<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Language" content="en-us" /> <meta name="ROBOTS" content="ALL" /> <meta http-equiv="imagetoolbar" content="no" /> <meta name="MSSmartTagsPreventParsing" content="true" /> <meta name="Keywords" content="cherokee web server httpd http" /> <meta name="Description" content="Cherokee is a flexible, very fast, lightweight Web server. It is implemented entirely in C, and has no dependencies beyond a standard C library. It is embeddable and extensible with plug-ins. It supports on-the-fly configuration by reading files or strings, TLS/SSL (via GNUTLS or OpenSSL), virtual hosts, authentication, cache friendly features, PHP, custom error management, and much more." /> <link href="media/css/cherokee_doc.css" rel="stylesheet" type="text/css" media="all" /> </head> <body> <h2 id="_a_href_index_html_index_a_8594_a_href_other_html_other_information_a"><a href="index.html">Index</a> → <a href="other.html">Other information</a></h2> <div class="sectionbody"> </div> <h2 id="_other_system_tuning">Other: System Tuning</h2> <div class="sectionbody"> <div class="paragraph"><p>Depending on the environment you are running Cherokee into, the default OS setting might require adjustments. In most cases the default settings work fine for low-cost, commodity hardware. However, if you are running Cherokee in a high-end or benchmark environment, it’s recommended to check the following parameters.</p></div> <div class="paragraph"><p>Please, bear in mind that values in the examples suppose Cherokee running on a system with at least 2GB of memory.</p></div> <h3 id="linux">Linux</h3><div style="clear:left"></div> <div class="paragraph"><p>The Linux kernel can auto-configure many of its internal limits regarding memory sizes and resources. However, there are some tweaks that we recommend you to configure by hand, including:</p></div> <h4 id="_time">Time</h4> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_timestamps</tt>: Timestamps as defined in RFC1323.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 0 > /proc/sys/net/ipv4/tcp_timestamps</tt></pre> </div></div> <h4 id="_ephemeral_port_range">Ephemeral port range</h4> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/ip_local_port_range</tt>: Range of local ports for outgoing connections. Actually quite small by default, 1024 to 4999.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo "1024 65535" > /proc/sys/net/ipv4/ip_local_port_range</tt></pre> </div></div> <h4 id="_listen_queue">Listen queue</h4> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_syncookies</tt>: Without SYN cookies, a much larger value for tcp_max_syn_backlog is required, but this consumes additional kernel memory and scales poorly (the hash table that stores the SYN records is of a fixed size).</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 1 > /proc/sys/net/ipv4/tcp_syncookies</tt></pre> </div></div> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_orphan_retries</tt>: How may times to retry before killing TCP connection, closed by our side. Default value 7 corresponds to 50sec-16min depending on RTO. If your machine is a loaded WEB server, you should think about lowering this value, such sockets may consume significant resources. Cf. tcp_max_orphans.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 2 > /proc/sys/net/ipv4/tcp_orphan_retries</tt></pre> </div></div> <h4 id="_time_wait">TIME_WAIT</h4> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_max_tw_buckets</tt>: Maximal number of timewait sockets held by the system simultaneously. If this number is exceeded time-wait socket is immediately destroyed and a warning is printed. This limit exists only to prevent simple DoS attacks, you <em>must</em> not lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than the default value.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 1800000 > /proc/sys/net/ipv4/tcp_max_tw_buckets</tt></pre> </div></div> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_tw_recycle</tt>: Enable fast recycling TIME-WAIT sockets. Default value is 1. It should not be changed without advice/request of technical experts.