From ffa63acaded06c84f850ebac5badb152aae14ac3 Mon Sep 17 00:00:00 2001 From: hhftechnologies Date: Wed, 27 Nov 2024 14:13:47 +0530 Subject: [PATCH] update --- optimize/100-cloudpanel.cnf | 71 ++++++ optimize/nginx.conf | 222 +++++++++++++++++++ {maintenance => optimize}/optimize-server.sh | 2 +- 3 files changed, 294 insertions(+), 1 deletion(-) create mode 100644 optimize/100-cloudpanel.cnf create mode 100644 optimize/nginx.conf rename {maintenance => optimize}/optimize-server.sh (99%) diff --git a/optimize/100-cloudpanel.cnf b/optimize/100-cloudpanel.cnf new file mode 100644 index 0000000..a7d60a1 --- /dev/null +++ b/optimize/100-cloudpanel.cnf @@ -0,0 +1,71 @@ +[mysqld] +# === Required Settings === +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +log-error = /var/log/mysql/error.log +datadir = /home/mysql/ + +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci +init-connect = 'SET NAMES utf8mb4' + + +thread_cache_size = 32 +table_open_cache = 2048 +sort_buffer_size = 8M + +# === InnoDB Settings === +innodb_file_per_table +innodb = force +innodb_buffer_pool_instances = 16 +innodb_buffer_pool_size = 28G +innodb_file_per_table = 1 +innodb_sort_buffer_size = 16M +innodb_flush_log_at_trx_commit = 2 +innodb_log_file_size = 2GB +innodb_stats_on_metadata = OFF +innodb_buffer_pool_instances = 8 +innodb_io_capacity = 3000 +innodb_io_capacity_max = 6000 +innodb_read_io_threads = 16 +innodb_write_io_threads = 16 +innodb_log_buffer_size = 10M +innodb_flush_method = O_DIRECT +innodb_log_buffer_size = 64M +innodb_thread_concurrency = 32 + +# === Connection Settings === +max_connections = 2000 # Increased for high traffic +back_log = 1000 # Increased for high traffic +thread_cache_size = 200 # Increased for better thread handling +thread_stack = 256K +interactive_timeout = 300 # Increased timeout +wait_timeout = 300 # Increased timeout + +# === Buffer Settings === +join_buffer_size = 8M # Increased for better JOIN performance +read_buffer_size = 4M # Increased for better read performance +read_rnd_buffer_size = 8M # Increased for better random read performance +sort_buffer_size = 8M # Increased for better sorting performance + +# === Table Settings === +table_definition_cache = 60000 # Increased for more concurrent tables +table_open_cache = 60000 # Increased for more concurrent tables +open_files_limit = 100000 # Increased accordingly +max_heap_table_size = 512M # Increased for better temp table handling +tmp_table_size = 512M # Increased for better temp table handling + +# === Query Cache Settings === +query_cache_size = 0 +query_cache_type = 0 + + +# === Logging Settings === +slow_query_log = 1 +slow_query_log_file = /var/lib/mysql/mysql_slow.log +long_query_time = 2 # Log queries slower than 2 seconds +log_queries_not_using_indexes = 0 + + +# === Binary Logging === +disable_log_bin \ No newline at end of file diff --git a/optimize/nginx.conf b/optimize/nginx.conf new file mode 100644 index 0000000..6cc48d4 --- /dev/null +++ b/optimize/nginx.conf @@ -0,0 +1,222 @@ +user root; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log notice; +worker_rlimit_nofile 65535; +include /etc/nginx/modules-enabled/*.conf; + +events { + use epoll; + worker_connections 65535; + # multi_accept on; + epoll_events 512; +} + +http { + + ## + # Basic Settings + ## + + geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database + geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database + + real_ip_recursive on; + + set_real_ip_from 127.0.0.1; + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + #real_ip_header X-Forwarded-For; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + + ## + # Define fastcgi_cache settings + ## + + # FastCGI Cache Settings + fastcgi_cache_key "$scheme$request_method$host$request_uri$cookie_pll_language"; + fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; + fastcgi_cache_methods GET HEAD; + fastcgi_buffers 256 32k; # Reduced number of buffers, still maintaining good performance + fastcgi_buffer_size 256k; # Reduced to better match common response sizes + fastcgi_connect_timeout 3s; # Reduced to fail faster + fastcgi_send_timeout 180s; # Increased for better reliability with slow upstream + fastcgi_busy_buffers_size 512k; + fastcgi_temp_file_write_size 512k; + fastcgi_param SERVER_NAME $http_host; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; + fastcgi_keep_conn on; + fastcgi_cache_lock on; + fastcgi_cache_lock_age 1s; # Increased to reduce cache stampede + fastcgi_cache_lock_timeout 5s; # Increased for better reliability + + # Proxy Settings + proxy_buffers 4 256k; # Optimized