Tag Archives: apache

Nginx+Httpd默认设置压力测试

如此高压之下,nginx依旧表示蛋定,不得不服气- –

有空了研究下详细的参数,继续优化

测试环境:两个相距5跳的vps,ping下来1.2ms

被测试vps:512M内存,1024M的burst,openvz,跑完3000个测试load接近2

网页是博客首页,已经用w3 total cache静态化

[root@vps ~]#ab -c 100 -n 3000 http://johnliu.info/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking johnliu.info (be patient)
Completed 300 requests
Completed 600 requests
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Finished 3000 requests

Server Software:        nginx/0.8.53
Server Hostname:        johnliu.info
Server Port:            80

Document Path:          /
Document Length:        32170 bytes

Concurrency Level:      100
Time taken for tests:   10.576416 seconds
Complete requests:      3000
Failed requests:        0
Write errors:           0
Total transferred:      97896000 bytes
HTML transferred:       96510000 bytes
Requests per second:    283.65 [#/sec] (mean)
Time per request:       352.547 [ms] (mean)
Time per request:       3.525 [ms] (mean, across all concurrent requests)
Transfer rate:          9039.07 [Kbytes/sec] received

Connection Times (ms)
min  mean[+/-sd] median   max
Connect:        0   60 395.1      7    3012
Processing:    49  268  85.3    268    2438
Waiting:       21  228  75.8    225    2415
Total:         51  328 404.6    275    3981

Percentage of the requests served within a certain time (ms)
50%    275
66%    293
75%    302
80%    308
90%    334
95%    362
98%    783
99%   3273
100%   3981 (longest request)

解决Apache的Mod_Security和svn模块冲突

今天svn突然不能提交了,给777都没用,一直报错

Command: Commit
Error: Commit failed (details follow):
Error: access to ‘/!svn/vcc/default’ forbidden
Finished!:

Google了好一阵子,解决方案如下:

在svn对应的虚拟主机的</VirtualHost>之前插入这样一段

<IfModule mod_security2.c>
SecRuleRemoveByID 960032
SecRuleRemoveByID 960015
SecRuleRemoveByID 960904
SecRuleRemoveByID 960010
SecRuleRemoveByID 960035
SecRule REQUEST_METHOD “^(PROPFIND|PROPPATCH)$” allow
SecRule REQUEST_METHOD “^(REPORT|OPTIONS)$” allow
SecRule REQUEST_METHOD “^(MKACTIVITY|CHECKOUT)$” allow
SecRule REQUEST_METHOD “^(PUT|DELETE|MERGE)$” allow
SecRule REQUEST_METHOD “^(MKCOL)$” allow
</IfModule>

完成后重启apache就可以了。

原因:mod_security过于严格=。-

5分钟完成配置CentOS+Apache+MySQL+PHP5+Webmin+PPTP VPN+Subversion+etc

嗯,今天实在不知道的写什么,就只有把老本拿出来了:自己折腾了N台vps后整理出的快速配置centos的脚本,只要打开terminal一行行的粘进去回车就完事。
正常情况下是可以在5分钟内完成一台新vps的配置的,如果遇到非正常情况。。就。。。。。。
跑poptopd的前提是你的vps是xen架构,否则免谈

#安装epel+rpmforge
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt http://quattor.web.lal.in2p3.fr/packages/os/sl520-x86_64/base/RPM-GPG-KEYs/RPM-GPG-KEY-CentOS-5 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm –import RPM-GPG-KEY.dag.txt
rpm –import RPM-GPG-KEY-CentOS-5
rpm -Uhv rpmforge-release-0.5.1-1.el5.rf.i386.rpm

#更新系统
yum -y update
yum -y upgrade
#install php 5.2+ on centos5
vim /etc/yum.repos.d/CentOS-Testing.repo

[c5-testing]
name=CentOS-5Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php*

#安装lamp和subversion+其他一些东西
yum -y install perl-Net-SSLeay gcc-c++ patch zlib-devel openssl-devel readline-devel mysql-devel mysql-server httpd-devel apr-devel iptables php-common php-gd php-mcrypt php-pear php-mhash php-mysql php-xml php-mbstring traceroute bind-utils setuptool mod_dav_svn subversion sqlite-devel ntp

#poptopd pptp vpn server
rpm -Uvh http://poptop.sourceforge.net/yum/stable/fc7/pptp-release-current.noarch.rpm
yum -y –enablerepo=poptop-stable install pptpd

vim /etc/pptpd.conf (修改localip、remoteip)
vim /etc/ppp/options (修改ms-dns),
vim /etc/ppp/chap-secrets (创建用户名、密码,指定ip)
vim /etc/sysctl.conf
#修改
net.ipv4.ip_forward = 1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 内网ip段(eg. 192.168.100.0/24) -j SNAT –to 服务器的任意ip(eg. 1.2.3.4)
/etc/init.d/iptables save
/etc/init.d/iptables restart

#webmin图形化的web管理界面,减少命令行的折腾程度
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.520-1.noarch.rpm
rpm -i webmin-1.520-1.noarch.rpm

#subversion
svnadmin create /path/to/repo
chmod 777 -R /path/to/repo
htpasswd -c /path/to/svn/password username#下面这段丢给httpd.conf

DocumentRoot /path/to/svn/repo
ServerName svn.yourname.com

DAV svn
SVNPath /data/svn
AuthType Basic
AuthName “Subversion”
AuthUserFile /path/to/svn/password
Require valid-user

#大功告成^_^

非常NB的软7层交换机-haproxy在centos上最简化配置

yum -y install haproxy
vim /etc/haproxy/haproxy.cfg
#    use_backend static          if url_static  #注释掉这一行
server  app1 你的服务器真实ip:端口 check  #修改这一行
删掉其余两行server app1

保存退出完事
然后service haproxy start

自己hosts后就可以感受一下了,对于动态内容加速效果还是很明显的,支持非常强大的配置,等有空研究清楚了继续贴配置

之前搞错了- -haproxy主要是作为load balancer用,部署在最前端,后面一般是个squid群,squid之后才是应用服务器,应用服务器后面可以再来一层数据库服务器,这样的架构抗负载能力是非常强悍的。

目前我这个烂博客已经实现squid+apache+mysql分布在3台服务器,其中一台跑在xeex的网络后面作为前端,另外两个在Amazon的ec2上。估计是没必要考虑引入haproxy的了- –