Here's some tips which I applied recently on one busy ded server and the result was a significant reduce in disk I/O load and so faster speed, lesser load avg.
- mount /tmp in ramdisk : Here's the /etc/fstab file line related to tmp :
none /tmp tmpfs nr_inodes=200k,mode=01777,nosuid,nodev 0 0
Check if php uses /tmp as session.save_path , mysql also uses /tmp as tmpdir (mysqladmin variables | grep tmpdir). I've notices on websites with high join queries, mysql has a lot of I/O in /tmp so it's recommended to mount this to ram instead of hdd.
- Mysql datadir : /var/lib/mysql , recommended to mount in a SSD disk which will give you much greater performance.
- nginx + php-fpm : There're lots of resources on web suggesting that nginx+php-fpm have much more performance rather than php via apache2 handler.
- ... I'll update this post if I found/remember new tricks ...
- More ?
Monday, December 24, 2012
Sunday, December 23, 2012
Security improvement : nginx symlink and php-fpm chroot features
I've found the new directive in nginx old documentation :
Default value is off ! Setting it to if_not_owner is a good security improve and I recommend it.
Also don't miss php-fpm chroot feature ! You can make a chroot jail for working fpm pool by extracting an OS-template to chrooted folder ! (Select the template which matches your main OS). I had to run the following additional commands to make the dns resolving and php working correctly in chrooted jail :
disable_symlinks if_not_owner; # off | on | if_not_owner
Default value is off ! Setting it to if_not_owner is a good security improve and I recommend it.
Also don't miss php-fpm chroot feature ! You can make a chroot jail for working fpm pool by extracting an OS-template to chrooted folder ! (Select the template which matches your main OS). I had to run the following additional commands to make the dns resolving and php working correctly in chrooted jail :
cd jail-path
mknod -m 666 dev/null c 1 3
mknod -m 666 dev/zero c 1 5
mknod -m 666 dev/zero c 1 5
mknod -m 666 dev/random c 1 8
mknod -m 666 dev/urandom c 19
mknod -m 666 dev/urandom c 19
cp /lib/*dns* lib
cp /lib64/*dns* lib64
echo "nameserver 8.8.8.8" > etc/resolv.conf
chown -R user:user .
Friday, December 14, 2012
Install wine with MS Visual C++ and Visual Basic runtimes
I just wanted to use some win downloaders on linux ( Orbit downloader, HiDownload, Net Transport, ... ) but they didn't run correctly on wine.
Install latest version of wine using epel repo on RHEL . Then you'll need to install MS Visual C++ and Visual Basic runtimes to make them working :
wget http://winetricks.org/winetricks
chmod +x winetricks
(apt-get install cabextract OR yum install cabextract)
sh winetricks corefonts vcrun6 vb6run
And that's it !
Install latest version of wine using epel repo on RHEL . Then you'll need to install MS Visual C++ and Visual Basic runtimes to make them working :
wget http://winetricks.org/winetricks
chmod +x winetricks
(apt-get install cabextract OR yum install cabextract)
sh winetricks corefonts vcrun6 vb6run
And that's it !
Subscribe to:
Posts (Atom)
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading... -
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ... -
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...