buat block pada site configurasi,tambahkan sejajar dengan block server{}
upstream php {
ip_hash;
server unix:/run/php/php7.4-fpm.sock1 weight=100 max_fails=5 fail_timeout=5;
server unix:/run/php/php7.4-fpm.sock2 weight=100 max_fails=5 fail_timeout=5;
server unix:/run/php/php7.4-fpm.sock;
}
kemudian pada block server{}, ubah fastcgi_pass menjadi nama upstream, sesuai contoh php
server{
...
#fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_pass php;
...
}
vim /etc/mysql/mariadb.conf.d/50-server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
skip-name-resolve=1
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer_size = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam_recover_options = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 0
query_cache_type = 0
tmp_table_size = 64M
max_heap_table_size = 64M
table_open_cache = 2100
performance_schema = ON
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Enable the slow query log to see queries with especially long duration
#slow_query_log_file = /var/log/mysql/mariadb-slow.log
#long_query_time = 10
#log_slow_rate_limit = 1000
#log_slow_verbosity = query_plan
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = exclude_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
innodb_buffer_pool_size = 2G
innodb_buffer_pool_instances = 2
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_buffer_size = 8M
innodb_log_file_size = 256M
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates you can use for example the GUI tool "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
#
# Accept only connections using the latest and most secure TLS protocol version.
# ..when MariaDB is compiled with OpenSSL:
# ssl-cipher=TLSv1.2
# ..when MariaDB is compiled with YaSSL (default in Debian):
# ssl=on
#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
#
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
#
# * Unix socket authentication plugin is built-in since 10.0.22-6
#
# Needed so the root database user can authenticate without a password but
# only when running as the unix root user.
#
# Also available for other users if required.
# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.1 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.1]
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
events {
#worker_connections 768;
# multi_accept on;
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100000;
types_hash_max_size 2048;
types_hash_bucket_size 128;
# server_tokens off;
client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
output_buffers 1 32k;
postpone_output 1460;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
server_names_hash_bucket_size 64;
#server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
#access_log logs/access.log;
#error_log logs/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/x-javascript text/css application/javascript text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev
link download nginx
http://nginx.org/en/download.html
wget http://nginx.org/download/nginx-1.16.0.tar.gz
tar -xzvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure --with-http_ssl_module --with-http_v2_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --pid-path=/run/nginx.pid
make
make install
jika ada error :
apt install libpcre3-dev
apt install zlib1g-dev
apt install libssl-dev
ref : http://xmodulo.com/compile-install-nginx-web-server.html
mkdir -p {conf.d,sites-available,sites-enabled,snippets,ssl}
useradd -s /bin/false nginx
mkdir -p /home/nginx/domains/default/{logs,public_html}
chown -R nginx: /home/nginx
create config service
vim /lib/systemd/system/nginx.service
add script
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
jika ada error :
systemctl unmask nginx.service
systemctl start nginx or systemctl restart nginx
mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload
systemctl restart nginx
systemctl status nginx
Buka /etc/php5/fpm/pool.d/www.conf
Ubah www-data menjadi user owner pada listen-user, listen-group, listen-port
Ubah php5-fpm-www-data.sock meniadi php5-fpm.sock ### NGINX
Buka /etc/nginx/nginx.conf, ubah www-data menjadi user owner ### OpenVPN
vi /etc/nginx/useragent.rules
map $http_user_agent $badagent {
default 0;
~*malicious 1;
~*backdoor 1;
~*netcrawler 1;
~Antivirx 1;
~Arian 1;
~webbandit 1;
}
** ~* : not case sensitif, ~ : case sensitif
http {
.....
include /etc/nginx/useragent.rules
}
server {
....
if ($badagent) {
return 403;
}
....
}
server {
....
if ($http_user_agent !~* (name_user_agen1|name_user_agen2)) {
return 403;
}
....
