Nginx php-fpm, mariadb optimalization

3 posts / 0 new
Last post
#1 Sun, 10/28/2018 - 18:48
adamus007p Pro Licensee

Nginx php-fpm, mariadb optimalization

Mon, 10/29/2018 - 20:46
adamus007p Pro Licensee

Hello,

I would like to optimaze Nginx php-fpm7.2, mariadb.

My you advise me how to optimize it? I have VPS, with 2shared CPU and 4GB RAM. Debian 9.5

Webmin version 1.894 Usermin version 1.741 Virtualmin version 6.04 Theme version Authentic Theme 19.20-beta2 Time on system Monday, October 29, 2018 12:42 AM Kernel and CPU Linux 4.9.0-8-amd64 on x86_64 Processor information QEMU Virtual CPU version 2.5+, 2 cores System uptime 53 days, 7 hours, 51 minutes Running processes 318 CPU load averages 2.68 (1 min) 2.10 (5 mins) 1.85 (15 mins) Real memory 1.86 GB used / 3.77 GB total Virtual memory 883.46 MB used / 1.86 GB total

my confing: /etc/php/7.2/fpm/pool.d/www.conf

How should I set up correctly cofig?

pm.max_children = 300 pm.start_servers = 6 pm.min_spare_servers = 4 pm.max_spare_servers = 8 pm.max_requests = 500

php_flag[display_errors] = on php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on php_admin_value[memory_limit] = 512M

is it correct?

Sat, 11/03/2018 - 18:48
marcelorp

Here is my PHP-FPM settings, I like to run in separated file to get all default setting into a single file.

/etc/php-fpm.d/www.conf

[username]
user = username
group = username
listen = /run/php-fpm/username.sock
slowlog = /home/username/logs/php_slow.log
php_admin_value[session.referer_check] = domain.tld
php_admin_value[session.cookie_domain] = domain.tld
php_admin_value[open_basedir] = /home/username/public_html/
php_admin_value[error_log] = /home/username/logs/php_error.log

; Temp
php_admin_value[session.save_path] = /home/username/tmp
php_admin_value[sys_temp_dir] = /home/username/tmp
php_admin_value[soap.wsdl_cache_dir] = /home/username/tmp
php_admin_value[opcache.file_cache] = /home/username/tmp
env[TMP] = /home/username/tmp
env[TMPDIR] = /home/username/tmp
env[TEMP] = /home/username/tmp

; Defaults
include=/etc/codebr/php-fpm/default.conf

; End


/etc/codebr/php-fpm/default.com

; File: /etc/codebr/php-fpm/default.conf
; Author: Marcelo Pavan
; Website: https://codebr.io
; Nginx version: 1.14.0
; PHP-FPM version: 7.2.11

; Default - PHP-FPM
pm = dynamic
pm.max_children = 9999
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
chdir = /
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
listen.allowed_clients = 127.0.0.1
security.limit_extensions = .php

; PHP.ini section
php_admin_value[upload_max_filesize] = 32M
php_admin_value[max_file_uploads] = 20
php_admin_value[post_max_size] = 32M
php_admin_value[memory_limit] = 256M
php_admin_value[max_execution_time] = 600
php_admin_value[max_input_time] = 600
php_admin_value[max_input_vars] = 1000
php_admin_flag[allow_url_fopen] = Off
php_admin_flag[allow_url_include] = Off

; Default - Forced
php_admin_value[output_buffering] = 4096
php_admin_value[disable_functions] =
php_admin_flag[expose_php] = Off
php_admin_flag[log_errors] = On
php_admin_flag[display_errors] = Off
php_admin_flag[display_startup_errors] = Off
php_admin_flag[enable_dl] = Off
php_admin_value[cgi.force_redirect] = 1
php_admin_value[session.save_handler] = files
php_admin_value[session.use_strict_mode] = 1
php_admin_value[session.cookie_secure] = 1
php_admin_value[session.use_cookies] = 1
php_admin_value[session.use_only_cookies] = 1
php_admin_value[session.use_trans_sid] = 0
php_admin_value[session.cookie_httponly] = 1

; Default - Unforced
php_value[date.timezone] = America/Sao_Paulo

; End


It must be tweak to fit in your needs.

