Performance

bpftrace makes the kernel event space accessible from a bash one-liner. Here are the scripts I keep reaching for. Count syscalls by process bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }' Distribution of file read sizes bpftrace -e 'tracepoint:syscalls:sys_enter_read { @ = hist(args->count); }' TCP retransmissions by remote address bpftrace -e ' kprobe:tcp_retransmit_skb { $sk = (struct sock *)arg0; $daddr = $sk->__sk_common.skc_daddr; @[ntop($daddr)] = count(); }' Process creation stream bpftrace -e 'tracepoint:sched:sched_process_exec { printf("%s\n", str(args->filename)); }' When to use bpftrace vs perf vs strace strace: simple, but adds significant overhead. Fine for debugging a single misbehaving process. perf: best for sampling-based profiling (CPU time, cache misses). Low overhead. bpftrace: best for event-driven tracing across the whole system. Tiny overhead if used sparingly. All three should be in your toolbox.

After running nginx on everything from 512 MB VPS instances to multi-socket bare metal, here are the settings I’ve found actually matter. worker_processes and worker_connections Start with worker_processes auto;. worker_processes auto; worker_rlimit_nofile 65535; events { worker_connections 4096; use epoll; multi_accept on; } Keepalive tuning http { keepalive_timeout 30s; keepalive_requests 1000; upstream backend { server 10.0.0.1:8080; keepalive 32; } } Buffer sizes client_body_buffer_size 128k; client_max_body_size 50m; proxy_buffer_size 8k; proxy_buffers 8 8k; gzip and brotli gzip on; gzip_comp_level 5; gzip_types text/plain text/css application/json; brotli on; brotli_comp_level 4; brotli_types text/plain text/css application/json; Measurement None of this matters if you don’t measure. Install nginx-module-vts or expose stub_status, feed metrics to Prometheus, and compare before/after for any changes.