How to tune apache/httpd performance on Linux

How to tune apache performance on Linux

The best performance to increase your Apache server with Websit, Monitoring tools, Redmine like that so on.

To add the bellow lines into your httpd.conf for apache configuration:

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

Note: First of all, whenever an apache is started, it will start 2 child processes which is determined by StartServers parameter. Then each process will start 25 threads determined by ThreadsPerChild parameter so this means 2 process can service only 50 concurrent connections/clients i.e. 25×2=50. Now if more concurrent users comes, then another child process will start, that can service another 25 users. But how many child processes can be started is controlled by ServerLimit parameter, this means that in the configuration above, I can have 16 child processes in total, with each child process can handle 25 thread, in total handling 16×25=400 concurrent users. But if number defined in MaxClients is less which is 200 here, then this means that after 8 child processes, no extra process will start since we have defined an upper cap of MaxClients. This also means that if I set MaxClients to 1000, after 16 child processes and 400 connections, no extra process will start and we cannot service more than 400 concurrent clients even if we have increase the MaxClient parameter. In this case, we need to also increase ServerLimit to 1000/25 i.e. MaxClients/ThreadsPerChild=40 So this is the optmized configuration to server 1000 clients

Timeout:-

The default value is 300. You should set time to something a bit lower. A setting of 150 is probably ok

# Timeout 150

StartServers:-

Sets the number of child server processes created on startup

# StartServers 5

MinSpareServers:-

Apache will fork new child-processes until MinSpareServers is satisfied.

Virtualized server, ie VPS 5
Dedicated server with 1-2GB RAM 10
Dedicated server with 2-4GB RAM 20
Dedicated server with 4+ GB RAM 25

# MinSpareServers 5

MaxSpareServers:-

MaxSpareServers directive sets the desired maximum number of idle child server processes. we should set the value as double the value of MinSpareServers. For example MinSpareServers 5 means SpareServers 10

# MaxSpareServers 10

ServerLimit:-

This value should be same as MaxClients

# ServerLimit 256

MaxClients:-

The maximum amount of requests that can be served simultaneously, with any number going past the limit being queued.

For virtualized servers such as VPS accounts, it is recommended to keep this value at 150. For all dedicated servers the recommended value for this setting is 256.

# MaxClients 256

MaxRequestsPerChild:-

This should not be set too low as it will put an unnecessary load on the apache server to recreate the child. Once the number of requests reaches the value specified, the child process will die. When this value is set at 0, then the process will never expire.

Virtualized server, ie VPS 500
Dedicated server with 1-4GB RAM 1000 to 4000
Dedicated server with 4+GB RAM set 0

# MaxRequestsPerChild 4000

 

How to Install WordPress with Apache Web Server on CentOS

How to Install WordPress On Apache Web Server

1. To install wordpress basic software requirement

# yum install httpd mariadb mariadb-server php php-common php-mysql php-gd php-xml php-mbstring php-mcrypt php-xmlrpc unzip wget

2. To configure mysql

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

3. To Create database on mysql for wordpress

# mysql -u root -p

mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL PRIVILEGES on wordpress.* to ‘wordpress’@’localhost’ IDENTIFIED BY ‘SECRET@123’;
mysql> FLUSH PRIVILEGES;
mysql> quit

4. To download wordpress file and configure

# cd /tmp/
# wget http://wordpress.org/latest.tar.gz

# tar -xzvf latest.tar.gz -C /var/www/html/
# cd /var/www/html/wordpress
# cp wp-config-sample.php wp-config.php

# vi wp-config.php // Open a file and change as follow

define(‘DB_NAME’, ‘wordpress’);
define(‘DB_USER’, ‘wordpress’);
define(‘DB_PASSWORD’, ‘SECRET@123’);

5. To Create virtual host for wordpress

# vi /etc/httpd/conf/httpd.conf

VirtualHost *:80>
ServerAdmin webmaster@lqs.co.in
DocumentRoot /var/www/html
ServerName lqs.co.in
ErrorLog /var/log/httpd/wordpress-error-log
CustomLog /var/log/httpd/wordpress-acces-log common
</VirtualHost>

6. To start/restart apache and mysql

# service httpd start
# service mysqld start
# chkconfig httpd on
# chkconfig mysqld on

or

# systemctl start httpd
# systemctl start mysqld
# systemctl enable httpd
# systemctl enable mysqld

7. To open your browser and hostname or IP address

http://ip-address or hostname

 

 

 

All the best !.  🙂

 

How to install SSL certificate on Apache for CentOS 7

How to install SSL certificate on Apache for CentOS 7

To installl SSL

[root@web]# yum install mod_ssl openssl

Installed:
mod_ssl.x86_64 1:2.4.6-45.el7.centos.4

Updated:
openssl.x86_64 1:1.0.1e-60.el7_3.1

Dependency Updated:
openssl-libs.x86_64 1:1.0.1e-60.el7_3.1

Complete!

