Apache/PHP/SYSCTL.conf Optimization for a 512mb server

This is a long oneApache/PHP/SYSCTL.conf Optimization for a 512mb server

currently residing on a 256mb celeron 2.0, 40g hd, 100mb connection. MOVING TOMMOROW to a 2.8g pentium, 512mb ram, rest same.

currently the base OS(debian, woody) uses about 60mb of ram by itself. rest will be for apache/mysql.

Here is the TOP output relevant to apache:

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
12868 www-data 16 0 8500 8500 5104 S 9.7 3.4 0:01 httpd

Sometimes the memory goes up to 12mb per apache proccess during peak times.

Here is my httpd -L output:

Compiled-in modules:
http_core.c
mod_log_config.c
mod_mime.c
mod_dir.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_dosevasive.c
mod_php4.c
suexec: disabled; invalid wrapper /usr/lib/suexec

So you can see that this is pretty much minialistic aproach when I build apache.

Here is the php relevant information:

./configure
--prefix=/usr/local'
'--disable-all'
'--with-mysql'
'--enable-inline-optimization'
'--enable-memory-limit'
'--with-config-file-scan-dir=/etc/php'
'--with-zlib'
'--enable-mbstring'
'--disable-session'
'--with-mm'
'--with-xml'
'--enable-xml'
'--with-pcre-regex'
'--with-pear'
'--with-apache=/tmp/apache'

Here is relevant data from the httpd.conf

Timeout 220
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 10
MinSpareServers 5
MaxSpareServers 10
StartServers 8
MaxClients 40
MaxRequestsPerChild 1000 #YEAH I KNOW BUT THIS IS NEEDED FOR DOSEVASIVE MOD
#this kills per directory listing of .htaccess
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ServerTokens Prod
ServerSignature Off
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 60
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
Include /etc/apache/vhosts.conf
Include /etc/apache/htaccess.conf


Questions:

1) The server will have 512mb of RAM, of which pure ~430mb will probably go to apache. The MaxClients directive in httpd.conf, as I understand it, lists the maximum # of proccesses apache will take in order to prevent apache from taking the system down. So if I do a simple math = ~10mb per apache procces = 430/10 = 43. Therefore my MaxClients should equal +-~43?

2) If do a sample attack with ab(apache bench tool) against apache I can successfully choke the server(maxclients will be reached), whereas if I do this against a other hosts it will not choke it. How do I prevent DDOS attacks against apache in this way? I do have mod_dosevasive and it works for somethings(yes it does) but not against something like ab(apache bench) attacks from a single ip(its not even a distributed attack and it chokes it!!!!)
What other mods should I install without jeopardizing too much overlay/cpu?

3) What is the maximum hits per day that I can expect to be able to take with this server? Server is debian, 2.8g pentium, 512mb ram, 40g ide hd, 100mb backbone. Software is apache 1.33 with php 4. Site is dynamicly generated using mambo.

4) What sysctl.conf values you would recommend for this server?

5) Will switching to apache2 increase performance if I only have 512mb of ram? The way I understand is that apache2 does not opens up another child for each requests thus using less ram.

6) Any php.ini setting I should implement to create a safer enviroment?(limit ram usage, etc)

Thank You

 

 

 

 

Top