hhf/script-management-cloudpanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
hhftechnologies 2024-11-27 14:13:47 +05:30
parent 1715f31f4a
commit ffa63acade
3 changed files with 294 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
optimize/100-cloudpanel.cnf Normal file
View file

@ -0,0 +1,71 @@
[mysqld]
# === Required Settings ===
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
log-error = /var/log/mysql/error.log
datadir = /home/mysql/
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
init-connect = 'SET NAMES utf8mb4'
thread_cache_size = 32
table_open_cache = 2048
sort_buffer_size = 8M
# === InnoDB Settings ===
innodb_file_per_table
innodb = force
innodb_buffer_pool_instances = 16
innodb_buffer_pool_size = 28G
innodb_file_per_table = 1
innodb_sort_buffer_size = 16M
innodb_flush_log_at_trx_commit = 2
innodb_log_file_size = 2GB
innodb_stats_on_metadata = OFF
innodb_buffer_pool_instances = 8
innodb_io_capacity = 3000
innodb_io_capacity_max = 6000
innodb_read_io_threads = 16
innodb_write_io_threads = 16
innodb_log_buffer_size = 10M
innodb_flush_method = O_DIRECT
innodb_log_buffer_size = 64M
innodb_thread_concurrency = 32
# === Connection Settings ===
max_connections = 2000 # Increased for high traffic
back_log = 1000 # Increased for high traffic
thread_cache_size = 200 # Increased for better thread handling
thread_stack = 256K
interactive_timeout = 300 # Increased timeout
wait_timeout = 300 # Increased timeout
# === Buffer Settings ===
join_buffer_size = 8M # Increased for better JOIN performance
read_buffer_size = 4M # Increased for better read performance
read_rnd_buffer_size = 8M # Increased for better random read performance
sort_buffer_size = 8M # Increased for better sorting performance
# === Table Settings ===
table_definition_cache = 60000 # Increased for more concurrent tables
table_open_cache = 60000 # Increased for more concurrent tables
open_files_limit = 100000 # Increased accordingly
max_heap_table_size = 512M # Increased for better temp table handling
tmp_table_size = 512M # Increased for better temp table handling
# === Query Cache Settings ===
query_cache_size = 0
query_cache_type = 0
# === Logging Settings ===
slow_query_log = 1
slow_query_log_file = /var/lib/mysql/mysql_slow.log
long_query_time = 2 # Log queries slower than 2 seconds
log_queries_not_using_indexes = 0
# === Binary Logging ===
disable_log_bin

222
optimize/nginx.conf Normal file
View file

@ -0,0 +1,222 @@
user root;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log notice;
worker_rlimit_nofile 65535;
include /etc/nginx/modules-enabled/*.conf;
events {
use epoll;
worker_connections 65535;
# multi_accept on;
epoll_events 512;
}
http {
##
# Basic Settings
##
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
real_ip_recursive on;
set_real_ip_from 127.0.0.1;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
#real_ip_header X-Forwarded-For;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
##
# Define fastcgi_cache settings
##
# FastCGI Cache Settings
fastcgi_cache_key "$scheme$request_method$host$request_uri$cookie_pll_language";
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
fastcgi_cache_methods GET HEAD;
fastcgi_buffers 256 32k; # Reduced number of buffers, still maintaining good performance
fastcgi_buffer_size 256k; # Reduced to better match common response sizes
fastcgi_connect_timeout 3s; # Reduced to fail faster
fastcgi_send_timeout 180s; # Increased for better reliability with slow upstream
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_keep_conn on;
fastcgi_cache_lock on;
fastcgi_cache_lock_age 1s; # Increased to reduce cache stampede
fastcgi_cache_lock_timeout 5s; # Increased for better reliability
# Proxy Settings
proxy_buffers 4 256k; # Optimized for typical response sizes
proxy_buffer_size 128k; # Adjusted for headers
proxy_busy_buffers_size 256k; # Reduced to save memory
proxy_connect_timeout 600; # Reduced to fail faster
proxy_send_timeout 600; # Balanced timeout
proxy_read_timeout 600; # Balanced timeout
# TCP Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# aio threads; # Enable async I/O with threads
# directio 512; # Enable direct I/O for files > 512 bytes
# Timeout Settings
send_timeout 60; # Reduced to free resources faster
keepalive_timeout 65; # Optimal for most cases
keepalive_requests 2048; # Increased for better performance
# Client Request Settings
client_body_buffer_size 16k; # Increased for better performance
client_header_buffer_size 2k; # Increased slightly
large_client_header_buffers 4 8k; # Reduced buffer size
client_body_timeout 15; # Reduced for faster failure detection
client_header_timeout 15; # Reduced for faster failure detection
client_max_body_size 100M; # Increased to handle larger uploads
# Performance Settings
server_tokens off;
port_in_redirect off;
access_log off;
# File Cache Settings
open_file_cache max=500000 inactive=60s; # Increased cache size
open_file_cache_valid 120s; # Increased validity
open_file_cache_min_uses 2; # Reduced to cache more files
open_file_cache_errors on;
types_hash_max_size 4096; # Increased for more MIME types
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
include /etc/nginx/blocked_ips;
# include /etc/nginx/blocked_bots;
pagespeed off;
pagespeed XHeaderValue 1;
##
# SSL Settings - Hardened Configuration
##
ssl_conf_command Options KTLS; # Kernel TLS for better performance
# Strict ciphersuite selection - most secure TLS 1.3 ciphersuites only, prioritizing security
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;
# TLS 1.3 only - no fallback to older versions
ssl_protocols TLSv1.3;
# Optimized session cache settings
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 4h;
ssl_session_tickets off;
# Use only the strongest curve
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
# Use more reliable DNS resolvers with DNSSEC support
resolver 9.9.9.9 149.112.112.112 valid=3600s;
resolver_timeout 2s;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# 0-RTT can be risky for some applications - disable if you handle sensitive data
ssl_early_data on;
# Strict security headers
add_header Strict-Transport-Security "max-age=63072000" always;
# HTTP/3 support with strict settings
add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Limit the requests for php
##
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s;
##
# Gzip Settings
##
gzip on;
# gzip_static on;
gzip_min_length 1000;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_disable "MSIE [4-6]\.";
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 32 16k;
##
# Brotli Settings
##
brotli on;
brotli_comp_level 8;
brotli_static on;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}

2
maintenance/optimize-server.sh → optimize/optimize-server.sh
View file

@ -5,7 +5,7 @@
#-----------------------------------# #-----------------------------------#
this_script_url="https://git.hhf.technology/hhf/script-management-cloudpanel/raw/branch/main/maintenance/optimize-server.sh" this_script_url="https://git.hhf.technology/hhf/script-management-cloudpanel/raw/branch/main/maintenance/optimize-server.sh"
this_script_name="Server Optimization Script" this_script_name="Server Optimization Script Nginx MariaDB"
formatter_url="https://git.hhf.technology/hhf/TaskFormatter/raw/branch/main/bash_task_formatter/task_formatter.sh" formatter_url="https://git.hhf.technology/hhf/TaskFormatter/raw/branch/main/bash_task_formatter/task_formatter.sh"
scriptname=$0 scriptname=$0