Friday, July 21, 2017

HHVM Tuning

  • Disabling The Typechecker:

HHVM automatically runs the typechecker - this is useful in development, but assuming you have it running in your development workflow and in your CI system, there is not much additional benefit to running it in production, and the increased memory usage can be costly in production. To disable it, add the following to /etc/hhvm/server.ini:



  • Switch to UNIX socket inside of port for fastcgi mode:

HHVM is considered for environments under heavy load so the first configuration change you can do is to make HHVM listen to a socket instead of a TCP port. Thus, the communication between Nginx and HHVM will require less CPU and memory.

Add this to: /etc/hhvm/server.ini

; hhvm.server.port = 9000

I also common out the port line to increase a bit of security.

Then change the Nginx config to hhvm as well:

fastcgi_pass unix:/var/run/hhvm/hhvm.sock;

  • Tweaking Memory:

By default the memory_limit is equal to 17179869184 bytes, which is 16 GB.
Such a high memory resource limit will certainly kill a server with a few GB of RAM, making it unresponsive.
I decrease this value to 500 MB for a 1 GB memory Server:

Add this to: /etc/hhvm/php.ini

memory_limit = 500M

Restart to apply the changes:

service hhvm restart
service nginx restart


  • A much more pushed example for a bigger server:

; php options
pid = /var/run/hhvm/

; hhvm specific
; hhvm.server.port = 9000
hhvm.server.file_socket= /var/run/hhvm/hhvm.sock
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php

; logging settings
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error.log
hhvm.log.header = true
hhvm.log.level = Warning
hhvm.log.always_log_unhandled_exceptions = true
hhvm.log.runtime_error_reporting_level = 8191

hhvm.mysql.typed_results = false
hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc
hhvm.server.source_root = /var/www/html

; php compatibility
hhvm.server.allow_duplicate_cookies = 0
hhvm.enable_obj_destruct_call = 1
hhvm.enable_zend_sorting = 1
hhvm.enable_zend_compat = 1

; logging
hhvm.log.admin_log.file = /var/log/hhvm/admin.log

; admin server

hhvm.admin_server.password = xxx

hhvm.admin_server.port = 8088
hhvm.admin_server.thread_count = 1

; required for magento2
hhvm.libxml.ext_entity_whitelist = "file"

; apc
hhvm.server.apc.enable_apc = true

; jit
hhvm.jit = true
hhvm.jit_warmup_requests = 5

; debugger
hhvm.debugger.enable_debugger = false
hhvm.debugger.enable_debugger_server = false
hhvm.debugger.default_sandbox_path = /var/www/html

hhvm.enable_zend_ini_compat = false



Sunday, July 16, 2017

Ubuntu Server 16.04 firewall UFW configure

Ubuntu using UFW, I found it is easy to config for most of the people.

Here is my basic example configure:

First install ufw:
apt-get install ufw

Which also installed the iptables package.

Then check the status:

ufw status

Shout be disabled for fresh setup.

Next all my configure and enable ufw at the END:
ufw default deny incoming
ufw default allow outgoing
ufw allow 80
ufw allow 443
ufw allow from
ufw enable

Final status should looks like this:
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
Anywhere                   ALLOW IN
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)

Clean up Ubuntu Server 16.04 after installation

Just want share my first todo after a fresh new Ubuntu Server 16.04 installation:
apt purge ubuntu-server ubuntu-minimal
apt purge lvm2 mdadm plymouth lxd lxcfs snapd open-iscsi
apt purge snap-confine snapd ubuntu-core-launcher
apt purge lxc-common liblxc1 vlan
apt purge grub-legacy-ec2 lxd-client btrfs-tools
apt purge xfsprogs

Remember check the file list before remove it if you are not sure what the package does:
dpkg -L

I do this on a VM, therefor:

1.No require of LVM, because I just using the bare EXT4 filesystem.
2.MDadm for raid, no need for a VM.
3.LXD and SNAP, I don't need run vms inside this VM.
4.grub-legacy-ec2 is for Amazon EC2, since this is a VMware VM it can be purge.

Only do these if you know what you are doing, run by your own risk.

Please let me know if you have any questions.