Project Konfigurasi Webserver Dengan Jumlah Visitor Yang Tinggi

Project Konfigurasi Webserver dengan Nginx + Https - - mungkin ini pengalaman yang dapat saya share kepada teman-teman followers

Diawal januari 2016 ada seorang sahabat menghubungi saya alasannya yaitu websitenya di suspend di daerah hosting yang ia sewa dan meminta proteksi untuk mencari solusinya alasannya yaitu aplikasi yang dipakai menciptakan server down, alasannya yaitu seluruh resource server terpakai. :ngerii.. dan memang aplikasi ini diakses oleh 1700member aktif yang login dan melaksanakan aktifitas didalamnya

Langsung saya order standard package VPS dengan kapasitas :

• HDD 100GB
• RAM 4GB
• Processor 6 Core

Saya coba koordinasikan kepada pihak hosting untuk dibantu membackup seluruh data web dan database supaya dapat didownload secara langsung.

Domain yang dipakai pribadi saya rubah A record www dengan IP VPS yang baru.

System Operasi :

 root@serv-01: # cat /etc/issue    Ubuntu 14.04.3 LTS \n \l     root@serv-01: # uname -a  Linux serv-01 3.19.0-25-generic #26 14.04.1-Ubuntu Sekolah Menengah Pertama Fri Jul 24 21:16:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux  root@serv-01: # 

Module PHP :

 root@serv-01: # dpkg -l |grep php5-    ii php5-apcu              4.0.2-2build1            amd64    APC User Cache for PHP 5    ii php5-cgi              5.5.9+dfsg-1ubuntu4.14       amd64    server-side, HTML-embedded scripting language (CGI binary)    ii php5-cli              5.5.9+dfsg-1ubuntu4.14       amd64    command-line interpreter for the php5 scripting language    ii php5-common             5.5.9+dfsg-1ubuntu4.14       amd64    Common files for packages built from the php5 source    ii php5-curl              5.5.9+dfsg-1ubuntu4.14       amd64    CURL module for php5    ii php5-fpm              5.5.9+dfsg-1ubuntu4.14       amd64    server-side, HTML-embedded scripting language (FPM-CGI binary)    ii php5-gd               5.5.9+dfsg-1ubuntu4.14       amd64    GD module for php5    ii php5-gmp              5.5.9+dfsg-1ubuntu4.14       amd64    GMP module for php5    ii php5-imap              5.4.6-0ubuntu5           amd64    IMAP module for php5    ii php5-json              1.3.2-2build1            amd64    JSON module for php5    ii php5-mcrypt             5.4.6-0ubuntu5           amd64    MCrypt module for php5    ii php5-memcache            3.0.8-4build1            amd64    memcache extension module for PHP5    ii php5-mysql             5.5.9+dfsg-1ubuntu4.14       amd64    MySQL module for php5    ii php5-readline            5.5.9+dfsg-1ubuntu4.14       amd64    Readline module for php5    ii php5-tidy              5.5.9+dfsg-1ubuntu4.14       amd64    tidy module for php5    ii php5-xmlrpc             5.5.9+dfsg-1ubuntu4.14       amd64    XML-RPC module for php5    ii php5-xsl              5.5.9+dfsg-1ubuntu4.14       amd64    XSL module for php5    root@serv-01: # 

Web Server :

 root@serv-01: # dpkg -l |grep apache2    ii apache2               2.4.7-1ubuntu4.9          amd64    Apache HTTP Server    ii apache2-bin             2.4.7-1ubuntu4.9          amd64    Apache HTTP Server (binary files and modules)    ii apache2-data            2.4.7-1ubuntu4.9          all     Apache HTTP Server (common files)    ii libapache2-mod-auth-mysql      4.3.9-13.1ubuntu3          amd64    Apache 2 module for MySQL authentication    ii libapache2-mod-php5         5.5.9+dfsg-1ubuntu4.14       amd64    server-side, HTML-embedded scripting language (Apache 2 module)   root@serv-01: # 

JavaScript :

 root@serv-01: # dpkg -l |grep libjs    ii libjs-codemirror          2.23-1               all     JavaScript editor interface for code-like content    ii libjs-jquery            1.7.2+dfsg-2ubuntu1         all     JavaScript library for dynamic web applications    ii libjs-jquery-cookie         8-2                 all     jQuery cookie plugin    ii libjs-jquery-event-drag       8-2                 all     jQuery Event Drag    ii libjs-jquery-metadata        8-2                 all     jQuery plugin for parsing metadata from elements    ii libjs-jquery-mousewheel       8-2                 all     jQuery Mousewheel Plugin    ii libjs-jquery-tablesorter      8-2                 all     Flexible client-side table sorting    ii libjs-jquery-ui           1.10.1+dfsg-1            all     JavaScript UI library for dynamic web applications    ii libjs-underscore          1.4.4-2ubuntu1           all     JavaScript's functional programming helper library    ii libjson-c2:amd64          0.11-3ubuntu1.2           amd64    JSON manipulation library - shared library    ii libjson0:amd64           0.11-3ubuntu1.2           amd64    JSON manipulation library (transitional package)   

Ada beberapa hambatan yang dialami ketika memakai Apache2 :

• CPU load disetiap core = full
• RAM usage = full

Saya coba melaksanakan beberapa tuneup configurasi pada apache2 dan mysql, upgrade core dan ram namun jadinya nihil, sehabis googling sana sini, bahwa sangat percuma dan percuma melaksanakan tuneup pada server ketika CPU Load full, tanpa kita mencari tau penyebab (akar permasalahan kenapa seluruh core full 100%)

Mungkin ini yang dirasakan pihak Hosting, bahwa server mereka down gara-gara aplikasi ini, yang memakan seluruh resource server. Hihi... :D

Akhirnya saya coba putuskan untuk beralih memakai Nginx, dari beberapa pengalaman yang pernah menggunakannya, bahwa Webserver satu ini lebih baik dibandingkan dengan apache2 (sempet gak percaya, tapi gak ada salahnya dicoba dengan minim pengetahuan apa itu Nginx). :D

Lanjut.

