Performance Tuning

[zoom]

I'm trying to determine what would be a good configuration for a site getting on avg 12000 hits per day. I'm running on a VPS with 2GB memory with the LiteSpeed Enterprise version. Are the settings below acceptable?

Max Connections: 500
PHP_LSAPI_MAX_REQUESTS=500
PHP_LSAPI_CHILDREN=50

Memory Soft Limit: 500M
Memory Hard Limit: 550M
Process Soft Limit: 500
Process Hard Limit: 550

DDOS Settings:

Per Client Static Reqs/sec: 200
Per Client Dyn Reqs/sec: 200

 

[mistwang]

change "Max connections" to "50", it must not be higher than "PHP_LSAPI_CHILDREN"

Your DDoS setting does not protect you from request flood at all, start from

Per Client Static Reqs/sec: 20
Per Client Dyn Reqs/sec: 1 or 2

 

[anewday]

What is the soft and hard limits under the Security tab?

 

[zoom]

anewday,

The Server Level settings for "External Application Resource" are as follows.

CPU Soft Limit (sec): 300
CPU Hard Limit (sec): 600
Memory Soft Limit (bytes): 250M
Memory Hard Limit (bytes): 300M
Process Soft Limit: 400
Process Hard Limit: 450

I'm not sure if these values come into play since I'm setting the External Application resources at the vhost level.

 

[anewday]

CPU Soft Limit (sec): 300
CPU Hard Limit (sec): 600

There is no global setting for these.

 

[zoom]

Yes there is a global setting at the Server level for the CPU Limits. However, the global settings (below) seem to be acceptable.

CPU Soft Limit (sec): 300
CPU Hard Limit (sec): 600

Using a soft limit of 300 seconds of CPU time for an external application should be okay in my situation.

 

[anewday]

I don't see the global settings for those under External Apps for lsphp4 or lsphp5.

What are your soft and hard limits for connections under the DDOS settings?

 

[hadyabed]

I recommend putting 20 for connection soft limit and 30 for connection hard limit, and set the grace period to 15 seconds and banned period to 2500 seconds.
-Hady Abed

 

[anewday]

I recommend putting 20 for connection soft limit and 30 for connection hard limit, and set the grace period to 15 seconds and banned period to 2500 seconds.
-Hady Abed

You'll have many banned ips with those settings.

 

[hadyabed]

You'll have many banned ips with those settings.

I've never had a problem with those settings. Pretty sure they're the same settings mistwang recommended in one of his posts a while back.
-Hady Abed

 

[anewday]

I've never had a problem with those settings. Pretty sure they're the same settings mistwang recommended in one of his posts a while back.
-Hady Abed

Most web browsers open 30 or more connections to download a page and not to mention 15 seconds may not be enough time to load a page completely on a dialup connection.

What kind of sites do you have? For forums with many js, css, php, images, there should be many banned IPs.

 

[mistwang]

It depends on the number of images linked from that page.
FireFox 3 is more aggressive on open new connections.
You should add "Expires header" to those static files, so the client only need to load them once for a while.

Remember, only count connections in ESTABLISHED state.

 

[anewday]

I set the Hard Limit to 100 today and so far, there is one banned IP. The person was using Opera to browse the coppermine gallery. I don't know if their connection is slow or what.

George, maybe there should be a grace period for Hard Limit too. I can't seem to find a good value.

 

[anewday]

I set expires headers for images, css, and javascript to 12 hours now. But, that will have no effect on new visitors loading the content for the first time.

 

[anewday]

I just noticed that litespeed admin panel shows the followiing under Expires Settings in General tab.

image/*=A604800, text/css=A604800, application/x-javascript=A604800

(these are default, I believe)

But, I have the following in /usr/local/apache/conf/httpd.conf

<IfModule mod_expires.c>
ExpiresActive On  
ExpiresByType image/gif A43200
ExpiresByType image/png A43200
ExpiresByType image/jpg A43200
ExpiresByType image/jpeg A43200
ExpiresByType text/css A43200
ExpiresByType text/javascript A43200
</IfModule>

What should I do now?

Can I write ExpiresByType image/* A43200 instead of listing each image type above? And, which is correct? text/javascript or application/javascript ?

 

[mistwang]

The configuration in httpd.conf will be used for Apache vhosts. Yes, you can use image/*, if the MIME type does not exist, you have set it explicitly.
You need to find out what MIME is used for ".js" and set expiring configuration accordingly.

 

[anewday]

If I import Apache vhosts, the /usr/local/apache/conf/mime.types file will be used? And the LS admin panel (/config/confMgr.php?m=serv&p=general&)t=SERV_MIME_TOP edits that file, right?

 

[miracle]

I set the Hard Limit to 100 today and so far, there is one banned IP. The person was using Opera to browse the coppermine gallery. I don't know if their connection is slow or what.

George, maybe there should be a grace period for Hard Limit too. I can't seem to find a good value.

The same is happening on my forums on topics with many images/attachments. If there is a grace period for hard limit, it would eliminate many banned IPs of legitimate users. Most of the IPs are using Opera, it seems to open many connections to download the files on a page.