Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
apache [04/01/2017 - 09:15] – [https forcieren] thommie | apache [17/08/2024 - 07:06] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== | + | ====== |
- | ===== https forcieren ===== | + | [[https:// |
+ | |||
+ | ===== Rewrite rules ===== | ||
+ | |||
+ | ==== https forcieren | ||
+ | |||
+ | '' | ||
+ | |||
+ | ==== canonical subdomain rewrite ==== | ||
+ | |||
+ | '' | ||
+ | |||
+ | ===== Header merging Content Security Policy | ||
+ | |||
+ | Mit mod_header | ||
< | < | ||
- | Redirect "/" | + | # CSP header merge for Conten-Security-Policy to allow embedding of OC contecnt |
+ | # into @netzwissen.de content | ||
+ | # Reference: | ||
+ | Header merge Content-Security-Policy | ||
+ | Header edit* Content-Security-Policy , ; | ||
</ | </ | ||
+ | Passt den CSP Header so an, dass das Einbetten von content aus ownCloud (cloud.netzwissen.de) in das CMS auf @netzwissen.de erlaubt ist: frame-ancestors ' | ||
- | ===== canonical subdomain rewrite ===== | + | vorher |
< | < | ||
- | Rewrite Engine on | + | curl -I https://cloud.netzwissen.de/index.php/apps/ |
- | RewriteCond %{HTTP_HOST} !^www.* [NC] | + | |
- | RewriteCond %{HTTP_HOST} ^owncloud\.miteinander-esslingen.de$ | + | content-security-policy: |
- | RewriteRule ^(.*) https://www.miteinander-esslingen.de/owncloud/ [L,QSA] | + | |
</ | </ | ||
- | ====== Benchmark Testing ====== | + | nachher |
- | + | ||
- | Das Benchmark Tool ist Teil von apache2-utils | + | |
< | < | ||
- | ab -n 100 -c 10 http://www.netzwissen.de/ | + | curl -I https://cloud.netzwissen.de/ |
+ | |||
+ | content-security-policy: | ||
</ | </ | ||
+ | |||
+ | ===== Benchmark Testing ===== | ||
+ | |||
+ | Das Benchmark Tool ist Teil von apache2-utils | ||
< | < | ||
- | -n requests Number of requests to perform | + | ab -n 100 -c 10 http://www.netzwissen.de/ ' |
- | -c concurrency Number of multiple requests to make | + | |
- | -t timelimit Seconds to max. wait for responses | + | |
- | -p postfile File containing data to POST | + | |
- | -T content-type Content-type header for POSTing | + | |
- | -v verbosity How much troubleshooting info to print | + | |
- | -w Print out results in HTML tables | + | |
- | -i Use HEAD instead of GET | + | |
- | -x attributes String to insert as table attributes | + | |
- | -y attributes String to insert as tr attributes | + | |
- | -z attributes String to insert as td or th attributes | + | |
- | -C attribute Add cookie, eg. ' | + | |
- | -H attribute Add Arbitrary header line, eg. ' | + | |
- | Inserted after all normal header lines. (repeatable) | + | |
- | -A attribute Add Basic WWW Authentication, | + | |
- | are a colon separated username and password. | + | |
- | -P attribute Add Basic Proxy Authentication, | + | |
- | are a colon separated username and password. | + | |
- | -X proxy:port Proxyserver and port number to use | + | |
- | -V Print version number and exit | + | |
- | -k Use HTTP KeepAlive feature | + | |
- | -d Do not show percentiles served table. | + | |
- | -S Do not show confidence estimators and warnings. | + | |
- | -g filename Output collected data to gnuplot format file. | + | |
- | -e filename Output CSV file with percentages served | + | |
- | -h Display usage information (this message) | + | |
- | -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers) | + | |
- | -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL) | + | |
</ | </ | ||
Zeile 59: | Zeile 54: | ||
< | < | ||
- | ab2 -A auth-username: | + | ab2 -A auth-username: |
</ | </ | ||
- | ====== Apache Server Tuning | + | ===== Apache Server Tuning ===== |
Quelle: [[http:// | Quelle: [[http:// | ||
- | < | + | '' |
- | Apache.conf | + | |
- | </ | + | |
To start, open the Apache configuration file and locate the directives section: If you are using nano, vi or vim: once you open the file, you can find the directives by scrolling through the file. Using VI or VIM you can also search by typing forward-slash ‘/’ and typing the exact string that you are looking for (search is case specific). | To start, open the Apache configuration file and locate the directives section: If you are using nano, vi or vim: once you open the file, you can find the directives by scrolling through the file. Using VI or VIM you can also search by typing forward-slash ‘/’ and typing the exact string that you are looking for (search is case specific). | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
The Timeout setting is the number of seconds before data " | The Timeout setting is the number of seconds before data " | ||
Zeile 80: | Zeile 71: | ||
A reasonable value is 100 for Virtual Private Servers, or heavily loaded dedicated servers. For Dedicated Servers under normal load the default value of 300 is sufficient. | A reasonable value is 100 for Virtual Private Servers, or heavily loaded dedicated servers. For Dedicated Servers under normal load the default value of 300 is sufficient. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
KeepAlive enables persistent connections on the web server. This setting should be On unless the server is getting requests from hundreds of IPs at once. High volume and/or load balanced servers should have this setting disabled Off to increase connection throughput. | KeepAlive enables persistent connections on the web server. This setting should be On unless the server is getting requests from hundreds of IPs at once. High volume and/or load balanced servers should have this setting disabled Off to increase connection throughput. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
This setting limits the number of requests allowed per persistent connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed. When using DirectAdmin, | This setting limits the number of requests allowed per persistent connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed. When using DirectAdmin, | ||
