Nginx memory profile

Question

I'm using nginx 1.9.2 (with pagespeed and geoIP) inside a docker container, running on Google container engine. It serves as a proxy for another container running php-fpm (php7). I'm also using fastcgi proxy.

I find it very slow, so I started looking at the different available graph and I saw this for the memory graph:

Has anybody seen something like that? Is it a common pattern? Is it actually possible to say an nginx profile is "normal" or not? What would you do if you were me ^^?

Here is the top:

Mem: 1352376K used, 392976K free, 0K shrd, 29581464K buff, 29581520K cached
CPU:   4% usr   1% sys   0% nic  94% idle   0% io   0% irq   0% sirq
Load average: 0.04 0.08 0.10 2/278 55
PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
7     1 www-data S     914m  54%   0% nginx: worker process
8     1 www-data S     297m  17%   0% nginx: cache manager process
1     0 root     S     288m  17%   0% nginx: master process /usr/sbin/nginx

Nothing else is running in the container, only nginx.

My nginx conf is the following:

https://github.com/vincentserpoul/docker.io/blob/master/vincentserpoul/nginx/etc/nginx/nginx.conf

My sites config is the following:

fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=xxxx:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

server {
    root /var/www/xxxx.xx;

    server_name   www.xxxx.xx;

    access_log /var/log/nginx/access.log main;
    error_log  /var/log/nginx/error.log;

    listen        443 ssl http2 deferred;

    # SSL
    ssl_certificate     /etc/nginx/ssl/xxxx.xx.bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/xxxx.xx.key;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/ssl/xxxx.xx.full_chain.pem;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    # Deny illegal Host headers
    if ($host !~* \.(xxxx.xx)$ ) {
        return 444;
    }

    include /etc/nginx/conf.d/pagespeed.safe.conf;
    pagespeed LoadFromFile "https://www.xxxx.xx" "/var/www/xxxx.xx/";

    location / {
        index index.html index.php; ## Allow a static html file to be shown first
        try_files $uri $uri/ $uri.php?$args;
    }

    # nocache by default
    set $bypass_cache 1;

    if ($request_uri = /)
    {
        set $bypass_cache 0;
    }


    # Don't cache POST requests
    if ($request_method != GET)
    {
        set $bypass_cache 1;
    }

    location ~ .php$ { ## Execute PHP scripts
        if (!-e $request_filename) { rewrite / /index.php last; }
        fastcgi_pass   phpfpm:9000;
        fastcgi_keep_conn on;
        proxy_intercept_errors on;
        fastcgi_intercept_errors on;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_read_timeout 120;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        include /etc/nginx/conf.d/fastcgi_params;

        fastcgi_cache   xxxx;
        fastcgi_cache_valid   200 302 5m;
        fastcgi_cache_valid   301      30d;
        fastcgi_cache_lock on;
        fastcgi_cache_revalidate on;
        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        fastcgi_cache_use_stale error timeout invalid_header http_500;
        fastcgi_cache_valid 5m;
        fastcgi_cache_bypass $bypass_cache;
        fastcgi_no_cache $bypass_cache;
        add_header X-Cache $upstream_cache_status;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    }

    ## static content is treated different
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|eot|woff2)$ {
        access_log        off;
        root /var/www/xxxx.xx;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
        add_header X-Cache $upstream_cache_status;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    }

    ## All other errors get the generic error page
    error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417
             500 501 502 503 504 505 /error_page.html;

    location  /error_page.html {
        internal;
    }

}

server {
    listen       80 default_server;
    return       301 https://xxxx/$request_uri;
}

server {
    listen       443 ssl;
    server_name  xxxx.xx;
    return       301 https://xxxx/$request_uri;
}

EDIT - HOW THIS WAS SOLVED

My custom image was the root cause. Use "original" nginx from dockerhub hub.docker.com/_/nginx and things will work.

On my system nginx uses 12MB of RAM. I suspect it's something to do with PHP, which spawns and kills worker threads based on parameters you can set, which can include time. With php-fpm you can set min and max workers, max worker lifetime, all kinds of things. — Tim, Apr 12 '16 at 19:11
What else runs on that machine - can you run "top", hit M, then post the output? — Tim, Apr 12 '16 at 19:16
Your nginx seems to be consuming alarming amounts of memory. Can you post the configuration? When I run "top" I see virtual and resident memory, my Nginx is using 168M virtual and 12M physical. Can you work out resident memory use of Nginx? — Tim, Apr 13 '16 at 03:13
Not just the site config, the nginx config. Also the memory information I requested would be useful. — Tim, Apr 13 '16 at 04:02
unfortunately, my top doesn't provide more details than the one I provided :/. — VsM, Apr 13 '16 at 04:11
Nothing jumps out at me as the cause. In your place I'd strip the Nginx config back to bare bones, only's absolutely necessary to make it work, and see if it shows the same behavior. You might have to find some kind of monitoring tool that tracks process memory usage. Interested in your results. — Tim, Apr 13 '16 at 05:24
For now, it's my own, compiled from source nginx. I will try to use the official docker nginx and see the results. I will post my findings — VsM, Apr 13 '16 at 05:31
good news: things are fine now. I have switched back to the "original" nginx from dockerhub and I am now using 15MB (growing, though) and far less CPU. I am not sure what causes the issue: I'm guessing pagespeed as it's not implemented in the new nginx I'm using, but I can't be sure. — VsM, Apr 20 '16 at 17:28
@VincentSerpoul I can see from your comments that you have resolved this issue, can you post the answer here for other community members who may be seeing this same issue. Thanks — Faizan, Nov 23 '16 at 20:51
@Faizan - I actually posted here just above. Solution is: Use "original" nginx from dockerhub https://hub.docker.com/_/nginx/ — VsM, Nov 24 '16 at 03:58
@VincentSerpoul as a good practice its better to post the solution as answer instead of comment. This will make is more visible for other folks with the similar issue. — Faizan, Nov 24 '16 at 18:06

score 1 · Answer 1 · answered Jan 25 '17 at 18:26

To improve visibility on what was discussed in the comments I am posting an answer.

This issue got solved by using the official docker NGINX build from dockerhub.

As per VincentSerpoul last update:

"My custom image was the root cause. Use "original" nginx from dockerhub hub.docker.com/_/nginx and things will work. “

Nginx memory profile

1 Answers1