Addressing High Server Load Issues On Enhance Servers
- Edited
We always use this configuration on our small vps i.e. 4cpu, 16gb ram,
recently we started caping iops & io to 2048, 8mb/s respectively (we're yet to see how it goes), we were not caping those before but the following config we are using throughout the year i guess, of course also we constantly tune database thanks to releem.. P.S. nproc we set to 150 on every package because we found unsual queuing chocking the server with 1024, 8mb/s iops and io while nproc was 50 first and even after set to 100...
cPFence any suggestions?
vm.overcommit_memory = 1
vm.swappiness=10
vm.vfs_cache_pressure=100
vm.dirty_background_ratio = 5
vm.dirty_ratio = 20
pratik_asabe change vfs to 50 let me know is it better
We prefer to keep it at the defaults:
vm.overcommit_memory = 0
vm.swappiness = 60
vm.vfs_cache_pressure = 100
vm.dirty_background_ratio = 10
vm.dirty_ratio = 20
Swap size is set to 4 GB (never larger than this, no matter how much RAM is installed).
We also apply the cgroups limits mentioned above and set max_user_connections=25 in MariaDB. If a user causes trouble, we simply add them to the Owl blacklist and move on. This setup works well for us.
Kosta we have done a extensive testing in past and these are the optimal stable* settings we ever found out, so when you use 50 in cache pressure the kernal the becomes more aggressive in term of memory usage (correct me if im saying something wrong) in my experience of being a decent sys admin and setting up so many servers i think these are the sweet spot values, and yes these may not work for everyone!
cPFence Interesting! i'll definitely test your suggested config and share my experiences.. i agree sometimes default works like a charm than over-tweaking like we did, we spend almost3-4 months in R&D setting these values to find out stable* config.. lol..
cPFence set max_user_connections=25 in MariaDB
btw, do you use max_connections paired with max_user_connections? like,
max_connections = 151
max_user_connections = 25
- Edited
Yes, for max_connections
, ensure the value is high enough to handle expected peak traffic but not so high that it overwhelms server resources.
Monitor the Max_used_connections
status variable in MariaDB to see the highest number of simultaneous connections used on your server. (Note: This value resets after a MariaDB restart, so make sure to check it after peak hours to get a clear picture.) Adjust max_connections
if you frequently approach this limit. For example, if your max used connections consistently stays around 100, leaving the default of 151 is perfectly fine.
Here’s a script we use to display the values on our servers:
https://gist.github.com/cPFence/98c359cfade030fd62adb6681312a97a
It provides a quick overview of the most important metrics.
cPFence Thanks, you're really the asset to this community!
pratik_asabe you spend months and you still looking to tweak it, seems like a good system admin great work
pratik_asabe yeah the problem is that enhance team need to be the asset to this community not cpfance
Kosta seems like a good system admin great work
When you're in IT you're constantly learning, no matter how far you've come...
Kosta enhance team need to be the asset to this community not cpfance
cpfence is just doing what community member should be doing, adding value and helping other members.. you should try it sometimes
pratik_asabe no cpfance just promoting his services lol
Kosta no cpfance just promoting his services lol
And is that a crime in any way?! his product is based on enhance itself, he obviously will not promote in cpanel or DA forums lol.. its a win win when you add value to community and help'em, you also gets promoted naturally, its a old but proven strategy, and above all strategy or not, promoting or not, helping community is always good, there's no harm in it!
Kosta yeah the problem is that enhance team need to be the asset to this community not cpfance
They already are. They built the awesome software that made this community possible in the first place.
Kosta no cpfance just promoting his services lol
Just so you know, cPFence isn’t even profitable at the current size of this small community. We’re keeping it going only for two reasons:
- It was initially built for our own servers, and this community has helped us improve it significantly.
- We believe Enhance will capture a big portion of the market, and we aim to be the go-to Swiss Army knife for Enhance server admins when that happens. That’s when we hope to make a profit.
To achieve this goal, we use legit tactics, provide value to the community, and build a great security tool at a steal price.
pratik_asabe it’s great for start up with cpguard or cpfance however on the end I think we to comply with NIS2 or ISO.. we need much bigger security solutions… my opinion.
This has been discussed with ISO certification person.
Until we run some pan testing, we won’t know for sure.