We're not actually going to change a lot at this point, just look at the main settings and see what they mean and what a change will actually do
Defaults
Why no specific changes to the default? Well, it's difficult to give a definitive configuration as there are so many variables to consider such as expected site traffic, Slice size, site type, etc.
However, we'll discuss the main settings and you can make any decisions as to what settings you feel are best for your site.
My advice is very simple: experiment. Find what works best on your setup.
apache2.conf
Open up the main CentOS Apache config file:
sudo nano /etc/httpd/conf/httpd.conf
I won't list the whole contents here but, if you are not familiar with the settings, have a read of the comments. I find them very informative and straight to the point.
Let's look at some of the main settings and what they mean (you may notice that we skip some settings but don't worry, many of them will be discussed in the 2nd Apache configuration article):
Timeout
Default:
Timeout 120
This sets (in simple terms) the maximum time, in seconds, to wait for a request, action it and the response to the request.
The default is deliberately set high to allow for varied situations. You can reduce this to something more sane, such as 45 or even lower. A decrease may also help in reducing the effects of a DOS attack.
KeepAlive
Default:
KeepAlive Off
Setting this to 'On' allows for persistent connections to a client so each file, image, etc is not requested with a new connection. This allows for more efficiency. Define the KeepAlive settings as shown below:
MaxKeepAliveRequests
Default:
MaxKeepAliveRequests 100
Now we have our persistent connection, set the maximum number of requests per connection. Keep this high more maximum efficiency. If you have a site with images, javascripts, etc, try increasing this to 200.
KeepAliveTimeout
Default:
KeepAliveTimeout 15
So how long does the persistent connection wait for the next request? The default setting is very high and can easily be reduced to 2 or 3 seconds. If no new requests are received during this time the connection is killed.
What does this mean? Well, once a connection has been established and the client has requested the files needed for the web page, this setting says "sit there and ignore everyone else until the time limit is reached or you get a new request from the client".
Why would you want a higher time? In cases where there will be a lot of interactivity on the site. However, in most cases, people will go to a page, read it for a while and then click for the next page. You don't want the connection sat there doing nothing and ignoring other users.
prefork MPM
During the Apache install we installed Apache using prefork and not Apache using worker. If you want to know more about the differences between the two I will point you towards the official Apache docs (which are actually very good).
Default:
<IfModule mpm_prefork_module> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule>
Again, it's difficult to give a suggestion here as to what is best for your site but, most the time, they can be left at the defaults.
StartServers: number of child server processes created at startup
MinSpareServers: minimum number of child server processes not doing anything (idle).
MaxSpareServers: maximum number of child server processes not doing anything (idle) - any more than the maximum will be killed.
Don't set Max lower than Min but Apache will ignore silly numbers here and set the Max at Min+1.
ServerLimit: sets the server limit
MaxClients: sets the maximum simultaneous requests that Apache will handle. Anything over this number will be queued until a process is free to action the request.
MaxClients is not the same as the maximum number of visitors you can have. It is the maximum requests.
Remember the KeepAliveTimeout? This was set low so the next request can be actioned but the original (now 'idle') client will still be sat there reading your webpage - the new (active) request will be actioned or, if the MaxClients limit has been reached, will be queued ready for the next available process.
In most cases, the client is not 'active'. Take this page. You requested it (using an active process) and then spent a while reading it which uses no processes - you are 'idle' (as far as the server is concerned!).
MaxRequestsPerChild: sets how many requests a child process will handle before terminating. The default is 4000. If you set it to 0, it will never die.
Summary
Quite a lot here but as you go through the different settings you will see that the theory is quite simple. Naturally, there is a lot more to it than this article (or set of articles) can go into.
In the second httpd.conf article we will look at other settings that will add some more efficiency and help in increasing the security of our Slice.
No comments:
Post a Comment