Linux Web Server Tuning


Web Server Optimization Guide for CentOS - RedHat


I am sure that all web hosts would like to lower the CPU load of their servers, shorten page load times, and boost overall performance. Whether it be to increase profit margin by packing in more customers or to get a Celeron 1.7Ghz handle a popular forum, we can all benefit from server optimization. Below is a compilation of some methods one may use to optimize a web server to serve web pages faster and lower the overall CPU load on the box. The following are some of the best procedures a web host can do to optimize his or her web server

1. Basic Config File Editing

Make a backup of your /etc/my.cnf file by simply typing copy /etc/my.cnf /etc/my.cnf.back , and then perform the following via SSH:

pico /etc/my.cnf
Add in the following entries or replace the current existing ones:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-locking
skip-innodb
query_cache_limit=8M
query_cache_size=256M
query_cache_type=1
max_connections=500
max_user_connections=10
interactive_timeout=20
wait_timeout=20
connect_timeout=6
thread_cache_size=128
key_buffer=16M
join_buffer=1M
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=2M
read_buffer_size=2M
max_connect_errors=10
# Try number of CPU's*2 for thread_concurrency
thread_concurrency=4
myisam_sort_buffer_size=64M
#log-bin
server-id=1

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
#safe-updates

[isamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

Hit CTRL + X to exit and save the file

Now to edit the httpd.conf:

pico /usr/local/apache/conf/httpd.conf (or wherever your httpd.conf is located)

Set "Timeout" value to "Timeout 300"
Change "KeepAlive on" to "KeepAlive off"
Set "MinSpareServers" to "MinSpareServers 8"
Set "MaxSpareServers" to "MaxSpareServers 13"
Set "MaxRequestsPerChild" to "MaxRequestsPerChild 50"
Set "HostnameLookups" to "HostnameLookups Off"

CTRL + X to exit and save the file

Restart Apache and MySQL with:
service httpd restart
service mysql restart OR service mysqld restart

Some people may need to restart the services with /etc/rc.d/init.d/httpd restart and /etc/rc.d/init.d/mysql restart

The above changes can be altered and played around with to suit your server's needs (i.e. if your server is fast or not).

2. Installing Mod_Perl

Mod_Perl description: "mod_perl gives you a persistent Perl interpreter embedded in your web server. This lets you avoid the overhead of starting an external interpreter and avoids the penalty of Perl start-up time, giving you super-fast dynamic content. "

Run these commands via SSH:

wget http://perl.apache.org/dist/mod_perl-1.0-current.tar.gz

tar zxvf tar zxvf mod_perl-1.0-current.tar.gz

cd mod_perl-1.29 (or whatever folder is generated)

perl Makefile.PL

If you see any errors about missing dependencies (such as CGI.pm, LWP::UserAgent & HTML::HeadParser required by mod_perl) you may install them with:

perl -MCPAN -e shell
install HTML::HeadParser

If you had to install any dependencies you must re-run "perl Makefile.PL". Back to setting up mod_perl, after perl Makefile.PL run:

make
make install

Congratulations, you've just installed mod_perl. Restart Apache with:

service httpd restart
OR
/etc/rc.d/init.d/httpd restart


3. Install Turck MMCache for PHP

Description: "Turck MMCache is a free open source PHP accelerator, optimizer, encoder and dynamic content cache for PHP. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. Also it uses some optimizations to speed up execution of PHP scripts. Turck MMCache typically reduces server load and increases the speed of your PHP code by 1-10 times. "

Turck MMCache requires: apache 1.3, mod_php 4.1, autoconf, automake, libtool, m4. You should already have most of these on your server if not use the "apt-get install " command to get them installed. I won't go into detail about this here, you should easily be able to search the net to get them installed.

To install Turck MMCache, perform the following commands via SSH:

wget http://aleron.dl.sourceforge.net/sou...e-2.4.6.tar.gz

export PHP_PREFIX="/usr"

$PHP_PREFIX/bin/phpize

./configure --enable-mmcache=shared --with-php-config=$PHP_PREFIX/bin/php-config

(You must specify the real prefix where PHP is installed in the "export" command. It may be "/usr" "/usr/local", or something else.)

make

make install

Turck MMCache can be installed both as Zend or PHP extension, so you need to edit your php.ini file (usually /etc/php.ini).
To install as Zend extension:

zend_extension="/usr/lib/php4/mmcache.so"
mmcache.shm_size="16"
mmcache.cache_dir="/tmp/mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"

To install as PHP extension:

extension="mmcache.so"
mmcache.shm_size="16"
mmcache.cache_dir="/tmp/mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"

You may need to copy the mmcache.so file to the directory specified to the above paths in the configuration entries.

Create the cache directory:
mkdir /tmp/mmcache
chmod 0777 /tmp/mmcache

Restart Apache with:

service httpd restart
OR
/etc/rc.d/init.d/httpd restart


4. Tuning sysctl.conf

The sysctl.conf of a server is something that is seldom optimized for performance. You can get a tremendous boost in throughput by adjusting these settings. This configuration has been written by Steve from Rack911. I have applied this configuration to servers ranging from Celeron 1.7Ghz to Dual Xeon 2.8Ghz servers, and on the whole, the load on each lowered after making the changes.

First make a backup of your old /etc/sysctl.conf file by running the following command, logged in as root:

cp /etc/sysctl.conf /etc/sysctl.conf.bak

Now enter:
pico /etc/sysctl.conf

and replace the contents of the file with the following:


# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

CTRL + X to exit and save the file

To make your changes take effect immediately, type this command:
/sbin/sysctl -p

You can watch your server load by entering "uptime" command via SSH.

There you have it, a quick few things you can do to your server to boost performance and lower CPU load.

Please feel free to post any comments or suggestions in the forum.


 


Comments

Please login to comment