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle</tt></pre> </div></div> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_fin_timeout</tt>: Time to hold socket in state FIN-WAIT-2, if it was closed by our side. Peer can be broken and never close its side, or even died unexpectedly. Default value is 60sec. Usual value used in 2.2 was 180 seconds, you may restore it, but remember that if your machine is even underloaded WEB server, you risk to overflow memory with kilotons of dead sockets, FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they eat maximum 1.5K of memory, but they tend to live longer. Cf. tcp_max_orphans.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout # Benchmarking / Stressing</tt></pre> </div></div> <h4 id="_network_buffer_size">Network buffer size</h4> <div class="paragraph"><p><tt>/proc/sys/net/ipv4/tcp_mem</tt>: Determines how the TCP stack should behave for memory usage; each count is in memory pages (typically 4KB). The first value is the low threshold for memory usage. The second value is the threshold for a memory pressure mode to begin to apply pressure to buffer usage. The third value is the maximum threshold. At this level, packets can be dropped to reduce memory usage. Increase the count for large BDP (but remember, it’s memory pages, not bytes).</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo "50576 64768 98152" > /proc/sys/net/ipv4/tcp_mem echo "128000 200000 262144" > /proc/sys/net/ipv4/tcp_mem # 1Gb</tt></pre> </div></div> <h4 id="_file_descriptors">File descriptors</h4> <div class="paragraph"><p><tt>/proc/sys/fs/file-max</tt>: This is basically the number of file descriptors available in the kernel. Which also affects the number of fd’s a process can have open. For large sites you will definitely need to upgrade this, and for some OS’es you will need to use ulimit to increase the number of fds available for the server process.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>echo 32767 > /proc/sys/fs/file-max echo 2097152 > /proc/sys/fs/file-max</tt></pre> </div></div> <h3 id="_macos_x_and_bsd">MacOS X and BSD</h3><div style="clear:left"></div> <div class="paragraph"><p>Most of the following parameters apply to BSD systems and MacOS X:</p></div> <h4 id="_listen_queue_2">Listen queue</h4> <div class="paragraph"><p><tt>kern.ipc.somaxconn</tt>: This tuning increases the listen queue size for the OS (from a default value of 128), which enables the operating system to accept a greater number of new connections.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl –w kern.ipc.somaxconn=2048</tt></pre> </div></div> <div class="paragraph"><p><tt>net.core.netdev_max_backlog</tt>: This queue will build up in size when an interface receives packets faster than the kernel can process them. If this queue is too small (default is 300), we will begin to loose packets at the receiver, rather than on the network. One can set this value by:</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl –w sys.net.core.netdev_max_backlog=2500</tt></pre> </div></div> <h4 id="_time_wait_2">TIME_WAIT</h4> <div class="paragraph"><p><tt>net.inet.tcp.msl</tt>: After the connection was closed the socket enters the TIME_WAIT state. In this state it can live for 60 seconds by default. This time can be changed with sysctl (in milliseconds divided by 2. 2×30000 MSL = 60 seconds).</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl -w "net.inet.tcp.msl=5000"</tt></pre> </div></div> <h4 id="_ephemeral_port_range_2">Ephemeral port range</h4> <div class="paragraph"><p><tt>net.inet.ip.portrange.first</tt>: Outgoing connection are bind to the ports from the 49152 – 65535 range (16 thousands). Depending on the load of your server, it may be good to lower the <tt>first</tt> value (1024 – 65535). This parameter is specially important if keepalive is not being used.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl -w "net.inet.ip.portrange.first=2048"</tt></pre> </div></div> <h4 id="_file_descriptors_2">File Descriptors</h4> <div class="paragraph"><p><tt>kern.maxfiles</tt>: This parameter sets the file descriptor limit of the system, which allows Cherokee to handle more concurrent connections.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl -w "kern.maxfiles=2097152"</tt></pre> </div></div> <div class="paragraph"><p><tt>kern.maxfilesperproc</tt>: Maximum number of open descriptors per process.</p></div> <div class="listingblock"> <div class="content"> <pre><tt>/sbin/sysctl -w "kern.maxfilesperproc=65536"</tt></pre> </div></div> </div> <div id="footer"> <div id="footer-text"> </div> </div> </body> </html>