Jump to content

First week with IPS4..


LinkMania

Recommended Posts

So i run with three layers of caching on this old intel dual xeon 2,5 ghz dedicated box with 8 gb of ddr2 fb-dimm and a faecesty pair of 250 GB hdd into raid1:

  1. mariadb 10.0.0.20 with a query cache of 512 MB (still more to tweak per mysqltuner's future reports)
  2. php-fpm 5.6.10 with opcache of only 256 MB
  3. memcached 1.4.24 with 2 GB of memory lock so far.

And my 2005 old forum (6 GB worth of mysql database) runs insanely fast, everything loads and renders instantly even the ACP operations.

 

Hey @LinkMania care to share your nginx config? 

Mkay.. /etc/nginx/nginx.conf looks like this (notice the 7 workers on my 8 core system, also i have regenerated manually dhparam.pem so i can make the ssl qualys test go crazy in my favor with openssl dhparam -out /etc/nginx/dhparam.pem 2048):

user http http;
worker_processes 7;

events { worker_connections  2048; multi_accept on; }

http {
    include       mime.types;
    default_type  application/octet-stream; server_tokens off;
	client_max_body_size 32M; client_body_buffer_size 32M;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent $request_time "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

	sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 35;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/nginx/dhparam.pem;
	ssl_session_cache shared:SSL:50m; ssl_session_timeout 15m;
	ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA";

    gzip on; gzip_static on; gzip_vary on; gzip_proxied any; gzip_disable "msie6";
    gzip_comp_level 9; gzip_min_length 1100; gzip_buffers 8 32k;
	gzip_types text/plain text/js text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/jpeg image/gif image/x-icon;

	include /etc/nginx/conf.d/*.conf;

}

And the included vhost config of my website (which has a valid ssl certificate for acp and secure logins):

server {
	listen 80;
	listen [::]:80;
	listen 443 ssl spdy;
	listen [::]:443 ssl spdy;
	ssl_stapling on; ssl_stapling_verify on; 
	resolver 8.8.4.4 8.8.8.8 valid=300s; resolver_timeout 10s;
	ssl_certificate /etc/nginx/EDITED-WEBSITE.pem;
	ssl_certificate_key /etc/nginx/EDITED-WEBSITE.key;

	root /srv/http/;
	index index.php index.html;

	server_name www.EDITED-WEBSITE.tld EDITED-WEBSITE.tld;
	access_log  /var/log/nginx/www.EDITED-WEBSITE.tld_access.log;
	error_log /var/log/nginx/www.EDITED-WEBSITE.tld_error.log;
	location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|bz2)$ {
       access_log off; log_not_found off; expires max; }
	location / { try_files $uri $uri/ /index.php?$args;}

	location ~ \.php$ {
	include fastcgi.conf;
	fastcgi_connect_timeout 30;
	fastcgi_send_timeout 180;
	fastcgi_read_timeout 300;
	fastcgi_buffer_size 1024k;
	fastcgi_buffers 8 512k;
	fastcgi_busy_buffers_size 1024k;
	fastcgi_temp_file_write_size 1024k;
#	fastcgi_intercept_errors on;
	fastcgi_keep_conn on;
	fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
	}

	location ~ /\.ht {
		deny all;
	}
}

These are not perfect but seems to work very very nice.

Link to comment
Share on other sites

  • Management

I'm a big fan of keeping my setup a very simple LAMP to start off with. Then I like to see how much tuning I can get out of that standard setup. Once I feel I have tuned it as much as I can then I will start introducing memcached and opcache. I just think you cannot overstate the importance of having your base-technology (web server and MySQL) well configured before you start getting all the more advanced things. But that's not really what we're talking about here but I'm a sharer like that :)

Link to comment
Share on other sites

I'm a big fan of keeping my setup a very simple LAMP to start off with. Then I like to see how much tuning I can get out of that standard setup. Once I feel I have tuned it as much as I can then I will start introducing memcached and opcache. I just think you cannot overstate the importance of having your base-technology (web server and MySQL) well configured before you start getting all the more advanced things. But that's not really what we're talking about here but I'm a sharer like that :)

Charles, do you guys run Apache, nginx, or something else?

