Comments (4)
Thanks, please review if interested and let us know if any other suggestions. We will add the kernel config to the ss-install
script after tests appear stable:
https://github.com/littlebizzy/slickstack/blob/master/ubuntu/sysctl.txt
Also for reference:
https://github.com/littlebizzy/slickstack/blob/master/nginx/nginx-conf.txt
from slickstack.
On first glance it looks good. Removes most of what I call, "the rakes in the yard that cause 502 errors".
Might need a note attached saying, "This is so that you don't run into common errors that force you to pay someone a consulting fee for a few simple tunables. Be aware that nginx, php, and your database are all competing for the same resources if you run them on the same host. These settings should work fine behind Cloudflare, and you should be using it since it's free. If you aren't using Cloudflare, you can adjust these down as necessary or move the DB to a different host."
So... awesome job. very thorough.
People spend a lot of time trying to use plugins with CF, but it I think these two rules protect the main site with all the tunables maxed, but offload the heaviest lifting (images) entirely.
example.com/wp-content/uploads/ Cache-Everything
example.com/ Cache-Standared Origin Cache Control
Nginx works as a second level cache so you don't need the bypass-on-cookie 20 buck tax. Woocomm even works with those rules and with or without a second level nginx cache in place, so they're pretty safe. Maybe you have a better rule recommendation for the free plan too as I haven't tested those thoroughly yet beyond some ecom sites (and those sites never double-sell items, have cart issues, etc).
You've done a good job democratizing the knowledge.
I might have one of my interns actually draw a diagram for this and submit it you. :-)
from slickstack.
I suggest setting the net.core.somaxconn to 4096 as a minimum with the current nginx config, or 65535.
net.core.somaxconn
and tons of other rules now optimized in our latest Ubuntu kernel, and I've gone ahead and made this part of the ss-install
process now:
https://github.com/littlebizzy/slickstack/blob/master/ubuntu/sysctl.txt
Previously, the default kernel was not modified.
I think conventional wisdom is that at high concurrency, you really want to be using loopback instead of the domain socket for php-fpm at the level you are setting nginx at.
From my understanding, Unix sockets are better due to acting as a "shortcut" in the stack instead of having to go through various networking layers, etc:
https://unix.stackexchange.com/questions/91774/performance-of-unix-sockets-vs-tcp-ports
https://stackoverflow.com/questions/257433/postgresql-unix-domain-sockets-vs-tcp-sockets/257479
Anyway let's keep this topic focus on the net.core
kernel rules if possible. Please kindly create new Issues if you can expand more on your other suggestions, thanks! 🤓
from slickstack.
Okay I understand now why you lumped some of these topics together. After further research I've changed the Nginx and PHP-FPM config to 127.0.0.1
(TCP/IP) instead of sockets:
https://github.com/littlebizzy/slickstack/blob/master/php-fpm/www-conf.txt
https://github.com/littlebizzy/slickstack/blob/master/nginx/server-block-single-site.txt
It seems Unix sockets are technically faster, but with two drawbacks:
- More disk I/O over the long-term
- At extremely high traffic, the risk of socket errors
The security concerns regarding TCP/IP are largely mitigated with listen.allowed_clients
from slickstack.
Related Issues (20)
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- sudo user and sftp user HOT 1
- Perform custom tasks during certain SlickStack scripts
- Invalid user mysql:mysql error when using remote database
- Ensure more privacy for openssl cert generation. HOT 10
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 2
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 8
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
- Improve WP-Cron robustness for Multisite environments HOT 3
- Scanning WordPress core files to check if intact or broken HOT 4
- Redirect .php extension to WordPress if not exists HOT 4
- Why deny /wp-admin/load-styles.php and /wp-admin/load-scripts.php? HOT 3
- Nginx access log enabled by default but nginx.conf says not HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.