}
** !~* artinya blok jika user-agent tidak sama dengan name_user_agen1 atau name_user_agen2
wget http://download.joedog.org/siege/siege-3.0.6.tar.gz
tar -xvpzf siege-3.0.6.tar.gz
cd siege-3.0.6/
./configure
make
make install
ref:
https://www.scalescale.com/tips/nginx/nginx-benchmarking-using-siedge/#
https://www.garron.me/en/go2linux/how-benchmark-stress-your-apache-nginx-or-iis-server.html
https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration
http://stackoverflow.com/questions/7325211/tuning-nginx-worker-process-to-obtain-100k-hits-per-min
https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance
https://tweaked.io/guide/nginx/
https://tweaked.io/guide/kernel/
https://medium.com/@richb_/tweaking-nginx-and-php-fpm-configuration-to-fix-502-bad-gateway-errors-and-optimise-performance-on-17465f41fd87
https://medium.com/@jituboss/nginx-and-php-fpm-optimization-for-high-traffic-web-applications-f790bf1b30fb
https://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/
https://bobcares.com/blog/php-fpm-tuning-high-load/
https://seravo.fi/2013/optimizing-web-server-performance-with-nginx-and-php
http://www.softwareprojects.com/resources/programming/t-optimizing-nginx-and-php-fpm-for-high-traffic-sites-2081.html
Kalo pake vps install nginx, gzip, varnish, sama mod_pagespeed, php 7 pastinya..
Kalo ngerti hhvm 3 pake itu juga kalo gak ngerti gak papa..
kalo udah bener semua jadi 100/100 om, setingan server kontribusinya cuma 8%
sisanya image kecil" di sprite, terus dikompress resolusi sesuaikan dengan layout jangan sampek imagenya 500 * 500 ternyata di display 120 * 120 jelas gak worted, terus turunin juga filespacenya..
gunakan js yang async, dan minify js nya.. kalo untuk css minimalisir css inline gunakan css preprocessor pasang juga task runner, webpack biar diminify, sama di merge juga..
gunakan js seperlunya kalo gak pake task runner.. maksimalkan page jangan sampek filenya kegedean secupknya aja om...
Kalo apache manfaatkan cache browser dan cookies.. edit via htaccess.
pasang cdn, gunakan https, maksimalkan service worker trust me web si om bisa 100/100 saya sudah praktekan di google speed insight dan gtmetrix 100/100
Kalo shared hosting mentok di 92 - 97/100
Nginx configuration using subdirectory
/**
* Data On Nginx Block Server
* root : /usr/share/nginx/html;
* php-fpm : fastcgi_pass 127.0.0.1:9000;
*/
location ^~ /apps {
alias /usr/share/nginx/html/apps/public;
try_files $uri $uri/ @apps;
location ~* \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/apps/public/index.php;
}
}
location @apps {
rewrite ^/apps/(.*)$ /apps/index.php/$1 last; # THIS IS THE IMPORTANT LINE
}
vim /etc/sysctl.conf
###
### GENERAL SYSTEM SECURITY OPTIONS ###
###
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
#Allow for more PIDs
kernel.pid_max = 65535
# The contents of /proc/<pid>/maps and smaps files are only visible to
# readers that are allowed to ptrace() the process
kernel.maps_protect = 1
#Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 2
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65535
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65535
# Restrict core dumps
fs.suid_dumpable = 0
# Hide exposed kernel pointers
kernel.kptr_restrict = 1
###
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
###
# Increase size of file handles and inode cache
fs.file-max = 209708
# Do less swapping
vm.swappiness = 30
vm.dirty_ratio = 30
vm.dirty_background_ratio = 5
# specifies the minimum virtual address that a process is allowed to mmap
vm.mmap_min_addr = 4096
# 50% overcommitment of available memory
vm.overcommit_ratio = 50
vm.overcommit_memory = 0
# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456
kernel.shmall = 268435456
# Keep at least 64MB of free RAM space available
vm.min_free_kbytes = 65535
###
### GENERAL NETWORK SECURITY OPTIONS ###
###
#Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_syn_backlog = 4096
# Disables packet forwarding
net.ipv4.ip_forward = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.default.forwarding = 0
# Disables IP source routing
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 7
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
# Don't relay bootp
net.ipv4.conf.all.bootp_relay = 0
# Don't proxy arp for anyone
net.ipv4.conf.all.proxy_arp = 0
# Turn on the tcp_timestamps, accurate timestamp make TCP congestion control algorithms work better
net.ipv4.tcp_timestamps = 1
# Don't ignore directed pings
net.ipv4.icmp_echo_ignore_all = 0
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65535
# Enable a fix for RFC1337 - time-wait assassination hazards in TCP
net.ipv4.tcp_rfc1337 = 1
# Do not auto-configure IPv6
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.eth0.autoconf=0
net.ipv6.conf.eth0.accept_ra=0
###
### TUNING NETWORK PERFORMANCE ###
###
# Use BBR TCP congestion control and set tcp_notsent_lowat to 16384 to ensure HTTP/2 prioritization works optimally
# Do a 'modprobe tcp_bbr' first (kernel > 4.9)
# Fall-back to htcp if bbr is unavailable (older kernels)
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_notsent_lowat = 16384
# For servers with tcp-heavy workloads, enable 'fq' queue management scheduler (kernel > 3.12)
net.core.default_qdisc = fq
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.core.rmem_default = 262144
net.core.rmem_max = 16777216
# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.core.wmem_default = 262144
