Atomicorp

What is the load bottleneck? RAM, CPU, disk (iowait)? Figure that out, and start from there.

By the way, your MySQL server configuration looks pretty wacko. Of course, I do not know your exact work load, but I dare to question how you came up with these settings.

At the least, disable the general query log!

Further optimisations really depend on the type of work load, hardware specs and storage engine.

i have to respectfully disagree, a local socket to a local process is always going to be faster than a remote network query. I did say that the network latency to a remote server should be higher if compared to using a local server. However, relatively the most time will be consumed by resolving th...

Thanks for the clarification. but can I enable it when I use non local, but a DNS server on the LAN (google compute engine)? You'll have to test their DNS servers yourself to see if they are fast enough for your needs. We recommend you run a local DNS resolver, they are always faster than a network...

taenzerme wrote:[...] I did some benchmarks and testing and as expected nginx + mod_security still outperforms Apache under higher load.

That depends on your setup. I have seen incredibly good results with Apache 2.4 and mpm_event.

Allowing url_fopen is very unsafe. More so because it is usually used by poorly written scripts. Using the cURL functions is a fine alternative.

There really is no sane reason to keep allow_url_fopen enabled.

Yes, the ASL web server is just Apache httpd, see /var/asl/etc/httpd/conf.d/ssl.conf.

Apache 2.2 (CentOS 6 stock) with mod_rpaf (Atomic): https://github.com/gnif/mod_rpaf <IfModule mod_rpaf.c> # Apache 2.2 with extra module RPAF_Enable On # Only set the real IP from trusted proxies RPAF_ProxyIPs 127.0.0.1 RPAF_Header X-Forwarded-For # Do not further modify context (for standardized ...

will this fix the client getting the CA message being invalid? Basically they don't have one and the serve3r is selfsigned. for the mail IP address? Do I have to create a selfsigned cert for each domain on this shared IP in each domain panel? You can only install one server certificate via Postfix,...

Why not put a requirement on the EPEL repo? That may be much better than duplicating packages, and consequently overriding them because of the priorities setup in the Atomic repo config, and having the risk of Atomic forgetting to update when EPEL updates that package.

Hi Scott,

There are libwebp packages in the Atomic repo with the same version as in EPEL. Is there a good reason for overriding the packages in EPEL?

Some tips for any Postfix installation (different than OS defaults): - Set secure smtpd_banner, do not leak program/version info. - Enable optimistic encryption via smtp_tls_security_level. - Configure your own certificate via smtpd_tls_cert_file - Disable weak ciphers for TLS encryption in Postfix ...

libksba is in the base repo of RHEL 7.

<Abour Remi> Each version of PHP gets its own repo so you're always installing php RPMs and not something hacky like php56 Remi actually provides both methods: overwriting base php packages, or SCL-like additional php55/php56 packages. And, using different package names when overwriting EL stock pa...

I vote for removing PHP out of the Atomic repository. For one, I am not using it anymore for a long while, because I believe there are too many QA issues (see repeating tickets re. missing or wrong dependencies) and the update latency is too high, sometimes weeks. IMHO there are better repos for (al...