From 5eea81e40f8fbd6e4d1b3aacfedc161a8937387a Mon Sep 17 00:00:00 2001 From: DO Server Backup Date: Wed, 17 Jun 2026 19:21:50 +0000 Subject: [PATCH] =?UTF-8?q?config:=20raise=20LSAPI=20children=20limit=2010?= =?UTF-8?q?=E2=86=9225=20on=20JARVIS=20vhost=20and=20global=20handler?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Deadlocked twice today (2026-06-17) under AutoSSL + concurrent load. jarvis.orbishosting.com extProcessor jarvi5150: maxConns 10→25, LSAPI_CHILDREN 10→25. Global lsphp handler: same. With ~40MB/worker and 1.1GB free RAM, 25 workers peaks at ~1GB. Co-Authored-By: Claude Sonnet 4.6 --- infra/httpd_config.conf | 439 ++++++++++++++++++ ols-vhosts/jarvis.orbishosting.com/vhost.conf | 4 +- 2 files changed, 441 insertions(+), 2 deletions(-) create mode 100755 infra/httpd_config.conf diff --git a/infra/httpd_config.conf b/infra/httpd_config.conf new file mode 100755 index 0000000..0f403fe --- /dev/null +++ b/infra/httpd_config.conf @@ -0,0 +1,439 @@ +# +# PLAIN TEXT CONFIGURATION FILE +# + +# If not set, will use host name as serverName +serverName +user nobody +group nogroup +priority 0 +autoRestart 1 +chrootPath / +enableChroot 0 +inMemBufSize 60M +swappingDir /tmp/lshttpd/swap +autoFix503 1 +gracefulRestartTimeout 300 +mime conf/mime.properties +showVersionNumber 0 +adminEmails root@localhost +autoSSL 1 +acmeEmail admin@cyberpanel.net +indexFiles index.html, index.php +disableWebAdmin 0 + +errorlog logs/error.log { + logLevel DEBUG + debugLevel 0 + rollingSize 10M + enableStderrLog 1 +} + +accessLog logs/access.log { + rollingSize 10M + keepDays 30 + compressArchive 0 + logReferer 1 + logUserAgent 1 +} + +expires { + enableExpires 1 + expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800 +} + +tuning{ + maxConnections 10000 + maxSSLConnections 10000 + connTimeout 300 + maxKeepAliveReq 10000 + smartKeepAlive 0 + keepAliveTimeout 5 + sndBufSize 0 + rcvBufSize 0 + gzipStaticCompressLevel 6 + gzipMaxFileSize 10M + eventDispatcher best + maxCachedFileSize 4096 + totalInMemCacheSize 20M + maxMMapFileSize 256K + totalMMapCacheSize 40M + useSendfile 1 + fileETag 28 + SSLCryptoDevice null + maxReqURLLen 32768 + maxReqHeaderSize 65536 + maxReqBodySize 2047M + maxDynRespHeaderSize 32768 + maxDynRespSize 2047M + enableGzipCompress 1 + enableBrCompress 4 + enableDynGzipCompress 1 + gzipCompressLevel 6 + brStaticCompressLevel 6 + compressibleTypes default + gzipAutoUpdateStatic 1 + gzipMinFileSize 300 + + quicEnable 1 + quicShmDir /dev/shm + +} + +accessDenyDir{ + dir / + dir /etc/* + dir /dev/* + dir conf/* + dir admin/conf/* +} + +fileAccessControl{ + followSymbolLink 1 + checkSymbolLink 0 + requiredPermissionMask 000 + restrictedPermissionMask 000 +} + +perClientConnLimit{ + staticReqPerSec 0 + dynReqPerSec 0 + outBandwidth 0 + inBandwidth 0 + softLimit 10000 + hardLimit 10000 + gracePeriod 15 + banPeriod 300 +} + +CGIRLimit{ + maxCGIInstances 20 + minUID 11 + minGID 10 + priority 0 + CPUSoftLimit 10 + CPUHardLimit 50 + memSoftLimit 2047M + memHardLimit 2047M + procSoftLimit 400 + procHardLimit 450 +} + +accessControl{ + allow ALL + deny +} + +extProcessor lsphp{ + type lsapi + address uds://tmp/lshttpd/lsphp.sock + maxConns 25 + env PHP_LSAPI_CHILDREN=25 + env LSAPI_AVOID_FORK=200M + initTimeout 60 + retryTimeout 0 + persistConn 1 + pcKeepAliveTimeout + respBuffer 0 + autoStart 1 + path lsphp83/bin/lsphp + backlog 100 + instances 1 + priority 0 + memSoftLimit 0 + memHardLimit 0 + procSoftLimit 1400 + procHardLimit 1500 +} + +scriptHandler{ + add lsapi:lsphp php +} + +railsDefaults{ + binPath + railsEnv 1 + maxConns 1 + env LSAPI_MAX_IDLE=60 + initTimeout 60 + retryTimeout 0 + pcKeepAliveTimeout 60 + respBuffer 0 + backlog 50 + runOnStartUp 3 + extMaxIdleTime 300 + priority 3 + memSoftLimit 0 + memHardLimit 0 + procSoftLimit 500 + procHardLimit 600 +} + +wsgiDefaults{ + binPath + railsEnv 1 + maxConns 5 + env LSAPI_MAX_IDLE=60 + initTimeout 60 + retryTimeout 0 + pcKeepAliveTimeout 60 + respBuffer 0 + backlog 50 + runOnStartUp 3 + extMaxIdleTime 300 + priority 3 + memSoftLimit 0 + memHardLimit 0 + procSoftLimit 500 + procHardLimit 600 +} + +nodeDefaults{ + binPath + railsEnv 1 + maxConns 5 + env LSAPI_MAX_IDLE=60 + initTimeout 60 + retryTimeout 0 + pcKeepAliveTimeout 60 + respBuffer 0 + backlog 50 + runOnStartUp 3 + extMaxIdleTime 300 + priority 3 + memSoftLimit 0 + memHardLimit 0 + procSoftLimit 500 + procHardLimit 600 +} + +virtualHost Example{ + vhRoot Example/ + allowSymbolLink 1 + enableScript 1 + restrained 1 + maxKeepAliveReq + smartKeepAlive + setUIDMode 0 + chrootMode 0 + configFile conf/vhosts/Example/vhconf.conf +} + +listener Default{ + map mail.jarvis.orbishosting.com mail.jarvis.orbishosting.com + map jarvis.orbishosting.com jarvis.orbishosting.com + map orbis.orbishosting.com orbis.orbishosting.com + map mail.parkerslingshotrentals.com mail.parkerslingshotrentals.com + map parkerslingshotrentals.com parkerslingshotrentals.com + map mail.tomsjavajive.com mail.tomsjavajive.com + map tomsjavajive.com tomsjavajive.com + map mail.epictravelexpeditions.com mail.epictravelexpeditions.com + map epictravelexpeditions.com epictravelexpeditions.com + map mail.orbishosting.com mail.orbishosting.com + map orbishosting.com orbishosting.com + map mail.tomtomgames.com mail.tomtomgames.com + map tomtomgames.com tomtomgames.com + address *:80 + secure 0 +} + +vhTemplate centralConfigLog{ + templateFile conf/templates/ccl.conf + listeners Default +} + +vhTemplate EasyRailsWithSuEXEC{ + templateFile conf/templates/rails.conf + listeners Default +} + +module cache { + ls_enabled 1 + + checkPrivateCache 1 + checkPublicCache 1 + maxCacheObjSize 10000000 + maxStaleAge 200 + qsCache 1 + reqCookieCache 1 + respCookieCache 1 + ignoreReqCacheCtrl 1 + ignoreRespCacheCtrl 0 + + enableCache 0 + expireInSeconds 3600 + enablePrivateCache 0 + privateExpireInSeconds 3600 + +} + + +module cyberpanel_ols { + ls_enabled 1 +} +virtualHost tomtomgames.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} + +listener SSL { + map mail.jarvis.orbishosting.com mail.jarvis.orbishosting.com + map jarvis.orbishosting.com jarvis.orbishosting.com + map mail.tomtomgames.com mail.tomtomgames.com + map orbis.orbishosting.com orbis.orbishosting.com + map mail.parkerslingshotrentals.com mail.parkerslingshotrentals.com + map parkerslingshotrentals.com parkerslingshotrentals.com + map mail.tomsjavajive.com mail.tomsjavajive.com + map tomsjavajive.com tomsjavajive.com + map mail.epictravelexpeditions.com mail.epictravelexpeditions.com + map epictravelexpeditions.com epictravelexpeditions.com + map mail.orbishosting.com mail.orbishosting.com + map orbishosting.com orbishosting.com + address *:443 + secure 1 + keyFile /etc/letsencrypt/live/tomtomgames.com/privkey.pem + certFile /etc/letsencrypt/live/tomtomgames.com/fullchain.pem + certChain 1 + sslProtocol 24 + enableECDHE 1 + renegProtection 1 + sslSessionCache 1 + enableSpdy 15 + enableStapling 1 + ocspRespMaxAge 86400 + map tomtomgames.com tomtomgames.com +} + + +virtualHost mail.tomtomgames.com { + vhRoot /home/tomtomgames.