net.core.wmem_max = 16777216
# Increase number of incoming connections
net.core.somaxconn = 32768
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 16384
net.core.dev_weight = 64
# Increase the maximum amount of option memory buffers
net.core.optmem_max = 65535
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_orphan_retries = 0
# Limit the maximum memory used to reassemble IP fragments (CVE-2018-5391)
net.ipv4.ipfrag_low_thresh = 196608
net.ipv6.ip6frag_low_thresh = 196608
net.ipv4.ipfrag_high_thresh = 262144
net.ipv6.ip6frag_high_thresh = 262144
# don't cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
# Increase size of RPC datagram queue length
net.unix.max_dgram_qlen = 50
# Don't allow the arp table to become bigger than this
net.ipv4.neigh.default.gc_thresh3 = 2048
# Tell the gc when to become aggressive with arp table cleaning.
# Adjust this based on size of the LAN. 1024 is suitable for most /24 networks
net.ipv4.neigh.default.gc_thresh2 = 1024
# Adjust where the gc will leave arp table alone - set to 32.
net.ipv4.neigh.default.gc_thresh1 = 32
# Adjust to arp table gc to clean-up more often
net.ipv4.neigh.default.gc_interval = 30
# Increase TCP queue length
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.unres_qlen = 6
# Enable Explicit Congestion Notification (RFC 3168), disable it if it doesn't work for you
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_reordering = 3
# How many times to retry killing an alive TCP connection
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3
# Avoid falling back to slow start after a connection goes idle
# keeps our cwnd large with the keep alive connections (kernel > 3.6)
net.ipv4.tcp_slow_start_after_idle = 0
# Allow the TCP fastopen flag to be used, beware some firewalls do not like TFO! (kernel > 3.7)
net.ipv4.tcp_fastopen = 3
# This will enusre that immediatly subsequent connections use the new values
net.ipv4.route.flush = 1
net.ipv6.route.flush = 1
config default server nginx
https://gist.github.com/goeroeku/bfdb442710399ed984009ace4bae0ee5
install nginx php maridb on arch
https://situsali.com/install-nginx-php-dan-mariadb-di-arch-linux/
install mariadb 10.4 debian 9
https://computingforgeeks.com/how-to-install-mariadb-10-4-on-debian-9-debian-8/
https://stackoverflow.com/questions/202205/how-to-make-mysql-handle-utf-8-properly
https://www.linuxbabe.com/linux-server/install-apache-mariadb-and-php7-lamp-stack-on-ubuntu-16-04-lts
DB="bismart"; ( echo 'ALTER DATABASE '"$DB"' CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;'; mysql -uroot -pdbstematel "$DB" -e "SHOW TABLES" --batch --skip-column-names | xargs -I{} echo 'ALTER TABLE '{}' CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;' ) | mysql -uroot -pdbstematel "$DB"
Jika menggunakan docker ada error beda versi (dengan image jbergstroem/mariadb-alpine, gunakan mysql_upgrade dari image yobasystems/alpine-mariadb:
https://stackoverflow.com/questions/16177465/column-count-of-mysql-proc-is-wrong-expected-20-found-16-the-table-is-probabl
mariadb/mysql tunning perfomance
https://gist.github.com/fevangelou/fb72f36bbe333e059b66
mysql tunning:
disable strict SQL_MODE u/ mariadb 10.4.x:
nginx & php tunning:
perfomance test:
==monitoring
https://github.com/kmvan/x-prober
https://github.com/n-st/nench
https://github.com/teddysun/across
https://cromwell-intl.com/open-source/performance-tuning/disks.html
https://gist.github.com/marianposaceanu/5629740 -- tunning disk I/O
https://www.cipheronic.com/kvm-performance-tuning/ -- kvm
https://rotelok.com/enable-ksm-centos7-debian/ -- ksm
https://wiki.archlinux.org/index.php/QEMU#Enabling_KSM
https://www.atlantic.net/vps-hosting/install-and-configure-varnish-cache-with-nginx-web-server-on-ubuntu-18-04 == install varnis
==contoh cbt live result using webmin
jumlah perseta : 825
jumlah mapel : 44
jumlah soal : 4000
ram : 3% x 50gb => ~2GB
cpu : 30% x 8core => ~3Core
SSL: