Suggestions for a busy ISPConfig server

Discussion in 'Installation/Configuration' started by maxxer, Nov 11, 2014.

  1. maxxer

    maxxer Member

    I'm running a busy server with ~300 active domains. I'm on the classic LAMP stack, but few months ago I moved from php_fcgi to php-fpm in ondemand mode with some benefits. I reduced the number of running processes on the server with faster responses.

    Few hours ago I was connected to the server and I noticed the few (~50) running php-fpm processes are taking a LOT of cpu, more than 30% per process (for those who can).
    The sites are still responsive, but obviously the server load is very high.

    so I was wondering: is this configuration the correct approach for such a server? Should I consider something else?

    Most of the hosted sites are wordpress based, and memcached is installed. Should I force my users to install a wp plugin that leverages memcached benefits?
    Is there any other action I can do to optimize the system and reduce fpm cpu usage and thus server load?


    P.S. a note on the subject: I don't know if 300 domains can be considered a busy server ;)
    Last edited: Nov 11, 2014
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I think php-fpm in ondemand mode is a good choice. I wont expect better results with other php modes.

    One thing that you can try is google pagespeed with memcache:

    Another option to speed up delivery is to use varnish in front of apache, but this will only accellerate http connections, not https.

    Using a caching plugin in wordpress like "w3 total cache" will help a lot too, if your customers would install it.
  3. maxxer

    maxxer Member

    thanks for the fast response @till. Indeed I was looking for a confirmation about the configuration.
    I just found out the main reason for my server load: bruteforce attacks!
    so fail2ban is a must in these situations!

    I'm still struggling to find a good filter regexp for it, will post when done. thanks again for your reply!
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You might want to take a look at the apache module mod_evasive as well to protect the server.
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    It might be better to prefork as much php-fpm-processes as possible, so they are ready to handle the request. With ondemand they will be spawned before handling the request.

    I would not install fail2ban just to ban some brute-force-attacks. This can lead to a high load when f2b reads large / a lot of logs. I just parse the apache-log, get the ip for an attack and add the ip to the firewall with syslog-ng (you can do with rsyslog, too).
  6. maxxer

    maxxer Member

    yes but with 300 sites you will have at least 300 fpm processes around.

    indeed f2b is very slow on startup, when it has to parse other_vhosts_access.log, but after that time I don't see it loading the server too much. And when you have 2/300 wordpress sites, with even just 5 of them being flooded with bruteforce attacks, I don't know what other tool can save you... f2b is also helpful in blocking bruteforce against ftp.
  7. olimortimer

    olimortimer Member

    Sorry to slightly hijack the thread, but do you have any guides on moving from php_fcgi to php-fpm? Thanks
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    All you have to do is to select php-fpm in the website settings of the website instead of php-fcgi. If your setup is older and has no php-fpm installe yet, then take a look at the perfect server guide to install the mising packages first.
  9. olimortimer

    olimortimer Member

    Oops, completely missed that setting. Thank you till.

Share This Page