2 Minggu mencoba cari tau apa itu nginx, hingga pada forum-forum yang ada di luar negeri dan dalam negeri coba untuk dijajaki, dan dari kesimpulan yang saya baca ada beberapa hal yang harus dilakukan.

• Install Nginx dan php5-fpm
• apt-get install nginx php5-fpm
• Install SSL (Menggunakan Comodo)
• Lebih secure dan lebih elegan jikalau diakses.
  
  
• Tune file /etc/php5/fpm/pool.d/www.conf
• Untuk menghindari terjadinya "Bad Gateway"

Konfigurasi Nginx.Conf

 http        {       ....        fastcgi_buffers 8 16k;        fastcgi_buffer_size 32k;        fastcgi_connect_timeout 300;        fastcgi_send_timeout 300;        fastcgi_read_timeout 300;       ....       ....        access_log off;        error_log /dev/null crit;       ....       ....   

Konfigurasi SSL Nginx /etc/nginx/site-enable/default

 server {        listen         80;        server_name       www.mydomain.com;        rewrite ^ https://$host$request_uri? permanent;        root /home/uswebsite/public_html/;        index index.html index.htm index.php index2.html index1.html index.nginx-debian.html;        location / {            try_files $uri $uri/ /index.html;        }        location   \.php$ {            try_files $uri =404;            fastcgi_pass unix:/var/run/php5-fpm.sock;            fastcgi_index index.php;            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;            include fastcgi_params;            }    }   

  server {        listen         443 ssl;        server_name       www.mydomain.com;        ssl_certificate     /etc/nginx/ssl-dir/ssl-bundle.crt;        ssl_certificate_key   /etc/nginx/ssl-dir/mydomain.key;         #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;         #Disables all weak ciphers        ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDH    E-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384    :AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";         ssl_prefer_server_ciphers on;        root /home/uswebsite/public_html/;        index index.html index.htm index.php index2.html index1.html index.nginx-debian.html;        location / {            try_files $uri $uri/ /index.html;        }        location   \.php$ {            try_files $uri =404;            fastcgi_pass unix:/var/run/php5-fpm.sock;            fastcgi_index index.php;            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;            include fastcgi_params;            }    }   

Tune file /etc/php5/fpm/pool.d/www.conf

 ; The number of child processes to be created when pm is set to 'static' and the    ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.    ; This value sets the limit on the number of simultaneous requests that will be    ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.    ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP    ; CGI. The below defaults are based on a server without much resources. Don't    ; forget to tweak pm.* to fit your needs.    ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'    ; Note: This value is mandatory.    pm.max_children = 16    ; The number of child processes created on startup.    ; Note: Used only when pm is set to 'dynamic'    ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2    pm.start_servers = 2    ; The desired minimum number of idle server processes.    ; Note: Used only when pm is set to 'dynamic'    ; Note: Mandatory when pm is set to 'dynamic'    pm.min_spare_servers = 1    ; The desired maximum number of idle server processes.    ; Note: Used only when pm is set to 'dynamic'    ; Note: Mandatory when pm is set to 'dynamic'    pm.max_spare_servers = 3    ; The number of seconds after which an idle process will be killed.    ; Note: Used only when pm is set to 'ondemand'    ; Default Value: 10s    pm.process_idle_timeout = 3s;    ; The number of requests each child process should execute before respawning.    ; This can be useful to work around memory leaks in 3rd party libraries. For    ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.    ; Default Value: 0    pm.max_requests = 500   

Hasil Akhir 

Penggunaan memory yang kecil dan penggunaan core yang sangat stabil, lebih responsif , dan sangat terlihat terang perbedaannya, recomended banget.

Kedepan Nginx akan selalu saya gunakan dan pelajari lebih dalam, mengingat server-server berita/forum yang sudah ribuan visitornya memakai aplikasi ini sebagai web server andalan mereka.

Contoh detik.com

 aziz@Aziz: $ telnet detik.com 80    Trying 203.190.241.43...    Connected to detik.com.    Escape character is '^]'.    ehlo    HTTP/1.1 400 Bad Request    Server: nginx/id17    Date: Sun, 14 Feb 2016 09:19:01 GMT    Content-Type: text/html    Content-Length: 171    Connection: close    <html>    <head><title>400 Bad Request</title></head>    <body bgcolor="white">    <center><h1>400 Bad Request</h1></center>    <hr><center>nginx/id17</center>    </body>    </html>    Connection closed by foreign host.    aziz@Aziz: $    

Contoh kaskus.co.id

 aziz@Aziz: $ telnet kaskus.co.id 80    Trying 103.6.117.2...    Connected to kaskus.co.id.    Escape character is '^]'.    ehlo    HTTP/1.1 400 Bad Request    Server: nginx    Date: Sun, 14 Feb 2016 09:21:10 GMT    Content-Type: text/html    Content-Length: 166    Connection: close    <html>    <head><title>400 Bad Request</title></head>    <body bgcolor="white">    <center><h1>400 Bad Request</h1></center>    <hr><center>nginx</center>    </body>    </html>    Connection closed by foreign host.    aziz@Aziz: $    

Penggunaan Core dan RAM yang cukup stabil

Nginx,..? kerennss....!!!