If you expect more traffic, increase the cache size accordingly.I usually don’t recommend lowering the ssl_session_timeout to below 10 minutes, but if your resources are sparse and your analytics tells you otherwise, go ahead.Rather than asking a complex PHP-My SQL application like Word Press to do some extra work for caching, we will ask light-weight Nginx to cache Word Press content on its end.

Always test your Nginx configuration and then reload it.

Nginx out-of-the-box is already performing quite well, and as far as I know, is the only web server with forward secrecy (FS) enabled by default (more on FS support in servers and clients here).

There is still a few things we can configure to make Nginx faster and more secure.

NOTE: All of the configuration directives explained here will be for your server block in your Nginx config.

Nginx is supposedly smart enough to not use up all your RAM on session cache, even if you set this value too high, anyways.

Techically SSL (Secure Sockets Layer) is actually superseded by TLS (Transport Layer Security).

Researching what cipher suites to use, what not to use and in what order takes a huge amount of time to research. First you need to configure Nginx to tell the client that we have a preferred order of available cipher suites: All of these suites use forward secrecy, and the fast cipher AES is the preferred one.

You’ll lose support for all versions of Internet Explorer on Windows XP. If you want an explanation, read the DHE handshake and dhparam part on the Mozilla wiki. Create the DH parameters file with 2048 bit long safe prime: Note that Java 6 doesn’t support DHParams with primes longer than 1024 bit.

This line tells Nginx to use old (stale) cached version of page if PHP crashes.