The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Per user speed is limited by apache?

Discussion in 'EasyApache' started by menntarra_34, Oct 11, 2011.

  1. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I don't know why this is happening, but, it seems apache is limiting the per visitor speed, which is bad, cause my site provides stuff for download.
    So my limit is about 70-100kb/sec , however with shell, i can download at 1M/sec rate , i also tried to check to download several files, and i could download all of them at the same time with the speed of 70-100kb/sec, which clearly shows me that there should be a limiting factor... DO note : i have mod_bandwidth installed, but i'm NOT using it. i tried to put Sendbuffersize = 10000000 , but it didn't change a thing.

    SYSTEM: CPANEL 64 bit, centos 5 apache 2.2.19

    One more thing: i also have lighttpd installed on a separate port, and i tried that as well and it has the same limitation as httpd.
     
    #1 menntarra_34, Oct 11, 2011
    Last edited: Oct 11, 2011
  2. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    here is my sysctl.conf, if it helps in any ways:
    Code:
    # Auto-reboot linux 30 seconds after a kernel panic
    kernel.panic = 30
    kernel.panic_on_oops = 30
    
    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0
    
    # Controls whether core dumps will append the PID to the core filename.
    # Useful for debugging multi-threaded applications.
    kernel.core_uses_pid = 1
    
    #Allow for more PIDs
    kernel.pid_max = 65536
    
    # The contents of /proc/<pid>/maps and smaps files are only visible to
    # readers that are allowed to ptrace() the process
    kernel.maps_protect = 1
    
    #Enable ExecShield protection
    kernel.exec-shield = 1
    kernel.randomize_va_space = 1
    
    # Controls the maximum size of a message, in bytes
    kernel.msgmnb = 65536
    
    # Controls the default maxmimum size of a mesage queue
    kernel.msgmax = 65536
    
    
    
    ###
    ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
    ###
    
    # Increase size of file handles and inode cache
    fs.file-max = 209708
    
    # Do less swapping
    vm.swappiness = 10
    vm.dirty_ratio = 60
    vm.dirty_background_ratio = 2
    
    # specifies the minimum virtual address that a process is allowed to mmap
    vm.mmap_min_addr = 4096
    
    # No overcommitment of available memory
    vm.overcommit_ratio = 0
    vm.overcommit_memory = 0
    
    # Set maximum amount of memory allocated to shm to 256MB
    kernel.shmmax = 268435456
    kernel.shmall = 268435456
    
    # Keep at least 64MB of free RAM space available
    vm.min_free_kbytes = 65536
    
    
    
    ###
    ### GENERAL NETWORK SECURITY OPTIONS ###
    ###
    
    #Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_syn_retries = 5
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_max_syn_backlog = 4096
    
    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    net.ipv4.conf.all.forwarding = 0
    net.ipv4.conf.default.forwarding = 0
    net.ipv6.conf.all.forwarding = 0
    net.ipv6.conf.default.forwarding = 0
    
    # Disables IP source routing
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv6.conf.all.accept_source_route = 0
    net.ipv6.conf.default.accept_source_route = 0
    
    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv6.conf.all.accept_redirects = 0
    net.ipv6.conf.default.accept_redirects = 0
    
    # Disable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.default.log_martians = 0
    
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15
    
    # Decrease the time default value for connections to keep alive
    net.ipv4.tcp_keepalive_time = 300
    net.ipv4.tcp_keepalive_probes = 5
    net.ipv4.tcp_keepalive_intvl = 15
    
    # Don't relay bootp
    net.ipv4.conf.all.bootp_relay = 0
    
    # Don't proxy arp for anyone
    net.ipv4.conf.all.proxy_arp = 0
    
    # Turn on SACK
    net.ipv4.tcp_dsack = 1
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_fack = 1
    
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    
    # Don't ignore directed pings
    net.ipv4.icmp_echo_ignore_all = 0
    
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    
    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536
    
    # Enable a fix for RFC1337 - time-wait assassination hazards in TCP
    net.ipv4.tcp_rfc1337 = 1
    
    
    
    ###
    ### TUNING NETWORK PERFORMANCE ###
    ###
    
    # Do a 'modprobe tcp_cubic' first
    net.ipv4.tcp_congestion_control = cubic
    
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    
    # Increase the maximum total buffer-space allocatable
    # This is measured in units of pages (4096 bytes)
    net.ipv4.tcp_mem = 65536 131072 262144
    net.ipv4.udp_mem = 65536 131072 262144
    
    # Increase the read-buffer space allocatable
    net.ipv4.tcp_rmem = 8192 87380 16777216
    net.ipv4.udp_rmem_min = 16384
    net.core.rmem_default = 131072
    net.core.rmem_max = 16777216
    
    # Increase the write-buffer-space allocatable
    net.ipv4.tcp_wmem = 8192 65536 16777216
    net.ipv4.udp_wmem_min = 16384
    net.core.wmem_default = 131072
    net.core.wmem_max = 16777216
    