Sure would be nice if IPS shared their setup/recommendations/configs! :) 

Link to comment
Share on other sites

They are using Apache:

[root@ ~]# curl -I community.invisionpower.com
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Date: Fri, 26 Jun 2015 01:49:54 GMT
Location: https://community.invisionpower.com/
Server: Apache
Connection: keep-alive
Set-Cookie: visid_incap_321307=Rd+hcZkqRTe4HXZI0CvbC8GvjFUAAAAAQUIPAAAAAACD5K3h66V+9nN8B72LffW1; expires=Sat, 24 Jun 2017 06:19:31 GMT; path=/; Domain=.invisionpower.com
Set-Cookie: nlbi_321307=ZvQgbV3isHyJHTeHFBNQAwAAAACstoRRgGM7AbLYc4rco7pl; path=/; Domain=.invisionpower.com
Set-Cookie: incap_ses_260_321307=FEnBEXSMYnHlKWf7YrWbA8GvjFUAAAAAkhIyUOEAJk02m4iHuSs8YQ==; path=/; Domain=.invisionpower.com
X-Iinfo: 10-177153858-177153859 NNNY CT(96 -1 0) RT(1435283393755 0) q(0 0 1 0) r(2 2) U5
X-CDN: Incapsula

Link to comment
Share on other sites

Too much nerd talk. Can't compute! Can't compute :(

With that said, I am glad to see a followup and it appears things have gotten better?

Its actually a fine 2015 web product but it is still far from perfect. I am quite annoyed at the moment of the unsafe web elements via my GlobeSSL certificate setup. Cannot see the goddamn editor unless i tell the browser to ignore unsafe stuff..

Link to comment
Share on other sites

Its actually a fine 2015 web product but it is still far from perfect. I am quite annoyed at the moment of the unsafe web elements via my GlobeSSL certificate setup. Cannot see the goddamn editor unless i tell the browser to ignore unsafe stuff..

From an inexperienced admin pov, It mostly works well for me on my own site. But it makes me wonder what optimizations I should be doing to further improve it and I am just unaware of it lol.

Link to comment
Share on other sites

  • Management

Charles, do you guys run Apache, nginx, or something else?

Sure would be nice if IPS shared their setup/recommendations/configs! :) 

We run standard LAMP on this site right now. No memcached. Nothing fancy. We want to be sure we get the software running well on a standard environment before going nuts with fancy technology :)

Link to comment
Share on other sites

I would like to also congratulate the IP team for finally making a solid e-mail system (templates and code) that actually works ! Since few days in IPS4 my exim daemon is busy working and the messages look really nice in my inbox. Also they don't seem to hit any spam filters from what i have learned from users.

Link to comment
Share on other sites

We run standard LAMP on this site right now. No memcached. Nothing fancy. We want to be sure we get the software running well on a standard environment before going nuts with fancy technology :)

my.cnf settings? clustered database? httpd config? 

Link to comment
Share on other sites

Well, i had a mild heart attack while watching my 8 cores going to 100% while i manually ran the tasks. I left the linux cron do its job and it calmed down. Also i had the Topic feed widget on the front page while the load was high..

Link to comment
Share on other sites

  • 2 weeks later...

I am actually dissapointed of the bugs in the latest releases over the last month, i do not remember having so much trouble and waiting so much for support to fix stuff with all the years i used the 3.4.x versions.. Now i have to put another ticket for another game breaking bug regarding two of my administrators that cannot log in anymore and i cannot edit their profiles in ACP anymore..

Link to comment
Share on other sites

I am actually dissapointed of the bugs in the latest releases over the last month, i do not remember having so much trouble and waiting so much for support to fix stuff with all the years i used the 3.4.x versions.. Now i have to put another ticket for another game breaking bug regarding two of my administrators that cannot log in anymore and i cannot edit their profiles in ACP anymore..

4.0.10.2 is out :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...