We always use this configuration on our small vps i.e. 4cpu, 16gb ram,

recently we started caping iops & io to 2048, 8mb/s respectively (we're yet to see how it goes), we were not caping those before but the following config we are using throughout the year i guess, of course also we constantly tune database thanks to releem.. P.S. nproc we set to 150 on every package because we found unsual queuing chocking the server with 1024, 8mb/s iops and io while nproc was 50 first and even after set to 100...

cPFence any suggestions?

vm.overcommit_memory = 1
vm.swappiness=10
vm.vfs_cache_pressure=100
vm.dirty_background_ratio = 5
vm.dirty_ratio = 20

    pratik_asabe

    We prefer to keep it at the defaults:

    vm.overcommit_memory = 0
    vm.swappiness = 60
    vm.vfs_cache_pressure = 100
    vm.dirty_background_ratio = 10
    vm.dirty_ratio = 20

    Swap size is set to 4 GB (never larger than this, no matter how much RAM is installed).

    We also apply the cgroups limits mentioned above and set max_user_connections=25 in MariaDB. If a user causes trouble, we simply add them to the Owl blacklist and move on. This setup works well for us.

      Kosta we have done a extensive testing in past and these are the optimal stable* settings we ever found out, so when you use 50 in cache pressure the kernal the becomes more aggressive in term of memory usage (correct me if im saying something wrong) in my experience of being a decent sys admin and setting up so many servers i think these are the sweet spot values, and yes these may not work for everyone!

      cPFence Interesting! i'll definitely test your suggested config and share my experiences.. i agree sometimes default works like a charm than over-tweaking like we did, we spend almost3-4 months in R&D setting these values to find out stable* config.. lol..

        cPFence set max_user_connections=25 in MariaDB

        btw, do you use max_connections paired with max_user_connections? like,

        max_connections = 151
        max_user_connections = 25

          pratik_asabe

          Yes, for max_connections, ensure the value is high enough to handle expected peak traffic but not so high that it overwhelms server resources.

          Monitor the Max_used_connections status variable in MariaDB to see the highest number of simultaneous connections used on your server. (Note: This value resets after a MariaDB restart, so make sure to check it after peak hours to get a clear picture.) Adjust max_connections if you frequently approach this limit. For example, if your max used connections consistently stays around 100, leaving the default of 151 is perfectly fine.

          Here’s a script we use to display the values on our servers:
          https://gist.github.com/cPFence/98c359cfade030fd62adb6681312a97a
          It provides a quick overview of the most important metrics.

            Kosta seems like a good system admin great work

            When you're in IT you're constantly learning, no matter how far you've come...

            Kosta enhance team need to be the asset to this community not cpfance

            cpfence is just doing what community member should be doing, adding value and helping other members.. you should try it sometimes 😉

              Kosta no cpfance just promoting his services lol

              And is that a crime in any way?! his product is based on enhance itself, he obviously will not promote in cpanel or DA forums lol.. its a win win when you add value to community and help'em, you also gets promoted naturally, its a old but proven strategy, and above all strategy or not, promoting or not, helping community is always good, there's no harm in it!

                Kosta yeah the problem is that enhance team need to be the asset to this community not cpfance

                They already are. They built the awesome software that made this community possible in the first place.

                Kosta no cpfance just promoting his services lol

                Just so you know, cPFence isn’t even profitable at the current size of this small community. We’re keeping it going only for two reasons:

                1. It was initially built for our own servers, and this community has helped us improve it significantly.
                2. We believe Enhance will capture a big portion of the market, and we aim to be the go-to Swiss Army knife for Enhance server admins when that happens. That’s when we hope to make a profit.

                To achieve this goal, we use legit tactics, provide value to the community, and build a great security tool at a steal price.

                  pratik_asabe it’s great for start up with cpguard or cpfance however on the end I think we to comply with NIS2 or ISO.. we need much bigger security solutions… my opinion.
                  This has been discussed with ISO certification person.
                  Until we run some pan testing, we won’t know for sure.

                    Kosta atleast he is doing it while adding value, i dont see anything bad about it, he is also improving a quite interesting product that might be the leading solution when enhance gets bigger

                      Follow @enhancecp