In this tutorial, we will show you how to enable TCP Fast Open on Nginx. For those of you who didn’t know, TCP Fast Open (TFO) is a TCP protocol extension that aims to reduce the latency of web pages by allowing data to be sent in the SYN packet during the handshake process. This eliminates the need for the client to wait for a separate ACK packet before sending data, thereby reducing the overall page load time.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step enable TCP Fast Open on the Nginx web server.
- A server running one of the following operating systems: Debian-based or RHEL-based.
- Basic knowledge of the Linux command line.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Nginx.
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Enable TCP Fast Open on Nginx
Step 1. Installing Nginx.
By default, Nginx is available on the Rocky Linux 9 base repository. Now we install the latest version of Nginx using
dnf the command:
sudo dnf install nginx
You can start the
Nginx service and configure it to run on startup by entering the following commands:
sudo systemctl start nginx sudo systemctl enable nginx sudo systemctl status nginx
To make your pages available to the public, you will have to edit your firewall rules to allow HTTP and HTTPS requests on your web server by using the following commands:
sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --reload
For additional resources on installing Nginx, read the post below:
Step 2. Check the current status of TCP Fast Open.
Before enabling TFO, check if it is already enabled on your system. Run the following command to check the current status of TCP Fast Open:
sudo sysctl net.ipv4.tcp_fastopen
If the output is
net.ipv4.tcp_fastopen = 1, then TFO is already enabled on your system. If the output is, you can proceed with enabling TFO.
Step 3. Enable TCP Fast Open on Nginx.
To enable TFO on your system, run the following command:
sudo sysctl -w net.ipv4.tcp_fastopen=3
This sets the value of
net.ipv4.tcp_fastopen to 3, which enables TFO and also allows data to be sent even if the connection is not yet established.
Step 4. Modify Nginx Configuration.
To enable TFO on Nginx, you need to modify its configuration file. Open the file
/etc/nginx/nginx.conf using your favorite text editor:
sudo nano /etc/nginx/nginx.conf
Add the following line inside the
Save and close the file, then restart Nginx to apply the changes:
nginx -tsudo systemctl restart nginx
Step 5. Testing TCP Fast Open.
To test if TCP Fast Open is working on your Nginx server, you can use the following command:
curl --tcp-fastopen http://your-domain.com
If TCP Fast Open is working, you should see a reduced response time from the server.
Congratulations! You have successfully enabled TCP Fast Open. Thanks for using this tutorial to enable TCP Fast Open on the Nginx web server. For additional help or useful information, we recommend you check the official Nginx website.