5 bi\u1ebfn sau khi t\u1ed1i \u01b0u l\u00e0 b\u1ea1n \u0111\u1eb7t th\u00f4ng s\u1ed1 timeout qu\u00e1 ng\u1eafn ho\u1eb7c d\u1ecbch v\u1ee5 PHP-FPM \u0111ang b\u1ecb qu\u00e1 t\u1ea3i, kh\u00f4ng k\u1ecbp x\u1eed l\u00fd request chuy\u1ec3n ti\u1ebfp t\u1eeb Nginx. H\u00e3y ki\u1ec3m tra file log\u00a0<code>\/var\/log\/nginx\/error.log<\/code>\u00a0\u0111\u1ec3 t\u00ecm nguy\u00ean nh\u00e2n ch\u00ednh x\u00e1c.<\/p>\n<p><strong>Q: N\u00ean ch\u1ecdn Gzip hay Brotli \u0111\u1ec3 n\u00e9n d\u1eef li\u1ec7u tr\u00ean Nginx?<\/strong><\/p>\n<p>A: Brotli l\u00e0 thu\u1eadt to\u00e1n n\u00e9n th\u1ebf h\u1ec7 m\u1edbi do Google ph\u00e1t tri\u1ec3n, cho hi\u1ec7u n\u0103ng n\u00e9n t\u1ed1t h\u01a1n Gzip t\u1eeb 15 &#8211; 20% \u1edf c\u00f9ng m\u1ed9t m\u1ee9c \u0111\u1ed9 s\u1eed d\u1ee5ng CPU. N\u1ebfu server c\u1ee7a b\u1ea1n c\u00f3 c\u1ea5u h\u00ecnh CPU t\u1ed1t, h\u00e3y c\u00e0i \u0111\u1eb7t module Brotli cho Nginx. Ng\u01b0\u1ee3c l\u1ea1i, n\u1ebfu ch\u1ea1y tr\u00ean server t\u00e0i nguy\u00ean th\u1ea5p, Gzip v\u1eabn l\u00e0 s\u1ef1 l\u1ef1a ch\u1ecdn an to\u00e0n v\u00e0 t\u01b0\u01a1ng th\u00edch 100% v\u1edbi m\u1ecdi tr\u00ecnh duy\u1ec7t c\u0169.<\/p>\n<p><strong>Q: L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 ki\u1ec3m tra file c\u1ea5u h\u00ecnh Nginx c\u00f3 b\u1ecb l\u1ed7i c\u00fa ph\u00e1p hay kh\u00f4ng tr\u01b0\u1edbc khi reload?<\/strong><\/p>\n<p>A: Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng ch\u1ea1y l\u1ec7nh\u00a0<code>systemctl restart nginx<\/code>\u00a0ngay sau khi s\u1eeda c\u1ea5u h\u00ecnh v\u00ec n\u1ebfu c\u00f3 l\u1ed7i c\u00fa ph\u00e1p, server s\u1ebd d\u1eebng ho\u1ea1t \u0111\u1ed9ng ngay l\u1eadp t\u1ee9c. H\u00e3y lu\u00f4n s\u1eed d\u1ee5ng l\u1ec7nh ki\u1ec3m tra an to\u00e0n:\u00a0<code>nginx -t<\/code>. N\u1ebfu h\u1ec7 th\u1ed1ng ph\u1ea3n h\u1ed3i\u00a0<code>syntax is ok<\/code>\u00a0v\u00e0\u00a0<code>test is successful<\/code>, b\u1ea1n m\u1edbi an t\u00e2m ch\u1ea1y l\u1ec7nh reload c\u1ea5u h\u00ecnh b\u1eb1ng l\u1ec7nh\u00a0<code>nginx -s reload<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Website c\u1ee7a b\u1ea1n \u0111ang ch\u1ea1y m\u01b0\u1ee3t m\u00e0 b\u1ed7ng d\u01b0ng &#8220;s\u1eadp ngu\u1ed3n&#8221; ho\u1eb7c t\u1ea3i si\u00eau ch\u1eadm m\u1ed7i khi c\u00f3 \u0111\u1ee3t traffic t\u0103ng \u0111\u1ed9t bi\u1ebfn? CPU server nh\u1ea3y v\u1ecdt l\u00ean 100% trong khi dung l\u01b0\u1ee3ng th\u1ef1c t\u1ebf kh\u00f4ng qu\u00e1 l\u1edbn? R\u1ea5t c\u00f3 th\u1ec3, c\u1ea5u h\u00ecnh Nginx m\u1eb7c \u0111\u1ecbnh c\u1ee7a b\u1ea1n \u0111ang b\u1ecb qu\u00e1 t\u1ea3i. Nginx n\u1ed5i ti\u1ebfng<\/p>\n","protected":false},"author":2,"featured_media":41362,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[150],"tags":[],"class_list":["post-41358","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-webserver"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/41358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=41358"}],"version-history":[{"count":4,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/41358\/revisions"}],"predecessor-version":[{"id":41363,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/41358\/revisions\/41363"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/41362"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=41358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=41358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=41358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}