All the admin tagged are settings that will overwrite the php.ini, so it will enforce that settings and ignore changes mades direct on php.ini. This will protect you from modifications in the domain php.ini with intention to get more resource than they need.

My MariaDB configuration is the same of the virtualmin generated for me on the initial script installer.

/etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
innodb_file_per_table = 1
thread_concurrency = 8
query_cache_size = 32M
thread_cache_size = 8
myisam_sort_buffer_size = 64M
read_rnd_buffer_size = 8M
read_buffer_size = 2M
sort_buffer_size = 2M
table_open_cache = 512
max_allowed_packet = 1M
key_buffer_size = 384M
local-infile=0

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

!includedir /etc/my.cnf.d



Tuning the kernel

Another thing you could do is to tune the kernel config...I'm using CentOS 7 and here is my settings:
/etc/sysctl.conf

## ::::::::::::::::::::
## ::: Sysctl :::::::::
## ::::::::::::::::::::
## ::: codebr.io ::::::
## ::::::::::::::::::::
## ::::::::::::::::::::
## ::: References :::::
## ::::::::::::::::::::
## ::: https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
## ::: https://wiki.centos.org/FAQ/CentOS7
## ::: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/s-memory-tunables
## ::::::::::::::::::::
## ::::::::::::::::::::
## ::::::::::::::::::::
## ::: Comands ::::::::
## ::::::::::::::::::::
## ::: reload: sysctl -p
## ::::::::::::::::::::

## ::::::::::::::::::::
## ::: Swap :::::::::::
## ::::::::::::::::::::
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 3
vm.vfs_cache_pressure = 50

## ::::::::::::::::::::
## ::: Disable IPv6 :::
## ::::::::::::::::::::
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

## ::::::::::::::::::::
## ::: Turn timestamps off to reduce performance spikes related to timestamp generation
## ::::::::::::::::::::
net.ipv4.tcp_timestamps = 0

## ::::::::::::::::::::
## ::: Avoid a smurf attack
## ::::::::::::::::::::
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1

## ::::::::::::::::::::
## ::: Turn on protection for bad icmp error messages
## ::::::::::::::::::::
net.ipv4.icmp_ignore_bogus_error_responses = 1

## ::::::::::::::::::::
## ::: Turn on syncookies for SYN flood attack protection
## ::::::::::::::::::::
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_syn_backlog = 32768

## ::::::::::::::::::::
## ::: Turn on and log spoofed, source routed, and redirect packets
## ::::::::::::::::::::
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1

## ::::::::::::::::::::
## ::: No source routed packets here
## ::::::::::::::::::::
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

## ::::::::::::::::::::
## ::: Turn on reverse path filtering
## ::::::::::::::::::::
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

## ::::::::::::::::::::
## ::: Make sure no one can alter the routing tables
## ::::::::::::::::::::
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

## ::::::::::::::::::::
## ::: Don't act as a router
## ::::::::::::::::::::
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

## ::::::::::::::::::::
## ::: Turn on execshild
## ::::::::::::::::::::
# kernel.exec-shield = enable by default on CentOS 7x
kernel.randomize_va_space = 2

## ::::::::::::::::::::
## ::: TCP and memory optimization
## ::: increase TCP max buffer size setable using setsockopt()
## ::: increase Linux auto tuning TCP buffer limits
## ::::::::::::::::::::
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
net.ipv4.tcp_window_scaling = 1
net.core.netdev_max_backlog = 5000

## ::::::::::::::::::::
## ::: Optimization for port usefor LBs
## ::: increase system file descriptor limit
## ::::::::::::::::::::
fs.file-max = 131072
fs.suid_dumpable = 0
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

## ::::::::::::::::::::
## ::: Allow for more PIDs (to reduce rollover problems); may break some programs 32768
## ::::::::::::::::::::
kernel.pid_max = 131072

## ::::::::::::::::::::
## ::: Change the amount of incoming connections and incoming connections backlog
## ::::::::::::::::::::
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144

## ::::::::::::::::::::
## ::: Increase system IP port limits
## ::::::::::::::::::::
net.ipv4.ip_local_port_range = 2000 65000

## ::::::::::::::::::::
## ::: RFC 1337 fix
## ::::::::::::::::::::
net.ipv4.tcp_rfc1337 = 1

## ::::::::::::::::::::
## ::: End ::::::::::::
## ::::::::::::::::::::