    # Increase number of incoming connections
    net.core.somaxconn = 32768
    
    # Increase number of incoming connections backlog
    net.core.netdev_max_backlog = 4096
    net.core.dev_weight = 64
    
    # Increase the maximum amount of option memory buffers
    net.core.optmem_max = 65536
    
    # Increase the maximum number of skb-heads to be cached
    #net.core.hot_list_length = 1024
    
    # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
    net.ipv4.tcp_max_tw_buckets = 1440000
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1
    
    # Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
    net.ipv4.tcp_max_orphans = 16384
    net.ipv4.tcp_orphan_retries = 0
    
    # Increase the maximum memory used to reassemble IP fragments
    net.ipv4.ipfrag_high_thresh = 512000
    net.ipv4.ipfrag_low_thresh = 446464
    
    # don't cache ssthresh from previous connection
    net.ipv4.tcp_no_metrics_save = 1
    net.ipv4.tcp_moderate_rcvbuf = 1
    
    # Increase RPC slots
    sunrpc.tcp_slot_table_entries = 32
    sunrpc.udp_slot_table_entries = 32
    
    # Increase size of RPC datagram queue length
    net.unix.max_dgram_qlen = 50
    
    # Don't allow the arp table to become bigger than this
    net.ipv4.neigh.default.gc_thresh3 = 2048
    
    # Tell the gc when to become aggressive with arp table cleaning.
    # Adjust this based on size of the LAN. 1024 is suitable for most /24 networks
    net.ipv4.neigh.default.gc_thresh2 = 1024
    
    # Adjust where the gc will leave arp table alone - set to 32.
    net.ipv4.neigh.default.gc_thresh1 = 32
    
    # Adjust to arp table gc to clean-up more often
    net.ipv4.neigh.default.gc_interval = 30
    
    # Increase TCP queue length
    net.ipv4.neigh.default.proxy_qlen = 96
    net.ipv4.neigh.default.unres_qlen = 6
    
    # Enable Explicit Congestion Notification (RFC 3168), disable it if it doesn't work for you
    net.ipv4.tcp_ecn = 1
    net.ipv4.tcp_ecn = 2
    net.ipv4.tcp_reordering = 3
    
    # How many times to retry killing an alive TCP connection
    net.ipv4.tcp_retries2 = 15
    net.ipv4.tcp_retries1 = 3
    
    # This will enusre that immediatly subsequent connections use the new values
    net.ipv4.route.flush = 1
    net.ipv6.route.flush = 1
    
    
     
  3. nobodyk

    nobodyk Well-Known Member

    Joined:
    Aug 1, 2010
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    I think apache 2.2.19 is vulnerable to a latest ddos attack if I'm not mistaken, you should upgrade to 2.2.21. Who knows, it might even fix your dl issue, but I doubt it.

    Anyways, have you isolated the issue to apache? have you tried a different protocol? you should use scp and pull a file to check the speeds. It could be a network issue.
     
  4. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks for your answer, i will upgrade apache then...

    I'm in europe and the server is in USA, yesterday, i asked him to test the dl there as well, and it turns out that he could dl with 1MB/s, however i could only to it at a 60kb/s rate. Is it really possible to have that much difference?
     
  5. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    If you like you could make a test file and provide me with the link.

    I will try it in my office as well as 2 servers, One located in US and the other in Germany.

    And Yes, 2.2.19 is definetly vulnerable, You should upgrade to 2.2.21 asap.

    Thanks,
     
  6. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks, here is a test file:
    http://74.63.79.124/games/files/Combat3.zip


    About the upgrade of apache, i can only see 2.2 apache in easyapache in WHM, the rest of the version isn't shown, so shall i run that despite this fact?
     
  7. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Max speed is:
    1.40M/s from Germany
    1.01M/s from US

    Yes, It's 2.2.21.

    PHP:
    root@host1 [~]# /usr/local/cpanel/cpanel -V; httpd -v
    11.30.4 (build 6)
    Server versionApache/2.2.21 (Unix)
    Server built:   Sep 26 2011 05:54:34
    Cpanel
    ::Easy::Apache v3.6.2 rev9999
     
  8. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks, well then i can say that it is "solved" and conclusion is that my isp is shit in connection to my server... Cause despite the fact that i have 25Mbit connection highest dl was 60kb/s

    One last question, does it make difference if i try to download a file with a 100Mbit connection vs a 20Mbit connection, i mean, can it cause less speed (of course in the rate between (1mb/s -60kb/sec) ) ?
     
  9. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    I don't know for real will there is a difference or not.

    I tried the file also from my office connection at 2Mbps, Speed is 264Kb/s
     
  10. menntarra_34

    menntarra_34 Active Member

    Joined:
    Sep 6, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks, then i confirm this is solved. My isp is the problem.

     
  11. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    You welcome anytime :)
     
Loading...

Share This Page