DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default openbsd server optimization

Hi again.


How can I optimize the server for performance?

What files?

How can I check the server for heavy loads?




Thanks.
Reply With Quote
  #2   (View Single Post)  
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by barti View Post
How can I optimize the server for performance?
Please tell us what services your server provides.
Quote:
What files?
I don't understand the question.
Quote:
How can I check the server for heavy loads?
top(1), systat(1), iostat(8), vmstat(8)......and there are tools available as packages/ports.

For better answers, please ask specific questions.
Reply With Quote
  #3   (View Single Post)  
Old 29th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,907
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by barti View Post
How can I optimize the server for performance?
Although you didn't say whether you had already set up your server, or whether this is all hypothetical, the OpenBSD project doesn't advocate a lot of knob turning. So in response, what have you set up, & how are you measuring performance? What hardware is being used? Supply dmesg(8) output.

In general, no tweaking should be necessary.
Reply With Quote
  #4   (View Single Post)  
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default Static content apache server

www.rootbsd.com
vps package.

Can you recommend good vps hosting?


I will use apache and not nginx because apache is with base system.



for a moderate vps, how many people can surf the site together?
How can I check it with ab ?
How much RAM will I need?




Is there an openbsd checklist before going online?


--------------------------
What PF rules is it important to use?


Thanks again.
Reply With Quote
  #5   (View Single Post)  
Old 29th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,907
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by barti View Post
I will use apache and not nginx because apache is with base system.
Look at nginx(8).
Quote:
How much RAM will I need?
You have not disclosed any information about what will be running on the server, nor what kind/amount of resources will be consumed.
Quote:
Is there an openbsd checklist before going online?
Yes:
Code:
0.  Study the documentation.
1.  Think!
Quote:
What PF rules is it important to use?
  • What services will be running?
  • What is the network architecture?
Reply With Quote
  #6   (View Single Post)  
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by barti View Post
Static content apache server
OK.
Quote:

www.rootbsd.com
vps package.

Can you recommend good vps hosting?
To the best of my knowledge, VPS offerings have never been discussed here. I don't have any experience myself. However, this has been discussed on misc@ before. See http://marc.info/?t=130745549700006&r=1&w=2 for one example. RootBSD is mentioned in that particular discussion thread. You may find other discussions, just by searching.
Quote:
for a moderate vps, how many people can surf the site together?
You will have to ask this of your prospective vendors. Only they know the underlying hardware platforms and hypervisor OS and the performance of the guest platforms.
Quote:
How can I check it with ab ?
ab(1) is not part of the built-in Apache1.3. It is included as a component of the Apache2 package/port, apache-httpd. Should you choose apache-httpd, please note its install message, which I have reproduced here:
Code:
Install notice:
This is the official httpd distributed by the Apache Server Project,
provided as a port for those who, for various reasons, need to run
version 2. 

OpenBSD provides a custom Apache server, httpd(8), in the base system
which has been audited for security and may run in a chroot(2)
environment.  Users are STRONGLY encouraged to use the system httpd
rather than this port.
Quote:
How much RAM will I need?
That will depend upon your specific webserving requirements, which have not been described in sufficient detail.
Quote:
What PF rules is it important to use?
You will want to permit valid use of your web services, and prevent misuse or denial-of-service to them. See the "Stateful Processing" section of the PF User's Guide for tools to manage the latter, such as "overload" and "flush". In similar fashion, you will want to ensure you can manage your virtual server, so you will need to permit your own SSH access, and if you want your sshd service open to the Internet at large, you will want stateful processing to prevent misuse or bulk breakin attempts.

Any specific recommendations will require further information on your specific needs.

Quote:
Originally Posted by ocicat View Post
Look at nginx(8).
Barti, Ocicat wanted to point out to you that as of OpenBSD 5.1, nginx has been added to the base OS.
Quote:
You have not disclosed any information about what will be running on the server...
Well, we have some information, but only a little. We do know that it is intended to serve static web pages, but that is all. We don't know if those are from flat files or from a back end datatabase, nor do we know how many virtual webservers will be deployed. We also don't know anything about the underlying environment barti's service provider(s) deploy, or their impact on guest OSes.
Reply With Quote
  #7   (View Single Post)  
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

I didn't know nginx is on the base system.
I remember reading that people want it.
maybe on old forum post.

Good news!


Does running drupal site consume much more resources then normal static pages?

What about security with CMS systems?
Will I loose the openbsd protection?



