twitter
archives
Previous page
Next page
Linux ClassRoom

Hi Friends Welcome To Linux World , In this Tutorial we will learn how to tune your apache webserver and how to make secure communication between apache web server & clients using SSL Certificates.

 

 

One of the biggest hardware issue affecting webserver performance is RAM. A webserver should never ever have to swap, as swapping increases the latency of each request beyond a point that users consider "fast enough". This causes users to hit stop and reload, further increasing the load.

 

We should, control the MaxClients setting so that web server does not spawn so many children it starts swapping. This procedure for doing this is simple: determine the size of your average Apache process, by looking at your process list via a tool such as top, and divide this into your total available memory, leaving some room for other processes.

 

 

Most Common Apache Tuning Parameters :

 

1. Remove unused modules : Modules that are not required should be removed because unused module still consume memory and other resources.

 

2. Should Use mod_disk_cache NOT mod_mem_cache :  mod_mem_cache will not share its cache among different apache processes, which results in high memory usage with little performance gain since on an active server, mod_mem_cache will rarely serve the same page twice in the same apache process.

 

3. Setup appropriate Expires, Etag, and Cache-Control Headers : To utilize cache, we must tell it when a file expires, otherwise  client will not experience the caching benefits.

 

4.Utilize mod_gzip/mod_deflate : gzip the content before sending it off and then the client will ungzip upon receipt, this will minimize the size of file transfers, it generally will help all user experience.

 

5. Turn HostnameLookups Off : if HostnameLookups is ON , it will add latency to every request because it requires a DNS lookup to complete before the request is finished.

 

 

 

6. Avoid using hostname in configs : if you have HostnameLookups off, this will prevent you from having to wait for the DNS resolve of the hostnames in your configs, use IP addresses instead.

 

7. Use Persistent Connections : Set KeepAlive On and then set KeepAliveTimeout and KeepAliveRequests. KeepAliveTimeout is how long apache will wait for the next request, and KeepAliveRequests is the max number of requests for a client prior to resetting the connection. This will prevent the client from having to reconnect between each request.

 

8. Increase Write Buffer Size : increase your write buffer size for tcp/ip buffers. On linux systems increase /proc/sys/net/core/wmem_max and  /proc/sys/net/core/wmem_default. If your pages fit within this buffer, apache will complete a process in one call to the tcp/ip buffer.

 

9.  Increase Max Open Files : if you are handling high loads increase the number of allowed open files. On linux, increase /proc/sys/fs/file-max and run ulimit -H -n 4096.

 

10.  Disable Content Negotiation : Content negotiation causes a big reduction in performance.Disable content negotiation where it is not needed. If you do require content negotiation, use the type-map handler, rather than the MultiViews option:

 

Note: Content negotiation is a mechanism defined in the HTTP specification that makes it possible to serve different versions of a document  at the same URI.

 

 

Secure Your WebServer using SSL Certificates

 

In Linux Apache is the most widely used WebServer , so in this document I will be going to use Apache WebServer and will make it secure by implementing SSL Certificates. I am assuming  httpd package(i.e apache software) is already installed on the linux box.

Previous page
Next page