for typical response sizes + proxy_buffer_size 128k; # Adjusted for headers + proxy_busy_buffers_size 256k; # Reduced to save memory + proxy_connect_timeout 600; # Reduced to fail faster + proxy_send_timeout 600; # Balanced timeout + proxy_read_timeout 600; # Balanced timeout + + # TCP Settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + # aio threads; # Enable async I/O with threads + # directio 512; # Enable direct I/O for files > 512 bytes + + # Timeout Settings + send_timeout 60; # Reduced to free resources faster + keepalive_timeout 65; # Optimal for most cases + keepalive_requests 2048; # Increased for better performance + + # Client Request Settings + client_body_buffer_size 16k; # Increased for better performance + client_header_buffer_size 2k; # Increased slightly + large_client_header_buffers 4 8k; # Reduced buffer size + client_body_timeout 15; # Reduced for faster failure detection + client_header_timeout 15; # Reduced for faster failure detection + client_max_body_size 100M; # Increased to handle larger uploads + + # Performance Settings + server_tokens off; + port_in_redirect off; + access_log off; + + # File Cache Settings + open_file_cache max=500000 inactive=60s; # Increased cache size + open_file_cache_valid 120s; # Increased validity + open_file_cache_min_uses 2; # Reduced to cache more files + open_file_cache_errors on; + types_hash_max_size 4096; # Increased for more MIME types + + map $scheme $fastcgi_https { ## Detect when HTTPS is used + default off; + https on; + } + + include /etc/nginx/blocked_ips; + # include /etc/nginx/blocked_bots; + + pagespeed off; + pagespeed XHeaderValue 1; + + + + ## + # SSL Settings - Hardened Configuration + ## + + ssl_conf_command Options KTLS; # Kernel TLS for better performance + + # Strict ciphersuite selection - most secure TLS 1.3 ciphersuites only, prioritizing security + ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; + + # TLS 1.3 only - no fallback to older versions + ssl_protocols TLSv1.3; + + # Optimized session cache settings + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 4h; + ssl_session_tickets off; + + # Use only the strongest curve + ssl_ecdh_curve secp384r1; + + ssl_prefer_server_ciphers on; + + # Use more reliable DNS resolvers with DNSSEC support + resolver 9.9.9.9 149.112.112.112 valid=3600s; + resolver_timeout 2s; + + # OCSP Stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_dhparam /etc/nginx/ssl/dhparams.pem; + + # 0-RTT can be risky for some applications - disable if you handle sensitive data + ssl_early_data on; + + # Strict security headers + add_header Strict-Transport-Security "max-age=63072000" always; + + # HTTP/3 support with strict settings + add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400'; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + + ## + # Limit the requests for php + ## + limit_conn_zone $binary_remote_addr zone=perip:10m; + limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s; + + ## + # Gzip Settings + ## + + gzip on; + # gzip_static on; + gzip_min_length 1000; + gzip_http_version 1.1; + gzip_comp_level 5; + gzip_disable "MSIE [4-6]\."; + gzip_proxied any; + gzip_vary on; + gzip_types text/plain + text/xml + text/css + text/javascript + application/json + application/javascript + application/x-javascript + application/ecmascript + application/xml + application/rss+xml + application/atom+xml + application/rdf+xml + application/xml+rss + application/xhtml+xml + application/x-font-ttf + application/x-font-opentype + application/vnd.ms-fontobject + image/svg+xml + image/x-icon + application/atom_xml; + + gzip_buffers 32 16k; + + + ## + # Brotli Settings + ## + + brotli on; + brotli_comp_level 8; + brotli_static on; + brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml; + + ## + # Virtual Host Configs + ## + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; +} \ No newline at end of file diff --git a/maintenance/optimize-server.sh b/optimize/optimize-server.sh similarity index 99% rename from maintenance/optimize-server.sh rename to optimize/optimize-server.sh index 895f426..dd77a7b 100644 --- a/maintenance/optimize-server.sh +++ b/optimize/optimize-server.sh @@ -5,7 +5,7 @@ #-----------------------------------# this_script_url="https://git.hhf.technology/hhf/script-management-cloudpanel/raw/branch/main/maintenance/optimize-server.sh" -this_script_name="Server Optimization Script" +this_script_name="Server Optimization Script Nginx MariaDB" formatter_url="https://git.hhf.technology/hhf/TaskFormatter/raw/branch/main/bash_task_formatter/task_formatter.sh" scriptname=$0