Hi,
we are developing a e-commerce site using D7, Commerce module, PHP-FPM, APC, MySQL, InnoDB, Memcached, Nginx, SSL. Our Dedicated server has Intel i5 2.5GHz 4 Cores, FreeBSD, 16 GB RAM, 120 GB SSD.
I was looking for FreeBSD specific nginx conf but couldn't find one for Drupal, so, I have nginx conf for Drupal almost identical to previous nginx/wiki (latest wiki page has Perusio's conf I guess), with epoll and micro_cache disabled. Since, it is commerce site we are using SSL in all site, which would slow down the site. I am quiet impressed with Perusio's conf in github, but was wondering if I could use micro_cache and SSL session cache together without causing any conflict ? I have tested micro_cache locally, it's wonderful peice of software, but haven't found any clue to test SSL locally by using self signed certificate in Nginx.
i'd appreciate any other suggestions to make the site secure and fast. Thank you !!!
Comments
Different things
the SSL session cache functions at a different layer than the FCGI or proxy cache.
It just should work out of the box.
Thanks for the reminder about FreeBSD. Indeed the config is quite Linux centric. And it should be
kqueueinstead ofepoll.targeted specification
Thank you Perusio for the reply, I was going through your config, thought of asking the ideal targeted hardware specification for this config.
Well
it assumes 4 cores. You must tweak some parameters in order to extract the maximum performance.
accept-mutexworker_connectionsworker_rlimit_nofileAlso you must tune the kernel. Here's the "old" wiki page on FreeBSD optimizations. Most of the kernel parameters have similar names in both Linux and FreeBSD. I have a "vanilla" high-performance (linux) kernel setup. Test and tune to your liking/needs.
I'll chip in to say that I'm
I'll chip in to say that I'm using perusio's config on my FreeBSD VPS. There's a lot of tweaks that need to be made for file paths and such, but it works and was certainly faster for a n00b like me than figuring out everything myself. (Likewise for setting up a server locally on my OS X machine… lamentations, this Linux-centric world.) Had I the presence of mind, I would have forked his repo and committed all my changes cleanly for others to see, but I was in a bit of an oh-my-God-I-just-want-my-sites-back-up mindset when I was setting it up… If you'd like to check out my config files and cheat-sheet off of them, though, send me an email and I'll send them on to you.
Tuning the FreeBSD kernel is getting into a seriously hardcore level of optimization… I'd say that you should worry about the low-hanging fruit in the application space first.
The Boise Drupal Guy!
Which linux centric
part you're referring to? In the config itself there's nothing Linux centric (I removed the
epollsetting of the event triggering mechanism) AFAIK. If there is please do tell me. I've been meaning to run a a FreeBSD under a virtual machine to test it out. But I procrastinate.Do you mean the README installation intructions? I don't own a Mac I, I'm wanting help there. I thought that since GNU userland tools are available on OS X there's not much difference. Probably I'm wrong. Help me improve the docs and the config for people on *BSDs.
Thanks,
epoll, yes, but another thing
epoll, yes, but another thing is that the web server user is traditionally "www," not "www-data". (Is "www-data" even consistent between Linux distros?) Also, generally, anywhere you used a path that begins with "/etc" (like
include /etc/nginx/mime.types), the correct file was actually going to be under "/usr/local/etc" in FreeBSD. The HTTP files themselves are at "/usr/local/www" (I think) by default, not "/var/www". There might be more that I'm not remembering - like I said, I regrettably didn't implement my fixes very cleanly or take good notes or anything.There's a lot of GNU stuff in and available for OS X, but remember that the Unixy guts themselves are based on NExTSTEP, which itself was based on BSD and predated the release of Linux.
The Boise Drupal Guy!