How To Enable TCP Fast Open on Nginx

In this tutorial, we will show you how to enable TCP Fast Open on Nginx. For those of you who didn’t know, TCP Fast Open (TFO) is a TCP protocol extension that aims to reduce the latency of web pages by allowing data to be sent in the SYN packet during the handshake process. This eliminates the need for the client to wait for a separate ACK packet before sending data, thereby reducing the overall page load time.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step enable TCP Fast Open on the Nginx web server.

Prerequisites

  • A server running one of the following operating systems: Debian-based or RHEL-based.
  • Basic knowledge of the Linux command line.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Nginx.
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Enable TCP Fast Open on Nginx

Step 1. Installing Nginx.

By default, Nginx is available on the Rocky Linux 9 base repository. Now we install the latest version of Nginx using dnf the command:

sudo dnf install nginx

You can start the Nginx service and configure it to run on startup by entering the following commands:

sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl status nginx

To make your pages available to the public, you will have to edit your firewall rules to allow HTTP and HTTPS requests on your web server by using the following commands:

sudo firewall-cmd --permanent --zone=public --add-service=http 
sudo firewall-cmd --permanent --zone=public --add-service=https 
sudo firewall-cmd --reload

For additional resources on installing Nginx, read the post below:

Step 2. Check the current status of TCP Fast Open.

Before enabling TFO, check if it is already enabled on your system. Run the following command to check the current status of TCP Fast Open:

sudo sysctl net.ipv4.tcp_fastopen

If the output is net.ipv4.tcp_fastopen = 1, then TFO is already enabled on your system. If the output is, you can proceed with enabling TFO.

Step 3. Enable TCP Fast Open on Nginx.

To enable TFO on your system, run the following command:

sudo sysctl -w net.ipv4.tcp_fastopen=3

This sets the value of net.ipv4.tcp_fastopen to 3, which enables TFO and also allows data to be sent even if the connection is not yet established.

Step 4. Modify Nginx Configuration.

To enable TFO on Nginx, you need to modify its configuration file. Open the file /etc/nginx/nginx.conf using your favorite text editor:

sudo nano /etc/nginx/nginx.conf

Add the following line inside the http block:

tcp_fastopen on;

Save and close the file, then restart Nginx to apply the changes:

nginx -tsudo systemctl restart nginx

Step 5. Testing TCP Fast Open.

To test if TCP Fast Open is working on your Nginx server, you can use the following command:

curl --tcp-fastopen http://your-domain.com

If TCP Fast Open is working, you should see a reduced response time from the server.

Congratulations! You have successfully enabled TCP Fast Open. Thanks for using this tutorial to enable TCP Fast Open on the Nginx web server. For additional help or useful information, we recommend you check the official Nginx website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!