After months of work, I soft-launched my startup on a Linode 1024 account (hope to grow to many Linodes using a load balancer).
The startup is a self-service website creation app. You signup, create and publish a website. Think Weebly but more simple.
I plan to host a limited number of customers per Linode. As I grow I will expand and put new customers on new Linodes. Each Linode is self-sufficient -- it holds a copy of the app and all the data it needs to run the app, support its customers, and generate their websites (which are also hosted on that same Linode).
I plan to use the 1024 Linodes to grow. My stack for each Linode is as follows. And below are my configuration files (entire nginx.conf and only the important parts for the others).
My question is this: are my settings optimal for a Linode 1024 and for this type of operation? Do you see any red flags or anything I missed? Thanks for your help! And if anyone ones to try out the app message me.
-Blake
Ubuntu 10.04 LTS
PHP 5.3.10 (Suhosin patched)
MySQL 14.14 Distrib 5.1.41
nginx 1.0.12
memcached 1.4.2-1ubuntu3
php-apc 3.1.3p1-2
nginx.conf
Code:
user nginx nginx;
worker_processes 4;
worker_priority 0;
worker_cpu_affinity 1000 0100 0010 0001;
pid logs/nginx.pid;
error_log logs/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
index index.html index.php;
default_type application/octet-stream;
log_not_found off;
access_log off;
server_tokens off;
sendfile on;
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 5 5;
send_timeout 10;
#prevent buffer overflow
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 4 2k;
open_file_cache max=1000 inactive=60s;
open_file_cache_valid 90s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain text/css application/x-javascript image/png image/jpeg image/gif;
#customer sites
server {
listen 80;
server_name _ *.example.com;
if ($host ~ ^(www\.)(?<domain>.+)$) {
rewrite ^ http://$domain$request_uri? permanent;
}
root /example/sites/$host/;
open_file_cache off;
error_page 404 403 = @render;
location @render {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /example/util/render.php;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
location ~* \.(?:ico|css|js|gif|jpg|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
#app non-ssl
server {
listen 80;
server_name app.example.com;
location / {
rewrite ^ https://$server_name$request_uri permanent;
}
}
#app ssl
server {
server_name app.example.com;
listen 443;
ssl on;
ssl_certificate /etc/ssl/localcerts/app_example_com-bundle.crt;
ssl_certificate_key /etc/ssl/localcerts/app.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
ssl_ciphers HIGH:!aNULL:!MD5:!kEDH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
root /example/app-public/;
error_page 404 =200 /;
#open_file_cache off;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
location ~* \.(?:ico|css|js|gif|jpg|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
}
php.iniCode:
engine = Off
safe_mode = Off
expose_php = Off
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED
display_errors = Off
magic_quotes_gpc = Off
extension=memcached.so
session.save_handler = memcached
session.save_path = "127.0.0.1:11211"
session.use_cookies = 1
session.use_only_cookies = 1
session.cookie_httponly = Yes
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
extension=apc.so
apc.enabled=1
apc.shm_segments=1
apc.shm_size=64
apc.ttl=3600
apc.user_ttl=7200
apc.num_files_hint=150
apc.enable_cli=0
apc.optimization = 0
apc.cache_by_default = 1
;apc.filters = "apc\.php$"
apc.use_request_time = 1
php-fpm.confCode:
log_level = error
emergency_restart_threshold = 10
emergency_restart_interval = 1m
user = nginx
group = nginx
listen = 127.0.0.1:9000
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
;pm.max_requests = 500
security.limit_extensions = .php
my.cnf (I'm only using InnoDB tables)
Code:
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
max_connections = 100
table_cache = 128
thread_concurrency = 10
query_cache_limit = 2M
query_cache_size = 16M
innodb_buffer_pool_size=32M
innodb_flush_log_at_trx_commit=2
key_buffer = 16M
memcached.confCode:
-m 64
-p 11211
-u nginx
iptables -L -vCode:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19741 5389K ACCEPT all -- lo any anywhere anywhere
57314 13M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
849 50684 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
49 3136 ACCEPT tcp -- any any anywhere anywhere tcp dpt:9846
2079 117K ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
129 7886 DROP all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 58292 packets, 59M bytes)
pkts bytes target prot opt in out source destination
94 11975 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp
FAQ
Search
Members
Register
Login [ Anonymous ]
