hgc81538/gist:7e20c0badae7db7bae2696201216b7fa

## gistfile1.txt
/etc/sysctl.conf
net.core.somaxconn = 8192
net.ipv4.tcp_max_syn_backlog = 8192

// mysql
Connection failed: SQLSTATE[HY000] [1040] Too many connections
Connection failed: SQLSTATE[HY000] [2002] Resource temporarily unavailable

fix:
/etc/systemd/system/mysql.service
LimitNOFILE=infinity
LimitMEMLOCK=infinity
ref: http://stackoverflow.com/questions/30901041/can-not-increase-max-open-files-for-mysql-max-connections-in-ubuntu-15

/etc/mysql/percona-server.conf.d/mysqld.cnf
open-files-limit = 65536
max-connections = 1500
back_log = 900

/etc/php/7.0/fpm/pool.d/www.conf
listen = 127.0.0.1:9000
pm.max_children = 500
pm.start_servers = 200
pm.min_spare_servers = 100
pm.max_spare_servers = 300
pm.max_requests = 5000
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on

/etc/nginx/nginx.conf
worker_rlimit_nofile 16384;
events {
	worker_connections 12000;
}

http {
	geoip_country /usr/local/share/GeoIP/GeoIP.dat;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-available/default
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# http://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx
	server_name www.example.com;
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl http2;

	server_name www.example.com;

	#auth_basic "Under Construction";
	#auth_basic_user_file /var/www/html/.htpasswd;

	gzip on;
	gzip_types application/json;

	# set no cache header to html
	location ~ \.html$ {
		expires 0;
	}

	# stats
	location /nginx_status {
		stub_status on;
		access_log off;
		allow 1.2.3.4;
		deny all;
	}

	location ~ \.php$ {
		if ($http_user_agent ~* (Java|okhttp|Google-Apps-Script|python)) {
			return 200 '{"data":[]}';
			add_header Content-Type "application/json; charset=UTF-8";
		}

		fastcgi_param  GEOIP_COUNTRY_CODE $geoip_country_code;

		include snippets/fastcgi-php.conf;
		fastcgi_pass 127.0.0.1:9000;

		fastcgi_connect_timeout 300s;
		fastcgi_send_timeout 300s;
		fastcgi_read_timeout 300s;
		fastcgi_buffers 256 16k;
	}

	location ~ /\.ht {
		deny all;
	}
}

// postfix
relay=gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25, delay=1.3, delays=0.01/0/0.35/0.93, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b] said: 550-5.7.1 [xxxx:xxxx::xxxx:xxxx:xxxx:xxxx] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1  https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . m71si2298851pga.171 - gsmtp (in reply to end of DATA command))

fix:
/etc/postfix/main.cf
inet_protocols = ipv4

// postfix security
/etc/postfix/main.cf
inet_interfaces = loopback-only
smtp_tls_security_level = may
	/etc/sysctl.conf
	net.core.somaxconn = 8192
	net.ipv4.tcp_max_syn_backlog = 8192

	// mysql
	Connection failed: SQLSTATE[HY000] [1040] Too many connections
	Connection failed: SQLSTATE[HY000] [2002] Resource temporarily unavailable

	fix:
	/etc/systemd/system/mysql.service
	LimitNOFILE=infinity
	LimitMEMLOCK=infinity
	ref: http://stackoverflow.com/questions/30901041/can-not-increase-max-open-files-for-mysql-max-connections-in-ubuntu-15

	/etc/mysql/percona-server.conf.d/mysqld.cnf
	open-files-limit = 65536
	max-connections = 1500
	back_log = 900

	/etc/php/7.0/fpm/pool.d/www.conf
	listen = 127.0.0.1:9000
	pm.max_children = 500
	pm.start_servers = 200
	pm.min_spare_servers = 100
	pm.max_spare_servers = 300
	pm.max_requests = 5000
	php_flag[display_errors] = on
	php_admin_value[error_log] = /var/log/fpm-php.www.log
	php_admin_flag[log_errors] = on

	/etc/nginx/nginx.conf
	worker_rlimit_nofile 16384;
	events {
	worker_connections 12000;
	}

	http {
	geoip_country /usr/local/share/GeoIP/GeoIP.dat;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}

	/etc/nginx/sites-available/default
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# http://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx
	server_name www.example.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;

	server_name www.example.com;

	#auth_basic "Under Construction";
	#auth_basic_user_file /var/www/html/.htpasswd;

	gzip on;
	gzip_types application/json;

	# set no cache header to html
	location ~ \.html$ {
	expires 0;
	}

	# stats
	location /nginx_status {
	stub_status on;
	access_log off;
	allow 1.2.3.4;
	deny all;
	}

	location ~ \.php$ {
	if ($http_user_agent ~* (Java\|okhttp\|Google-Apps-Script\|python)) {
	return 200 '{"data":[]}';
	add_header Content-Type "application/json; charset=UTF-8";
	}

	fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;

	include snippets/fastcgi-php.conf;
	fastcgi_pass 127.0.0.1:9000;

	fastcgi_connect_timeout 300s;
	fastcgi_send_timeout 300s;
	fastcgi_read_timeout 300s;
	fastcgi_buffers 256 16k;
	}

	location ~ /\.ht {
	deny all;
	}
	}

	// postfix
	relay=gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25, delay=1.3, delays=0.01/0/0.35/0.93, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b] said: 550-5.7.1 [xxxx:xxxx::xxxx:xxxx:xxxx:xxxx] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . m71si2298851pga.171 - gsmtp (in reply to end of DATA command))

	fix:
	/etc/postfix/main.cf
	inet_protocols = ipv4

	// postfix security
	/etc/postfix/main.cf
	inet_interfaces = loopback-only
	smtp_tls_security_level = may