Slow lighttpd on Ubuntu 7.10 Gutsy Server with 200+ hits/sec?

aaaah you say. Finally, after many a Google search finally I found someone who understands my pain. I know you’re in a rush and I can’t stand people who love the sound of their typing either, so here’s how you fix this little problem.

If you have a brand new super fast server and a high traffic website (200+ requests per second) and you install lighttpd and it performs like a dog, try the following:

Add this to your /etc/sysctl.conf file:

net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1

net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.core.wmem_default = 16777216

net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

#Only enable these if you’re dumb enough to have netfilter connection tracking enabled
#net.ipv4.netfilter.ip_conntrack_max = 1048576
#net.nf_conntrack_max = 1048576

Then run

sysctl -p

Also make darn sure you don’t have netfilter’s conntrack modules enabled in the kernel. If you’re using shorewall on your lighttpd box this will probably be enabled. You can check if conntrack is enabled by checking if the file /proc/net/nf_conntrack exists. Also run lsmod and you’ll see a ton of modules starting with nf_contrack_

To get rid of conntrack if it’s enabled I would avoid rmmodding them – rather remove the app that enabled it and reboot the box just to keep things sane.

If you must insist in using conntrack then uncomment the last two lines in the sysctl.conf sample above.

Google the individual params above and you’ll find a ton of explanation on each.