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} + +listener SSL IPv6 { + map mail.jarvis.orbishosting.com mail.jarvis.orbishosting.com + map jarvis.orbishosting.com jarvis.orbishosting.com + map mail.tomtomgames.com mail.tomtomgames.com + map orbis.orbishosting.com orbis.orbishosting.com + map mail.parkerslingshotrentals.com mail.parkerslingshotrentals.com + map parkerslingshotrentals.com parkerslingshotrentals.com + map mail.tomsjavajive.com mail.tomsjavajive.com + map tomsjavajive.com tomsjavajive.com + map mail.epictravelexpeditions.com mail.epictravelexpeditions.com + map epictravelexpeditions.com epictravelexpeditions.com + map mail.orbishosting.com mail.orbishosting.com + map orbishosting.com orbishosting.com + address [ANY]:443 + secure 1 + keyFile /etc/letsencrypt/live/mail.tomtomgames.com/privkey.pem + certFile /etc/letsencrypt/live/mail.tomtomgames.com/fullchain.pem + certChain 1 + sslProtocol 24 + enableECDHE 1 + renegProtection 1 + sslSessionCache 1 + enableSpdy 15 + enableStapling 1 + ocspRespMaxAge 86400 + map mail.tomtomgames.com mail.tomtomgames.com +} + + +virtualHost orbishosting.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost mail.orbishosting.com { + vhRoot /home/orbishosting.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost epictravelexpeditions.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost mail.epictravelexpeditions.com { + vhRoot /home/epictravelexpeditions.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost tomsjavajive.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost mail.tomsjavajive.com { + vhRoot /home/tomsjavajive.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} + +module mod_security { +modsecurity on +modsecurity_rules ` +SecDebugLogLevel 0 +SecDebugLog /usr/local/lsws/logs/modsec.log +SecAuditEngine on +SecAuditLogRelevantStatus "^(?:5|4(?!04))" +SecAuditLogParts AFH +SecAuditLogType Serial +SecAuditLog /usr/local/lsws/logs/auditmodsec.log +SecRuleEngine On +` +modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf +} +virtualHost parkerslingshotrentals.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost mail.parkerslingshotrentals.com { + vhRoot /home/parkerslingshotrentals.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost orbis.orbishosting.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost jarvis.orbishosting.com { + vhRoot /home/$VH_NAME + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} +virtualHost mail.jarvis.orbishosting.com { + vhRoot /home/jarvis.orbishosting.com + configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf + allowSymbolLink 1 + enableScript 1 + restrained 1 +} diff --git a/ols-vhosts/jarvis.orbishosting.com/vhost.conf b/ols-vhosts/jarvis.orbishosting.com/vhost.conf index ea05e7a..6b8aa11 100755 --- a/ols-vhosts/jarvis.orbishosting.com/vhost.conf +++ b/ols-vhosts/jarvis.orbishosting.com/vhost.conf @@ -33,8 +33,8 @@ scripthandler { extprocessor jarvi5150 { type lsapi address UDS://tmp/lshttpd/jarvi5150.sock - maxConns 10 - env LSAPI_CHILDREN=10 + maxConns 25 + env LSAPI_CHILDREN=25 initTimeout 600 retryTimeout 0 persistConn 1