I don't have the knowledge of running a server online with many people using it.
Reply With Quote
  #8   (View Single Post)  
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by barti View Post
Does running drupal site consume much more resources then normal static pages?
Of course. There is more work being performed.
Quote:
What about security with CMS systems?
Each usually has its own authentication/authorization scheme, which is usually unique.
Quote:
Will I loose the openbsd protection?
This is too general a question. What do you mean by "protection"? Applications that have their own authentication/authorization are outside the scope of the OS's authentication/authorization. But that does not stop applications from using OS "protection" features such as privilege separation, if they use them.

I recommend you think about application security and OS security as separate functions.
Quote:
I don't have the knowledge of running a server online with many people using it.
Then don't make any technical decisions until you have a well understood project scope and a clear set of objectives.

Start at the beginning. What service do you want to provide?
Reply With Quote
  #9   (View Single Post)  
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

This is why I choose openbsd, out of the box it is ready to go.


I heard that drupal is considered to be a bad security system.

Can you recommend another system?

I know that attacks will come above the base system applications.

Using drupal site will be much more heavy on RAM and a security risk.

Using a simple nginx with static content is much better for starters.
Reply With Quote
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

I will repeat...
Quote:
Originally Posted by jggimi View Post
.. don't make any technical decisions until you have a well understood project scope and a clear set of objectives.

Start at the beginning. What service do you want to provide?
Reply With Quote
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

Serving static content.

like openbsd.org


without the search window (dynamic).



simple , fast, secure.
Reply With Quote
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

1. Configure a test server.
2. As specific questions about your test server arise, ask.
3. When you have an environment you understand and can manage locally, practice managing it as if it were physically remote.
4. Once you are comfortable with remote operation and management, then you may contact your VPS vendors, ask them specific questions, and choose between them.
Reply With Quote
Old 29th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

I neglected to include:

5. Stop worrying about Drupal or other CMS applications, they are out of scope for your intended service.
Reply With Quote
Old 29th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

I think all I need is some PF rules.


Maybe some nginx performance issues also.
Reply With Quote
Old 29th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,907
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by barti View Post
I think all I need is some PF rules.
At their best, pf(4) rules need to be written to the specifics of the network in place. You will be placing yourself into a better position if you learn how to write them yourself. The best sources of information are:
Quote:
Maybe some nginx performance issues also.
Inclusion of nginx into base is still new. I have not seen traffic on the mailing lists covering usage. Searching for outside sources may be of (some) benefit.
Reply With Quote
Old 30th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default links

http://geodsoft.com/howto/harden/


---------
10 Security Steps Contents
http://geodsoft.com/howto/secten/

---------

CHECK LIST
http://geodsoft.com/howto/harden/OpenBSD/checklist.htm



-

Last edited by barti; 30th July 2012 at 02:20 PM.
Reply With Quote
Old 30th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

Third party guides and "how to" documents of all kinds are frowned upon by the OpenBSD Project. They are frequently out-of-date, often incorrect, if correct only applicable to a subset of user environments, and often written by justifiably proud newbies who may not understand the implications or limitations of what they have written.

In this case, you are referencing a guide that is more than 11 years old.

Here is a recent misc@ thread about another third party site which is very popular among newbies for OpenBSD "optimization" guidance. The thread begins here, and goes a very long way:

http://marc.info/?l=openbsd-misc&m=134327905918091&w=2


Last edited by jggimi; 30th July 2012 at 02:37 PM. Reason: clarity, fixed link
Reply With Quote
Old 30th July 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

I think this is true, but still there is some valuable theoretical information.
Reply With Quote
Old 30th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,830
Thanked 214 Times in 189 Posts
Default

Yet misinformation is still in active use, and wasting developers' time to handle questions from misled users.

See this post in the thread mentioned above.

http://marc.info/?l=openbsd-misc&m=134329119021374&w=2

Sometimes, I feel like this:

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh server on OpenBSD MarinosK OpenBSD General 4 16th February 2011 07:38 PM
How to build a OpenBSD server? fender0107401 OpenBSD Installation and Upgrading 6 15th October 2010 07:11 PM
Openbsd x terminal server wyginwys OpenBSD General 2 9th June 2010 12:11 PM
OpenBSD Xterminal Server jjjustjjjay OpenBSD General 0 17th April 2010 12:46 PM
FreeBSD Kernel Optimization komodo FreeBSD General 5 22nd June 2009 07:15 AM


All times are GMT. The time now is 09:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick