Herramientas de usuario

Herramientas del sitio


openbsd:webserver

Diferencias

Muestra las diferencias entre dos versiones de la página.

Enlace a la vista de comparación

openbsd:webserver [2017/11/19 18:25] (actual)
jherrero creado
Línea 1: Línea 1:
 +====== OpenBSD Web Server ======
 +
 +===== kernel variables =====
 +
 +http://​man.openbsd.org/​sysctl
 +
 +<​code>​
 +To retrieve the maximum number of processes allowed in the system:
 +   $ sysctl kern.maxproc
 +
 +To set the maximum number of processes allowed in the system to 1000:
 +   # sysctl kern.maxproc=1000
 +   
 +To retrieve information about the load average history:
 +   $ sysctl vm.loadavg
 +
 +To set the amount of shared memory available in the system and the maximum number of shared memory segments:
 +   # sysctl kern.shminfo.shmmax=33554432 ​
 +   # sysctl kern.shminfo.shmseg=32
 +</​code>​
 +
 +<​code>​
 +# sysctl kern
 +
 +Optimizaciones [[http://​nsmwiki.org/​OpenBSD_Performance|nsmwiki.org]]
 +
 +<​code>​
 +net.inet.tcp.recvspace=65535
 +net.inet.tcp.sendspace=65535
 +net.inet.ip.maxqueue=2048
 +kern.somaxconn=2048
 +net.bpf.bufsize=2097152
 +net.bpf.maxbufsize=4194304
 +net.inet.ip.portfirst=32768
 +net.inet.ip.portlast=49151
 +net.inet.ip.porthifirst=49152
 +net.inet.ip.porthilast=65535
 +kern.seminfo.semmni=1024
 +kern.seminfo.semmns=4096
 +kern.shminfo.shmmax=67018864
 +kern.shminfo.shmall=32768
 +</​code>​
 +
 +
 +===== login.conf =====
 +https://​measureofchaos.wordpress.com/​2011/​07/​27/​openbsd-file-descriptor-limits/​
 +
 +OpenBSD seems to come configured by default with a really low file descriptor limit (128) so increasing it is needed for daemons which are going to open a lot of network connections.
 +
 +The limits are configured in two places; the system global limit (total files open by all processes) is set in a sysctl:
 +
 +sysctl kern.maxfiles=7030
 +
 +The per-login/​process limits are set via /​etc/​login.conf via the openfiles directive. This is further split into openfiles-cur and openfiles-max (current, e.g. the initial value for a new login, and maximum, which is the largest value you can then increase the limit to using ulimit -n)
 +
 +
 +<​code>​
 +default:\
 +   ...
 +        :​openfiles-cur=1024:​\
 +        :​openfiles-max=4096:​\
 +   ...
 +
 +daemon:\
 +   ...
 +        :​openfiles=4096:​\
 +</​code> ​       ​
 +
 +===== httpd =====
 +
 +http://​man.openbsd.org/​httpd
 +
 +http://​man.openbsd.org/​httpd.conf
 +
 +<​code>​
 +prefork number
 +   Run the specified number of server processes. ​
 +   This increases the performance and prevents delays when connecting ​
 +   to a server. httpd(8) runs 3 server processes by default.
 +</​code>​
 +
 +<​code>​
 +connection option
 +   Set the specified options and limits for HTTP connections. Valid options are:
 + 
 +     max request body number
 +       Set the maximum body size in bytes that the client can send to the server. ​
 +       The default value is 1048576 bytes (1M).
 +     
 +     max requests number
 +       Set the maximum number of requests per persistent HTTP connection. ​
 +       ​Persistent connections are negotiated using the Keep-Alive header in HTTP/​1.0 ​
 +       and enabled by default in HTTP/​1.1. ​
 +       The default maximum number of requests per connection is 100.
 +     
 +     ​request timeout seconds
 +       ​Specify the inactivity timeout for HTTP operations between client and server, ​
 +       for example the maximum time to wait for a request from the client. ​
 +       The default timeout is 60 seconds (1 minute). ​
 +       The maximum is 2147483647 seconds (68 years).
 +
 +     ​timeout seconds
 +       ​Specify the inactivity timeout in seconds for accepted sessions, ​
 +       for example the maximum time to wait for I/O from the FastCGI backend. ​
 +       The default timeout is 600 seconds (10 minutes). ​
 +       The maximum is 2147483647 seconds (68 years).
 +</​code>​
 +===== Redis =====
 +
 +Maximum number of clients
 +
 +In Redis 2.4 there was an hard-coded limit about the maximum number of clients that was possible to handle simultaneously.
 +
 +In Redis 2.6 this limit is dynamic: by default is set to 10000 clients, unless otherwise stated by the maxclients directive in Redis.conf.
 +
 +However Redis checks with the kernel what is the maximum number of file descriptors that we are able to open (the soft limit is checked), if the limit is smaller than the maximum number of clients we want to handle, plus 32 (that is the number of file descriptors Redis reserves for internal uses), then the number of maximum clients is modified by Redis to match the amount of clients we are really able to handle under the current operating system limit.
 +
 +When the configured number of maximum clients can not be honored, the condition is logged at startup as in the following example:
 +
 +<​code>​
 +$ ./​redis-server --maxclients 100000
 +[41422] 23 Jan 11:​28:​33.179 # Unable to set the max number of files limit to 100032 (Invalid argument), ​
 +setting the max clients configuration to 10112.
 +</​code>​
 +
 +When Redis is configured in order to handle a specific number of clients it is a good idea to make sure that the operating system limit to the maximum number of file descriptors per process is also set accordingly.
 +
 +Under Linux these limits can be set both in the current session and as a system-wide setting with the following commands:
 +
 +<​code>​
 +ulimit -Sn 100000 # This will only work if hard limit is big enough.
 +sysctl -w fs.file-max=100000
 +</​code>​
 +
 +===== monitorizacion =====
 +
 +netstat -m 
 +
 +vmstat -m 
 +
 +==== iperf ====
 +
 +Servidor
 +<​code>​
 +# iperf -s
 +------------------------------------------------------------
 +Server listening on TCP port 5001
 +TCP window size: 16.0 KByte (default)
 +------------------------------------------------------------
 +</​code>​
 +
 +Cliente
 +<​code>​
 +$ iperf -t 60 -i 5 -c
 +</​code>​
 +===== ver además =====
 +
 +  * https://​calomel.org/​network_performance.html
 +  * http://​haerulhatta.blogspot.com.es/​2012/​01/​network-tuning-and-performance-guide.html
 +  * https://​www.daemon-security.com/​bsd-config.html
 +  * [[https://​blog.whatsapp.com/​196/​1-mill%C3%B3n-es-tan-2011?​|WhatsApp:​ 2 millones de conexiones en un servidor]]
 +  * [[http://​marc.info/?​l=openbsd-misc&​m=146912695022150&​w=2|openbsd-misc:​ benchmarking]]
  
openbsd/webserver.txt · Última modificación: 2017/11/19 18:25 por jherrero