I could found 437 SYNs to LISTEN sockets dropped from netstat -s from the server on my server which runs nginx.
I found this explanation from the man page: --statistics, -s, Display summary statistics for each protocol.
Then what does this count 437 mean, is it a snapshot or a summed up count for some time period?
Nginx accepts connections very quickly, but in extremely high-traffic situations, a connection backlog can still happen at the system level (which is a distinct bottleneck from the application-level connection handling) When this occurs, new connections will be refused.
"SYNs to LISTEN sockets dropped" is a symptom that your Nginx drops the packets. My advice is to first monitor the Nginx active connections using ngx_http_stub_status_module[1]. Then identify current system wide open file descriptors and adjust kernel parameters accordingly.
The connection queue size can be increased by modifying the somaxconn and tcp_max_syn_backlog kernel variables. Please refer these valuable resources[2][3] for more information.
Usually wmem and rmem defaults are 212992 bytes. Apparently not enough on busy server. Raised to 8MB and the problem disappeared.
sysctl -w net.core.wmem_default=8388608
sysctl -w net.core.rmem_default=8388608