Zeile 94: | Zeile 81: | ||
It is recommended to keep this value at 100 for virtualized accounts like VPS accounts. On dedicated servers it is recommended that this value be modified to 150. | It is recommended to keep this value at 100 for virtualized accounts like VPS accounts. On dedicated servers it is recommended that this value be modified to 150. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
The number of seconds Apache will wait for another request before closing the connection. Setting this to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients. When using DirectAdmin, | The number of seconds Apache will wait for another request before closing the connection. Setting this to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients. When using DirectAdmin, | ||
Zeile 102: | Zeile 87: | ||
The default value of 10 seconds is a good value for average server performance. This value should be kept low as the socket will be idle for extended periods otherwise.It is recommended that this value be lowered to 5 on servers under heavy load. | The default value of 10 seconds is a good value for average server performance. This value should be kept low as the socket will be idle for extended periods otherwise.It is recommended that this value be lowered to 5 on servers under heavy load. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
sets the number of child server processes created on startup. As the number of processes is dynamically controlled depending on the load there is usually little reason to adjust this parameter. This value should mirror what is set in MinSpareServers. | sets the number of child server processes created on startup. As the number of processes is dynamically controlled depending on the load there is usually little reason to adjust this parameter. This value should mirror what is set in MinSpareServers. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
Sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request. If there are fewer spareservers idle then specified by this value, then the parent process creates new children at a maximum rate of 1 per second. Setting this parameter to a large number is almost always a bad idea. | Sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request. If there are fewer spareservers idle then specified by this value, then the parent process creates new children at a maximum rate of 1 per second. Setting this parameter to a large number is almost always a bad idea. | ||
- | < | + | '' |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | | + | |
- | </ | + | |
sets the desired maximum number of idle child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes. | sets the desired maximum number of idle child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
is only used if you need to set MaxClients higher than 256 (default). Do not set the value of this directive any higher than what you might want to set MaxClients to. | is only used if you need to set MaxClients higher than 256 (default). Do not set the value of this directive any higher than what you might want to set MaxClients to. | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced. | sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced. | ||
Zeile 141: | Zeile 109: | ||
For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit. this and ServerLimit should be the same or very close with MaxClients never exceeding ServerLimit. For servers under high load this value should be increased. See below for more information on how to define the maxclients directive. | For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit. this and ServerLimit should be the same or very close with MaxClients never exceeding ServerLimit. For servers under high load this value should be increased. See below for more information on how to define the maxclients directive. | ||
- | ==== How to define the MaxClients directive ==== | + | ===== How to define the MaxClients directive |
A simple calculation for MaxClients would be: (Total Memory – Critical Services Memory) / Size Per Apache process. I define Critical Services as services such as mySQL, Plesk, DirectAdmin; | A simple calculation for MaxClients would be: (Total Memory – Critical Services Memory) / Size Per Apache process. I define Critical Services as services such as mySQL, Plesk, DirectAdmin; | ||
Zeile 147: | Zeile 115: | ||
I’ve used the following commands via shell to determine values for Total Memory, OS Memory, MySQL Memory, and Apache Process Size | I’ve used the following commands via shell to determine values for Total Memory, OS Memory, MySQL Memory, and Apache Process Size | ||
- | < | + | '' |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | </ | + | |
In this case the server has 1002Mb of memory allocated, xx used by the OS itself, 21Mb used by mySQL, and each Apache thread averages about 30Mb. MaxClients = (1002 – 21) / 30 therefore MaxClients = 32.7 | In this case the server has 1002Mb of memory allocated, xx used by the OS itself, 21Mb used by mySQL, and each Apache thread averages about 30Mb. MaxClients = (1002 – 21) / 30 therefore MaxClients = 32.7 | ||
- | < | + | '' |
- | | + | |
- | </ | + | |
MaxConnectionsPerChild sets the limit on the number of connections that an individual child server process will handle. After MaxConnectionsPerChild connections, | MaxConnectionsPerChild sets the limit on the number of connections that an individual child server process will handle. After MaxConnectionsPerChild connections, | ||
Zeile 201: | Zeile 135: | ||
Thus a good configuration for this server would be: | Thus a good configuration for this server would be: | ||
- | < | + | '' |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | </ | + | |