<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en-us" />
<meta name="ROBOTS" content="ALL" />
<meta http-equiv="imagetoolbar" content="no" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<meta name="Keywords" content="cherokee web server httpd http" />
<meta name="Description" content="Cherokee is a flexible, very fast, lightweight Web server. It is implemented entirely in C, and has no dependencies beyond a standard C library. It is embeddable and extensible with plug-ins. It supports on-the-fly configuration by reading files or strings, TLS/SSL (via GNUTLS or OpenSSL), virtual hosts, authentication, cache friendly features, PHP, custom error management, and much more." />
<link href="media/css/cherokee_doc.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<h2 id="_a_href_index_html_index_a_8594_a_href_other_html_other_information_a"><a href="index.html">Index</a> → <a href="other.html">Other information</a></h2>
<div class="sectionbody">
</div>
<h2 id="_other_system_tuning">Other: System Tuning</h2>
<div class="sectionbody">
<div class="paragraph"><p>Depending on the environment you are running Cherokee into, the
default OS setting might require adjustments. In most cases the
default settings work fine for low-cost, commodity hardware. However,
if you are running Cherokee in a high-end or benchmark environment,
it’s recommended to check the following parameters.</p></div>
<div class="paragraph"><p>Please, bear in mind that values in the examples suppose Cherokee
running on a system with at least 2GB of memory.</p></div>
<h3 id="linux">Linux</h3><div style="clear:left"></div>
<div class="paragraph"><p>The Linux kernel can auto-configure many of its internal limits
regarding memory sizes and resources. However, there are some tweaks
that we recommend you to configure by hand, including:</p></div>
<h4 id="_time">Time</h4>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_timestamps</tt>: Timestamps as defined in RFC1323.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 0 > /proc/sys/net/ipv4/tcp_timestamps</tt></pre>
</div></div>
<h4 id="_ephemeral_port_range">Ephemeral port range</h4>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/ip_local_port_range</tt>: Range of local ports for
outgoing connections. Actually quite small by default, 1024 to
4999.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo "1024 65535" > /proc/sys/net/ipv4/ip_local_port_range</tt></pre>
</div></div>
<h4 id="_listen_queue">Listen queue</h4>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_syncookies</tt>: Without SYN cookies, a much
larger value for tcp_max_syn_backlog is required, but this consumes
additional kernel memory and scales poorly (the hash table that
stores the SYN records is of a fixed size).</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 1 > /proc/sys/net/ipv4/tcp_syncookies</tt></pre>
</div></div>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_orphan_retries</tt>: How may times to retry before
killing TCP connection, closed by our side. Default value 7
corresponds to 50sec-16min depending on RTO. If your machine is a
loaded WEB server, you should think about lowering this value, such
sockets may consume significant resources. Cf. tcp_max_orphans.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 2 > /proc/sys/net/ipv4/tcp_orphan_retries</tt></pre>
</div></div>
<h4 id="_time_wait">TIME_WAIT</h4>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_max_tw_buckets</tt>: Maximal number of timewait
sockets held by the system simultaneously. If this number is
exceeded time-wait socket is immediately destroyed and a warning is
printed. This limit exists only to prevent simple DoS attacks, you
<em>must</em> not lower the limit artificially, but rather increase it
(probably, after increasing installed memory), if network
conditions require more than the default value.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 1800000 > /proc/sys/net/ipv4/tcp_max_tw_buckets</tt></pre>
</div></div>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_tw_recycle</tt>: Enable fast recycling TIME-WAIT
sockets. Default value is 1. It should not be changed without
advice/request of technical experts.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle</tt></pre>
</div></div>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_fin_timeout</tt>: Time to hold socket in state
FIN-WAIT-2, if it was closed by our side. Peer can be broken and
never close its side, or even died unexpectedly. Default value is
60sec. Usual value used in 2.2 was 180 seconds, you may restore it,
but remember that if your machine is even underloaded WEB server,
you risk to overflow memory with kilotons of dead sockets,
FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they
eat maximum 1.5K of memory, but they tend to live longer. Cf.
tcp_max_orphans.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout # Benchmarking / Stressing</tt></pre>
</div></div>
<h4 id="_network_buffer_size">Network buffer size</h4>
<div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_mem</tt>: Determines how the TCP stack should
behave for memory usage; each count is in memory pages (typically
4KB). The first value is the low threshold for memory usage. The
second value is the threshold for a memory pressure mode to begin
to apply pressure to buffer usage. The third value is the maximum
threshold. At this level, packets can be dropped to reduce memory
usage. Increase the count for large BDP (but remember, it’s memory
pages, not bytes).</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo "50576 64768 98152" > /proc/sys/net/ipv4/tcp_mem
echo "128000 200000 262144" > /proc/sys/net/ipv4/tcp_mem # 1Gb</tt></pre>
</div></div>
<h4 id="_file_descriptors">File descriptors</h4>
<div class="paragraph"><p><tt>/proc/sys/fs/file-max</tt>: This is basically the number of file
descriptors available in the kernel. Which also affects the number
of fd’s a process can have open. For large sites you will
definitely need to upgrade this, and for some OS’es you will need
to use ulimit to increase the number of fds available for the
server process.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>echo 32767 > /proc/sys/fs/file-max
echo 2097152 > /proc/sys/fs/file-max</tt></pre>
</div></div>
<h3 id="_macos_x_and_bsd">MacOS X and BSD</h3><div style="clear:left"></div>
<div class="paragraph"><p>Most of the following parameters apply to BSD systems and MacOS X:</p></div>
<h4 id="_listen_queue_2">Listen queue</h4>
<div class="paragraph"><p><tt>kern.ipc.somaxconn</tt>: This tuning increases the listen queue size for
the OS (from a default value of 128), which enables the operating
system to accept a greater number of new connections.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl –w kern.ipc.somaxconn=2048</tt></pre>
</div></div>
<div class="paragraph"><p><tt>net.core.netdev_max_backlog</tt>: This queue will build up in size when
an interface receives packets faster than the kernel can process
them. If this queue is too small (default is 300), we will begin to
loose packets at the receiver, rather than on the network. One can
set this value by:</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl –w sys.net.core.netdev_max_backlog=2500</tt></pre>
</div></div>
<h4 id="_time_wait_2">TIME_WAIT</h4>
<div class="paragraph"><p><tt>net.inet.tcp.msl</tt>: After the connection was closed the socket enters
the TIME_WAIT state. In this state it can live for 60 seconds by
default. This time can be changed with sysctl (in milliseconds
divided by 2. 2×30000 MSL = 60 seconds).</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl -w "net.inet.tcp.msl=5000"</tt></pre>
</div></div>
<h4 id="_ephemeral_port_range_2">Ephemeral port range</h4>
<div class="paragraph"><p><tt>net.inet.ip.portrange.first</tt>: Outgoing connection are bind to the
ports from the 49152 – 65535 range (16 thousands). Depending on
the load of your server, it may be good to lower the <tt>first</tt> value
(1024 – 65535). This parameter is specially important if keepalive
is not being used.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl -w "net.inet.ip.portrange.first=2048"</tt></pre>
</div></div>
<h4 id="_file_descriptors_2">File Descriptors</h4>
<div class="paragraph"><p><tt>kern.maxfiles</tt>: This parameter sets the file descriptor limit of the
system, which allows Cherokee to handle more concurrent
connections.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl -w "kern.maxfiles=2097152"</tt></pre>
</div></div>
<div class="paragraph"><p><tt>kern.maxfilesperproc</tt>: Maximum number of open descriptors per
process.</p></div>
<div class="listingblock">
<div class="content">
<pre><tt>/sbin/sysctl -w "kern.maxfilesperproc=65536"</tt></pre>
</div></div>
</div>
<div id="footer">
<div id="footer-text">
</div>
</div>
</body>
</html>
