On a side note, can I ask what security scanning service you're using? Richard
On Jan 14, 2014, at 4:16 AM, "S. Dale Morrey" <[email protected]> wrote: > I'm building an online service. I expect that this may have to scale to > tens of thousands of users. For the sake of having a drop dead simple > deployment. I decided to build the website front end on top of Drupal (the > service itself is linked to from the site, but is actually delivered by > node.js and thus wasn't part of this particular test). > > I have had all kinds of fun in the past with PHP/MySQL and even Drupal > vulnerabilities, so I decided to sign the site up for regular security > scanning. > The scanner just fired up for the first time and when it was complete my > site had essentially become non-responsive. (Strangely the security > scanner marked the site as having passed though) > > Logging in via SSH showed quite literally hundreds and hundreds of > <defunct> apache processes. I'm guessing that they were stress testing the > site and obviously the site fell down. > > What bothers me is that there were hundreds of apache processes just > sitting there dead. Since the box is only a single core with the ability > to use up to 2 in a burst type situation (Amazon EC2 t1.micro to be > exact). I don't really see the advantage of spinning up a whole new > process just to deal with a new connection. Seems like death by a thousand > paper cuts to me. > > I'm aware that node spins a new thread but not a new process. I would > think that apache would have a mode to do that as well. Is there any > advantage to 1 process per connection? Is there possibly a better > configuration I could try that would allow it handle the load better? > > I'm aware that if the website is going to be under regular heavy load that > there are some really important steps I can take such as serving static > content from a CDN, putting the site behind an autoscaling load balancer > etc. Those are in the works, but before I do all of that I want to make > sure I have the best apache config I can considering the hardware > limitations. This way we only scale once we've made the most effective use > of hardware. > > FYI the server is running Ubuntu 12.04 with all the latest updates > applied. Apache config is stock I'm even serving content right out of > /var/www. Same with PHP. The DB server is on it's own seperate instance > and is MySQL 5.6 managed by Amazon Simple RDS. > > Thanks in advance! > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
