MarkMaunder dot com

Slow lighttpd on Ubuntu 7.10 Gutsy Server with 200+ hits/sec?

aaaah you say. Finally, after many a Google search finally I found someone who understands my pain. I know you’re in a rush and I can’t stand people who love the sound of their typing either, so here’s how you fix this little problem.

If you have a brand new super fast server and a high traffic website (200+ requests per second) and you install lighttpd and it performs like a dog, try the following:

Add this to your /etc/sysctl.conf file:

net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1

net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.core.wmem_default = 16777216

net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

#Only enable these if you’re dumb enough to have netfilter connection tracking enabled
#net.ipv4.netfilter.ip_conntrack_max = 1048576
#net.nf_conntrack_max = 1048576

Then run

sysctl -p

Also make darn sure you don’t have netfilter’s conntrack modules enabled in the kernel. If you’re using shorewall on your lighttpd box this will probably be enabled. You can check if conntrack is enabled by checking if the file /proc/net/nf_conntrack exists. Also run lsmod and you’ll see a ton of modules starting with nf_contrack_

To get rid of conntrack if it’s enabled I would avoid rmmodding them – rather remove the app that enabled it and reboot the box just to keep things sane.

If you must insist in using conntrack then uncomment the last two lines in the sysctl.conf sample above.

Google the individual params above and you’ll find a ton of explanation on each.

Leave a Comment

Your email address will not be published. Required fields are marked *

My name is Mark Maunder. I've been blogging since around 2003 when I started on Movable Type and ended up on WordPress which is what I use to publish today. With my wife Kerry, I'm the co-founder of Wordfence which protects over 5 million WordPress sites from hackers and is run by a talented team of 36 people. I'm an instrument rated pilot and I fly a Cessna 206 along with a 1964 Cessna 172 in the Pacific Northwest and Colorado. I'm originally from Cape Town, South Africa but live in the US these days. I code in a bunch of languages and am quite excited about our emerging AI overlords and how they're going to be putting us to work for them.