We fixed this with offering unlimited disk I/O and unlimited IOPS with a limited NPROC set to around 30-50 according the plan, and never have faced such issues from past 1 year or so. RAM and CPU are limited though, but even with heavy e-commerce websites generating over $2000 a month, play happily with our 4 vCPU and 4GB RAM shared environment. It depends on how well the site is optimized and the database queries.
As said by @cPFence above, Cloudlinux limits are very different as compared to hard limits cgroups by Enhance.

@gmakhs using the same limits nproc 30 on OLS we had 503. using nginx the website runs smoothly (both without caching). i dunno maybe its how OLS spawns its processes.... (honestly did not try to fiddle/tweak the config in OLS as the changes are lost).

Here are our findings after doing months of trials n tests when we switched from cloudlinux to enhance,

First of all, always always prefer dedicated server or VPS with dedicated resources, do not prefer vps with shared cpu unless you're just hosting 1 or max 3 websites with average traffic, also prefer good provider, follow this respectively as per your need and situation.. and always choose NVMe (recomended) or SSD disk..

Use ram:swap in 2:1 ratio, like if your server has 16 GB RAM then use at least 8 GB of swap (again NVMe disk recommended)

then set following base optimization config at bottom in /etc/sysctl.conf
(now, be careful here, you should monitor and if this works for you then great otherwise tweak it till you find stable spot)

vm.swappiness=10
vm.vfs_cache_pressure=100
vm.dirty_background_ratio = 5
vm.dirty_ratio = 20

and lastly,
We typically use this as basic plan to start,

1 vCPU
2 GB RAM
IO Unlimited
IOPS Unlimited
35 or 40 NPROC

Hope this helps... play around you'll find what works best for you...

With 35 NPROC i was in the same boat of the error 503 (using OLS). Than i had to set to 50 for small website and 100 for ecommerce/bigger website, but mall website sometimes gave 503 anyway. So so I turned everything up to 100 NPROC (like i had in Plesk) and now i have no 503, and so I just tune cpu/ram. I'm fine with this config, because a small delay on a website is a lot better than a 503.

    Vendoz We have a large e commerce site, doing over $4500k/month transactions, and nproc we placed is 50 because before 25 was causing troubles for them, so i can say what kinda server you use plays vital part in it all, resource limit is secondary...

      gmakhs No, we always stay within 0.85, 0.60 range, and we host 17 websites on same server, in which couple of them are high traffic and others are mostly low to idle..

      P.S. we did our own optimization to db (my.cnf) and overall server.. also OLS + LSCACHE + REDIS, its all combine efforts..

      gmakhs current server has more resources to allocate than that , and it's fairly empty , the issue Is caused from one website, load jumps from 0.60-080 to 70-120, I see that more people are struggling with similar issues, and the fact that same setting on enhance , with cl and same website, shows that something is wrong with the limits, I will keep poking around and hopefully eventually will figure it out .

      Even if your server has plenty of resources and is mostly empty, a single user can still overload it.

      Want to see it in action? Try this:

      su - testuser -c "stress --cpu "2" --timeout 3600 &"

      Run this command 10-15 times, and you’ll see the impact. ( run pkill -f "stress --cpu" to stop them )

      Yes, CloudLinux is far more advanced than cgroups and is an excellent product, but with Enhance’s cgroups combined with containerization, you can get the job done for free if you know what you’re doing and follow best practices. The only real issue you might face is MySQL abuse.

      pratik_asabe It could be, i'm not saying you're wrong, but precisely because you have a large website doing over 4k/month I don't understand the point of taking on the risk of setting 20/30/40/50 NPROCS when you would sleep safely with 100 (and if you're already limiting cpu/ram it will never overload). Black friday sales, christmas, intensive backend operations, analytics, everything could create problems if you're joking with the limit.

      In Enhance i only host 60+ sites and I have to migrate another 300+ though the end of 2025, so for me it makes more sense to create a solid setup with as few risks as possible more than to try to limit resources to the minimum possible, otherwise I would be bombarded with tickets or calls. Also because I come from Plesk where 100 NPROC is the default and in fact I had no issue with 503 at all, so even though 100 will be an overkill for many, this setup is just safer for me, but i understand your point 🙂

        Vendoz Like i said, ultimately you have to play around and find what works best for you, what worked for us might not work for you or anyone else but its a starting point for you.. and yes you're absolutely right the backend operations and all can cause significant problems when spike happens.. monitor and tweak and let us know what works for you so we can all learn as well 🙂

        it seems like we are offering too much with our plans, looking at these recommendations lol.

        about last cuestion made by gmakhs

        we use NPROC 50 for basic hosting, 100 for normal and 200 for high or nodeJS.

