diff --git a/SPECS/nginx/0006-performance-tuning-nginx-conf.patch b/SPECS/nginx/0006-performance-tuning-nginx-conf.patch
new file mode 100644
index 00000000000..db74f91497e
--- /dev/null
+++ b/SPECS/nginx/0006-performance-tuning-nginx-conf.patch
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kshitiz Godara <kgodara@microsoft.com>
+Date: Thu, 22 May 2026 00:00:00 +0000
+Subject: [PATCH] conf: performance tuning for nginx.conf
+
+Set worker_processes to auto with CPU affinity and enable tcp_nopush
+for improved performance.
+
+---
+ conf/nginx.conf | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/conf/nginx.conf b/conf/nginx.conf
+index 29bc085..a1b2c3d 100644
+--- a/conf/nginx.conf
++++ b/conf/nginx.conf
+@@ -1,6 +1,7 @@
+
+ #user  nobody;
+-worker_processes  1;
++worker_processes auto;
++worker_cpu_affinity auto;
+
+ #error_log  logs/error.log;
+ #error_log  logs/error.log  notice;
+@@ -25,7 +26,7 @@
+     #access_log  logs/access.log  main;
+
+     sendfile        on;
+-    #tcp_nopush     on;
++    tcp_nopush on;
+
+     #keepalive_timeout  0;
+     keepalive_timeout  65;
diff --git a/SPECS/nginx/nginx.spec b/SPECS/nginx/nginx.spec
index 4193be91222..4efaadec01b 100644
--- a/SPECS/nginx/nginx.spec
+++ b/SPECS/nginx/nginx.spec
@@ -6,7 +6,7 @@ Name:           nginx
 # Currently on "stable" version of nginx from https://nginx.org/en/download.html.
 # Note: Stable versions are even (1.20), mainline versions are odd (1.21)
 Version:        1.28.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -30,6 +30,7 @@ Patch7:         CVE-2026-40701.patch
 Patch8:         CVE-2026-42934.patch
 Patch9:         CVE-2026-42945.patch
 Patch10:        CVE-2026-42946.patch
+Patch11:        0006-performance-tuning-nginx-conf.patch
 BuildRequires:  libxml2-devel
 BuildRequires:  libxslt-devel
 BuildRequires:  openssl-devel
@@ -80,6 +81,9 @@ tar -C nginx-njs -xf %{SOURCE2}
 
 %build
 sh configure \
+    --with-cc-opt='-O2 -flto=auto -ffat-lto-objects' \
+    --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' \
+    --with-threads \
     --add-module=../nginx-njs/njs-%{njs_version}/nginx   \
     --conf-path=%{_sysconfdir}/nginx/nginx.conf    \
     --error-log-path=%{_var}/log/nginx/error.log   \
@@ -172,6 +176,9 @@ rm -rf nginx-tests
 %dir %{_sysconfdir}/%{name}
 
 %changelog
+* Fri May 22 2026 Kshitiz Godara <kgodara@microsoft.com> - 1.28.3-3
+- Performance tuning: set worker_processes auto with CPU affinity, enable tcp_nopush
+
 * Fri May 15 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.28.3-2
 - Patch for CVE-2026-42946, CVE-2026-42945, CVE-2026-42934, CVE-2026-40701, CVE-2026-40460
 
@@ -239,7 +246,7 @@ rm -rf nginx-tests
 - Enable http2 support
 
 * Fri Oct 28 2022 Cameron Baird <cameronbaird@microsoft.com> - 1.22.1-1
-- Move to stable release 
+- Move to stable release
 
 * Tue Oct 25 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.23.2-1
 - Upgrade to 1.23.2 (fixes CVE-2022-41741 and CVE-2022-41742)