1

I wonder how I could improve the performance of my server? It is configured with Ubuntu 18.04 (LTS), 4 GB RAM, 100 GB SSD, 2 CPU, with Nginx 1.14.0 and PHP 7.2-fpm to handle running and serving a site that generates dynamic pages from a database. PHP has OP cache enabled. I would like to improve current setup without Varnish or proxy, just a plain Nginx with PHP setup.

Monitoring when load testing with 500 concurrent visitors, it reveals that CPU usage immediately jumps to 100% with PHP using the majority, 65% and SQL 15%. Memory usage is about 2,5Gb with 0,75Gb free and the swapfile untouched. When visiting the site during the test, there are 502 errors.

The logs, php7.2-fpm.log:

[12-May-2020 17:21:13] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 8 children, there are 0 idle, and 9 total children [12-May-2020 17:21:14] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 16 children, there are 0 idle, and 10 total children [12-May-2020 17:21:15] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 0 idle, and 11 total childr

And in /var/log/nginx/error.log

2020/05/12 17:22:35 [error] 2936#2936: *25711 connect() to unix:/var/run/php/php7.2-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: [IPADDRESS], server: [DOMAINNAME], request: "GET /[URL] HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "[HOSTNAME]"

Below are the configurations of Nginx and PHP

relevant settings in /etc/php/7.2/fpm/pool.d/www.conf:

listen = /run/php/php7.2-fpm.sock pm = dynamic pm.max_children = 150 pm.start_servers = 4 pm.min_spare_servers = 1 pm.max_spare_servers = 8 pm.max_requests = 250

/etc/nginx/nginx.conf:

user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 2048; multi_accept off; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; # server_tokens off; client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 100m; large_client_header_buffers 4 8k; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; client_body_timeout 12; client_header_timeout 12; keepalive_timeout 15; send_timeout 10; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_comp_level 2; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }

/etc/nginx/sites-available/[SITENAME]:

server { listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/[SITENAME]/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/[SITENAME]/privkey.pem; # managed by Certbot #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot server_name [SITENAME]; root /home/[SITENAME]/domains/[SITENAME]/public_html/web; index index.php index.html index.htm index.nginx-debian.html; location / { #try_files $uri $uri/ =404; try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; } } server { listen 443 ssl; # managed by Certbot server_name [SITENAME]; return 301 https://[SITENAME]$request_uri; ssl_certificate /etc/letsencrypt/live/[SITENAME]/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/[SITENAME]/privkey.pem; # managed by Certbot } server { if ($host = [SITENAME]) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name [SITENAME]; return 404; # managed by Certbot } server { listen 80; if ($host = [SITENAME]) { return 301 https://$host$request_uri; } # managed by Certbot server_name [SITENAME]; return 404; # managed by Certbot }
Improve this question
3
  • My understanding is that Varnish Cache doesn't do SSL unless you have a paid licence. That may have changed but it was the reason I stopped using it. Nginx as a Reverse Proxy to Apache works very well for performance. I needed to manually enable AIO Threads with Nginx. Not sure if it is threaded by default. Commented May 13, 2020 at 9:49
  • Thanks for your remarks Admiral, I would like to improve current setup without Varnish or proxy, just a plain Nginx with php setup Commented May 13, 2020 at 9:52
  • 1
    @Admiral Noisy Bottom Varnish doesn't really need to support TLS, because nowadays there is a vast array of TLS termination software: Hitch, NGINX for example - all can be used as lightweight TLS terminators. And with recent versions of both Varnish and e.g. Hitch you can even use UNIX sockets for inter-process communication so having TLS done in a standalone software will have virtually zero performance impact. Commented May 13, 2020 at 19:51

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.