          18 days later

          josedieguez Thats intresting are you using litespeed? do you have the default settings?

          My understanding is that running the web server in native mode, runs the php under the web server and not the user container,
          This allows the user to use all available CPU, I did a test with a user with 2 core CPU and he managed to use 6 , all that by php processes on a normal wordpress website using loader io and other tools
          I wonder if enabling suexec and run php within users directory will solve the issue .

          https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:php:which_php_setup_am_i_using

          If I am right PHP external app should be added by enhance on setups, or we need a guide to set it up properly and make sure it won't be messed up on updates .

          Su exec is also one of the main differences between my enhance and DA +cl server

            gmakhs That's a good finding, and we too have come across it a few times, with mostly hacked wordpress websites using up all the CPU, the monitoring tells us, where the issue is, and we check the account for issues, but as per the enhance team with cgroups this shouldn't happen. @Adam could you please chime in?

              prasad0889

              cgroups CPU limits can't be bypassed as they're enforced at the kernel level, but high server load can still occur if users are allocated too much CPU, leading to waiting tasks and contention. Other resources like disk I/O or RAM can also become bottlenecks. So, it's important to set ALL limits wisely to keep things under control.

              CloudLinux simplifies this by automatically managing resource limits, but when relying solely on cgroups, you need to carefully tweak settings and optimize limits to ensure balanced performance.

                cPFence

                If the php proccees is not spawned within the user cggroup limits won't effect it correct ?
                You keep mentioning the right limits but honestly I haven't find something that doesn't impact the users negatively while stopping those.load peaks .
                The test I did is simple

                Cloned a website, in both DA + CL and enhance, same hardware and same resources
                Sent loads with loader io, the load was not big enough to cause issues with the server but big enough to be seen in top clearly .

                Difference in behaviour : DA+ CL server the USER of the website gets 200% CPU (2 core ) and if the nprocs are exceeded the user gets 503(503 is different behaviour all together because of the limit of EP that's extra on cl )

                Now on enhance I don't see high CPU usage on the user , but as I see it as anonymous user as it's explained on the native setup , and the user is using 6 CPU cores.

                So to me this test shows me that for inbound traffic or processes the limits aren't enforced on the enhance setup, now apart from the CPU not running the use in su exec in my opinion allows the users to spawn a lot of processes which will result reaching the nproc limit and 503 , processes that would elsewise get limited from su exec and queued before the nproc is reached

                On CL server the suexec limit is set to 40 by default and entry process to 20 .

                  gmakhs Now on enhance I don't see high CPU usage on the user , but as I see it as anonymous user as it's explained on the native setup , and the user is using 6 CPU cores.

                  This isn’t the expected behavior. In our tests and daily live scenarios on many servers with the cPFence Owl module enabled, we get notified about high load immediately and haven’t encountered this issue. I recommend opening a ticket with the Enhance team to investigate further.

                  gmakhs You keep mentioning the right limits but honestly I haven't find something that doesn't impact the users negatively while stopping those.load peaks .

                  You won’t find a solution as long as you insist on giving the user 2 full cores. That’s why I’ve recommended several times before either lowering it or moving that client to a VM. Based on our tests with Enhance and other panels using cgroups without CloudLinux, this approach just doesn’t work for a busy shared hosting server.

                    cPFence
                    Tha is for your reply , I am also considering the owl module, but before I purchase your product I need to make sure I will continue with enhance in the long term for shared hosting , for cloud hosting on vms it works well .

                    The problem is not the cpu limit in my scenario the server can easily handle that, problem is that the processes aren't started within the user so the limmit is not respected .

                      gmakhs The problem is not the cpu limit in my scenario the server can easily handle that, problem is that the processes aren't started within the user so the limmit is not respected .

                      I mentioned cPFence Owl just to share that we often receive notifications about high load from the Owl, but we’ve never encountered an issue where a user bypassed CPU limits or processes ran outside their assigned limits. It might be worth reaching out to Adam about this issue to pinpoint what’s wrong with your setup, and let us know the outcome.

                      gmakhs I am also considering the owl module

                      Many Enhance users manage perfectly fine without the Owl module.

                      As long as the server has enough resources and you avoid bad plugins or themes, you should be fine without it.

                        cPFence I wanted to write thanks for your reply not that is your reply , my auto correct messed it up , but I do appreciate the time you spent trying to help and explain

                        Follow @enhancecp