What is the load bottleneck? RAM, CPU, disk (iowait)? Figure that out, and start from there.
By the way, your MySQL server configuration looks pretty wacko. Of course, I do not know your exact work load, but I dare to question how you came up with these settings.
Search found 435 matches
- Fri Oct 23, 2015 5:35 am
- Forum: MySQL / MariaDB Database Help and Discussion
- Topic: high cpu and other issues after upgrading to mariadb 10
- Replies: 2
- Views: 8851
- Tue Oct 20, 2015 6:35 am
- Forum: MySQL / MariaDB Database Help and Discussion
- Topic: Mariadb how can we speed up insert
- Replies: 1
- Views: 7595
Re: Mariadb how can we speed up insert
At the least, disable the general query log!
Further optimisations really depend on the type of work load, hardware specs and storage engine.
Further optimisations really depend on the type of work load, hardware specs and storage engine.
- Wed Oct 14, 2015 2:43 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: New Wordpress XML-RPC Attack
- Replies: 9
- Views: 8907
Re: New Wordpress XML-RPC Attack
i have to respectfully disagree, a local socket to a local process is always going to be faster than a remote network query. I did say that the network latency to a remote server should be higher if compared to using a local server. However, relatively the most time will be consumed by resolving th...
- Tue Oct 13, 2015 7:16 am
- Forum: Atomic Protector (formerly ASL)
- Topic: New Wordpress XML-RPC Attack
- Replies: 9
- Views: 8907
Re: New Wordpress XML-RPC Attack
Thanks for the clarification. but can I enable it when I use non local, but a DNS server on the LAN (google compute engine)? You'll have to test their DNS servers yourself to see if they are fast enough for your needs. We recommend you run a local DNS resolver, they are always faster than a network...
- Tue Oct 13, 2015 7:11 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: nginx vs apache with rules only
- Replies: 4
- Views: 11658
Re: nginx vs apache with rules only
That depends on your setup. I have seen incredibly good results with Apache 2.4 and mpm_event.taenzerme wrote:[...] I did some benchmarks and testing and as expected nginx + mod_security still outperforms Apache under higher load.
- Fri Sep 11, 2015 6:04 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Allow url_fopen
- Replies: 4
- Views: 5666
Re: Allow url_fopen
Allowing url_fopen is very unsafe. More so because it is usually used by poorly written scripts. Using the cURL functions is a fine alternative.
There really is no sane reason to keep allow_url_fopen enabled.
There really is no sane reason to keep allow_url_fopen enabled.
- Mon Sep 07, 2015 6:42 am
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL SSL Certificate [SOLVED]
- Replies: 2
- Views: 4315
Re: ASL SSL Certificate
Yes, the ASL web server is just Apache httpd, see /var/asl/etc/httpd/conf.d/ssl.conf.
- Fri Sep 04, 2015 4:01 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Using an front-end proxy
- Replies: 2
- Views: 4903
Re: Using an front-end proxy
Apache 2.2 (CentOS 6 stock) with mod_rpaf (Atomic): https://github.com/gnif/mod_rpaf <IfModule mod_rpaf.c> # Apache 2.2 with extra module RPAF_Enable On # Only set the real IP from trusted proxies RPAF_ProxyIPs 127.0.0.1 RPAF_Header X-Forwarded-For # Do not further modify context (for standardized ...
- Wed Aug 19, 2015 5:30 am
- Forum: Control Panel Support Help
- Topic: Move to Postfix install checklist.
- Replies: 10
- Views: 15685
Re: Move to Postfix install checklist.
will this fix the client getting the CA message being invalid? Basically they don't have one and the serve3r is selfsigned. for the mail IP address? Do I have to create a selfsigned cert for each domain on this shared IP in each domain panel? You can only install one server certificate via Postfix,...
- Wed Aug 19, 2015 5:26 am
- Forum: General Help and Development Discussion
- Topic: libwebp in Atomic overriding EPEL
- Replies: 3
- Views: 9606
Re: libwebp in Atomic overriding EPEL
Why not put a requirement on the EPEL repo? That may be much better than duplicating packages, and consequently overriding them because of the priorities setup in the Atomic repo config, and having the risk of Atomic forgetting to update when EPEL updates that package.
- Tue Aug 18, 2015 10:34 am
- Forum: General Help and Development Discussion
- Topic: libwebp in Atomic overriding EPEL
- Replies: 3
- Views: 9606
libwebp in Atomic overriding EPEL
Hi Scott,
There are libwebp packages in the Atomic repo with the same version as in EPEL. Is there a good reason for overriding the packages in EPEL?
There are libwebp packages in the Atomic repo with the same version as in EPEL. Is there a good reason for overriding the packages in EPEL?
- Tue Aug 18, 2015 7:05 am
- Forum: Control Panel Support Help
- Topic: Move to Postfix install checklist.
- Replies: 10
- Views: 15685
Re: Move to Postfix install checklist.
Some tips for any Postfix installation (different than OS defaults): - Set secure smtpd_banner, do not leak program/version info. - Enable optimistic encryption via smtp_tls_security_level. - Configure your own certificate via smtpd_tls_cert_file - Disable weak ciphers for TLS encryption in Postfix ...
- Sun Aug 16, 2015 11:23 am
- Forum: OpenVAS
- Topic: OpenVAS package broken - missing dependency
- Replies: 11
- Views: 17614
Re: OpenVAS package broken - missing dependency
libksba is in the base repo of RHEL 7.
- Fri Aug 14, 2015 10:29 am
- Forum: PHP Help and Discussion
- Topic: PHP 5.4.44, 5.5.28 and PHP 5.6.12
- Replies: 8
- Views: 13866
Re: PHP 5.4.44, 5.5.28 and PHP 5.6.12
<Abour Remi> Each version of PHP gets its own repo so you're always installing php RPMs and not something hacky like php56 Remi actually provides both methods: overwriting base php packages, or SCL-like additional php55/php56 packages. And, using different package names when overwriting EL stock pa...
- Fri Aug 14, 2015 4:21 am
- Forum: PHP Help and Discussion
- Topic: PHP 5.4.44, 5.5.28 and PHP 5.6.12
- Replies: 8
- Views: 13866
Re: PHP 5.4.44, 5.5.28 and PHP 5.6.12
I vote for removing PHP out of the Atomic repository. For one, I am not using it anymore for a long while, because I believe there are too many QA issues (see repeating tickets re. missing or wrong dependencies) and the update latency is too high, sometimes weeks. IMHO there are better repos for (al...