[root@web]# mkdir /etc/httpd/ssl -p

To generate a private key ca.key

[root@web conf.d]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
…………………………………………….+++
………………………………………………………………………………………………………………………………….+++
e is 65537 (0x10001)
[root@web ssl]# ls
ca.key

To generate the certificate signing request cs.csr

[root@web ssl]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:io
State or Province Name (full name) []:Tamilnadu
Locality Name (eg, city) [Default City]:Chennai
Organization Name (eg, company) [Default Company Ltd]:LQS
Organizational Unit Name (eg, section) []:RIM
Common Name (eg, your name or your server’s hostname) []:web.server.lan
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:root@123
An optional company name []:
[root@web ssl]# ls
ca.csr ca.key

Finally, generate a self-signed certificate ca.crt

[root@web ssl]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=io/ST=Tamilnadu/L=Chennai/O=Fourth Dimenstion/OU=RIM/CN=web.server.lan
Getting Private key

[root@web ssl]# ls
ca.crt ca.csr ca.key

[root@web ssl]# cp ca.crt /etc/pki/tls/certs/
[root@web ssl]# cp ca.crt /etc/pki/tls/certs/
[root@web ssl]# cp ca.key /etc/pki/tls/private/
[root@web ssl]# cp ca.csr /etc/pki/tls/private/
[root@web ssl]#

To editing the SSL config file:

[root@web ssl]# vi /etc/httpd/conf.d/ssl.conf

Uncomment the DocumentRoot and ServerName like as follows:

DocumentRoot “/var/www/html”
ServerName 10.100.100.123:443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

[root@web ssl]# systemctl restart httpd

For Virtual Apache Hosting as follow:

[root@web ssl]# /etc/httpd/conf.d/ssl.conf

add buttom of the file.

</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

ServerName http://www.dilli.com
ServerAlias dilli.com
DocumentRoot /var/www/html/www.dilli.com
ErrorLog /var/www/html/www.dilli.com/error.log
CustomLog /var/www/html/www.dilli.com/access.log combined

</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

ServerName http://www.sk.com
ServerAlias sk.com
DocumentRoot /var/www/html/www.sk.com
ErrorLog /var/www/html/www.sk.com/error.log
CustomLog /var/www/html/www.sk.com/access.log combined

</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

ServerName http://www.srini.com
ServerAlias srini.com
DocumentRoot /var/www/html/www.srini.com
ErrorLog /var/www/html/www.srini.com/error.log
CustomLog /var/www/html/www.srini.com/access.log combined

</VirtualHost>

 

How to configure HTTP load balancer with HAProxy on Linux

How to configure HTTP load balancer with HAProxy on Linux CentOS 6/7

HAProxy or High Availability Proxy is an open source TCP and HTTP load
balancer and proxy server software.

Prerequisites (3 servers)

1. Loadbalancer – 10.100.100.125

2. Webserver 1 – 10.100.100.123

3. Webserver 2 – 10.100.100.124
Configure HAProxy

I’m assume that there are two HTTP web servers up and running with IP
addresses 10.100.100.123 and 10.100.100.124. We also assume that the load
balancer will be configured at a server with IP address 10.100.100.125.

Step 1 – Configure host /etc/hosts files

# vi /etc/hosts

[root@loadbalancer]# cat /etc/hosts

10.100.100.125 loadbalancer loadbalancer.server.com

10.100.100.123 web1 web1.server.com
10.100.100.124 web2 web2.server.com

Step 2 – Install HAProxy on CentOS 6

# yum install haproxy

Step 3 – Configure HAProxy

Update your HAProxy configuration file /etc/haproxy/haproxy.cfg as per
your requirement, You may also use below given configuration file as an
example of setup and modify it.

# vim /etc/haproxy/haproxy.cfg

global

log 127.0.0.1 local2 # => log 127.0.0.1 local0

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
nbproc 1 # Number of processing cores.

defaults

mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#———————————————————————
# main frontend which proxys to the backends
#———————————————————————

frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main
backend app-main
balance roundrobin
server web1 10.100.100.123:80 check
server web2 10.100.100.124:80 check

[root@loadbalancer ~]# /etc/init.d/haproxy restart
Stopping haproxy: [ OK ]
Starting haproxy: [ OK ]
[root@loadbalancer ~]#
Step 4 – Configure HAProxy rsyslog

# vi /etc/rsyslog.conf

Uncomment this line to enable the UDP connection:

$ModLoad imudp
$UDPServerRun 514

Then create new haproxy configuration file for rsyslog:

# cd /etc/rsyslog.d/
# vi haproxy.conf

local0.=info /var/log/haproxy.log #For Access Log
local0.notice /var/log/haproxystatus.log #For Service Info – Backend, loadbalancer

Testing:-

[root@pxeboot ~]# curl 10.100.100.123
This is Dilli Ganesh Server 1 …
[root@pxeboot ~]# curl 10.100.100.124
This is Dilli Ganesh Server 2 …
[root@pxeboot ~]#

[root@pxeboot ~]# curl 10.100.100.125
This is Dilli Ganesh Server 1 …
[root@pxeboot ~]# curl 10.100.100.125
This is Dilli Ganesh Server 2 …
[root@pxeboot ~]# curl 10.100.100.125
This is Dilli Ganesh Server 1 …
[root@pxeboot ~]# curl 10.100.100.125
This is Dilli Ganesh Server 2 …