2026

README.md

@@ -69,7 +69,6 @@ nginx -s reload
 
 ## Performance
 
-The default config in `static/nginx/nginx.conf` is tuned for shared hosting at 5,000+ vhost scale. Numbers below are realistic ranges from public benchmarks and our own load testing — your mileage will vary with workload.
 
 ### vs. vanilla nginx (same version, default config)
 
@@ -82,51 +81,6 @@ The default config in `static/nginx/nginx.conf` is tuned for shared hosting at 5
 | Compressed-text bandwidth | **−60 to −80%** | unchanged | brotli + gzip enabled in `http {}` |
 | WAF, Lua, HTTP/3 | included | not included | needs custom build |
 
-### vs. OpenResty
-
-| Area | Twiy | OpenResty |
-|---|---|---|
-| nginx version | tracks upstream stable (1.30.0) | lags upstream by months while waiting for openresty's bundle release |
-| TLS backend | AWS-LC (BoringSSL fork) | OpenSSL (or quictls) by default |
-| Lua stack | upstream `lua-nginx-module` + pinned `lua-resty-core` | OpenResty's vendored fork |
-| Module surface | ModSecurity v3, naxsi, brotli, geoip2, http_v3, set_misc, headers_more, http-flv, srcache, redis2, testcookie, lrucache, mysql, lock | similar but defined by openresty's bundle |
-| Distribution | apt repo, single `.deb` | tarball or vendor's apt repo |
-
-OpenResty is the right choice if you want a curated, all-in-one Lua-centric stack and don't mind being a few nginx releases behind. Twiy is the right choice if you want vanilla nginx's release cadence with a hardened security/performance stack on top.
-
-### vs. Apache (httpd)
-
-| Area | Twiy | Apache (event/prefork MPM) |
-|---|---|---|
-| Concurrency model | event-driven, single-process-per-core | thread/process-per-connection (event MPM is closer but still heavier) |
-| Static file req/s (small files, single core) | typically **2–4× higher** | baseline |
-| Memory per idle connection | **~kB** | **~hundreds of kB** (per worker process/thread) |
-| TLS handshake CPU | comparable with mod_ssl, **lower** with mod_md off | baseline |
-| WAF | ModSecurity v3 (libmodsecurity) + naxsi | ModSecurity v2 (mod_security2) common |
-| HTTP/3 / QUIC | **yes** (AWS-LC) | **no** in stable releases |
-
-The nginx-vs-Apache static-file gap widens dramatically at high concurrency (10k+ idle keepalive connections): nginx holds them on epoll for kilobytes each; Apache event MPM still allocates significantly more per connection.
-
-### Where the wins actually come from in this build
-
-| Source | Yield |
-|---|---|
-| AWS-LC (vs vanilla OpenSSL on TLS) | 5–15% handshake CPU saving |
-| `open_file_cache` (max=200000, inactive=30s) | 2–5× static throughput on a busy 5k-vhost host |
-| `ssl_session_cache shared:SSL:200m` | huge — first vs resumed handshake is ~10× CPU difference |
-| OCSP stapling (`ssl_stapling on`) | removes per-handshake OCSP RTT (often 50–200 ms p95) |
-| `worker_cpu_affinity auto` | ~5% on CPU-bound workloads (cache locality) |
-| `brotli on` + `gzip on` in `http{}` | 60–80% smaller text responses |
-| `keepalive_requests 10000` (vs 1000 default) | fewer reconnects under sustained HTTP/2 load |
-| `client_header_buffer_size 4k` (down from 2M) | drops worst-case memory amplification surface |
-| `server_names_hash_max_size 32768` | makes 5k+ vhost configs actually parseable |
-
-### Things this build deliberately does NOT do (yet)
-
-- No HTTP/3 `listen 443 quic` directive in `static/nginx/live/default` — left to the per-vhost templates so you can opt in selectively.
-- No ECDSA P-256 certificates (a per-cert decision; ECDSA handshakes are ~3× faster than RSA-2048).
-- No OS-level sysctl tuning (`net.core.rmem_max` for QUIC, `net.core.somaxconn`, `fs.file-max`) — would belong in the `.deb` postinst or a `/etc/sysctl.d/twiy.conf` shipped with the package; not yet wired up.
-
 # Support options.
 
 - No free support for how to do things, please don't spam with questions in discord.