Optimize CentminMod 2024 Version 140Beta AlmaLinux

Please fill in any relevant information that applies to you:

• CentOS Version: AlmaLinux 8?
• Centmin Mod Version Installed: 140.00beta01

Code (Text):

 cminfo versions

1st:
140.00beta01.b120 #Tue Sep 17 13:39:29 EDT 2024
..
last 10:
140.00beta01.b120 #Tue Sep 17 13:39:29 EDT 2024
140.00beta01.b120 #Tue Sep 17 14:04:11 EDT 2024
140.00beta01.b120 #Tue Sep 17 14:27:18 EDT 2024
140.00beta01.b139 #Fri Oct  4 03:15:44 EDT 2024

• Nginx Version Installed: 1.27.1

Code (Text):

nginx -v
nginx version: nginx/1.27.1 (170924-134256-almalinux8-kvm-6e9f456)

• PHP Version Installed: 8.1.29

Code (Text):

 php -v
PHP 8.1.26 (cli) (built: Sep 17 2024 14:12:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.26, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.26, Copyright (c), by Zend Technologies

• MariaDB MySQL Version Installed: 10.4

Code (Text):

 mysqladmin ver
mysqladmin  Ver 9.1 Distrib 10.4.34-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version          10.4.34-MariaDB
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 9 hours 1 min 55 sec

Threads: 17  Questions: 4783420  Slow queries: 5643  Opens: 298  Flush tables: 1  Open tables: 291  Queries per second avg: 147.114

• When was last time updated Centmin Mod code base ? : today

Persistent Config:

Code (Text):

cat /etc/centminmod/custom_config.inc
SELFSIGNEDSSL_ECDSA='y'
PHPFINFO='y'
PHP_OVERWRITECONF='n'
PYTHON_INSTALL_ALTERNATIVES='y'
MARCH_TARGETNATIVE='n'

Code (Text):

vmstat -s
      7111588 K total memory
      2923928 K used memory
      1879904 K active memory
      3818772 K inactive memory
       201596 K free memory
       238608 K buffer memory
      3747456 K swap cache
      2621436 K total swap
        92952 K used swap
      2528484 K free swap
      3101941 non-nice user cpu ticks
         2295 nice user cpu ticks
       328009 system cpu ticks
     12974865 idle cpu ticks
       102330 IO-wait cpu ticks
        63646 IRQ cpu ticks
        59877 softirq cpu ticks
        81714 stolen cpu ticks
     85183850 pages paged in
     57411100 pages paged out
        60813 pages swapped in
        90975 pages swapped out
     90475298 interrupts
     79666653 CPU context switches
   1727994375 boot time
        92111 forks
[CODEB]


[CODEB]
 lscpu
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              5
On-line CPU(s) list: 0-4
Thread(s) per core:  1
Core(s) per socket:  1
Socket(s):           5
NUMA node(s):        1
Vendor ID:           GenuineIntel
BIOS Vendor ID:      Red Hat
CPU family:          6
Model:               62
Model name:          Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
BIOS Model name:     RHEL 7.6.0 PC (i440FX + PIIX, 1996)
Stepping:            4
CPU MHz:             2799.998
BogoMIPS:            5599.99
Virtualization:      VT-x
Hypervisor vendor:   KVM
Virtualization type: full
L1d cache:           32K
L1i cache:           32K
L2 cache:            4096K
L3 cache:            16384K
NUMA node0 CPU(s):   0-4
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 cx16 pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust smep erms xsaveopt arat umip md_clear arch_capabilities

Nginx.conf

Code (Text):

user              nginx nginx;
worker_processes 2;
worker_priority -10;

worker_rlimit_nofile 520000;
timer_resolution 100ms;

pcre_jit on;
include /usr/local/nginx/conf/dynamic-modules.conf;


pid         logs/nginx.pid;

events {
    worker_connections  300000;
    accept_mutex off;
    accept_mutex_delay 200ms;
    use epoll;
    #multi_accept on;
}

http {
#limit_req_zone $binary_remote_addr zone=xwprpc:10m rate=30r/s;

 map_hash_bucket_size 128;
 map_hash_max_size 4096;
 server_names_hash_bucket_size 128;
 server_names_hash_max_size 2048;
 variables_hash_max_size 2048;

 resolver 127.0.0.1 valid=10m;
 resolver_timeout 10s;

#limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
#limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;

# sets Centmin Mod headers via headers more nginx module
# https://github.com/openresty/headers-more-nginx-module
# don't remove the first 2 lines as centmin mod checks to see if they're
# missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
# which is used to override the Server header to what you want = nginx
# and remove the X-Powered-By header + restart nginx service
# do not disable headers more nginx module itself as it's required for
# other centmin mod features like redis nginx level caching & letsencrypt
# integration in vhosts created by addons/acmetool.sh
more_set_headers "Server: nginx centminmod";
more_set_headers "X-Powered-By: centminmod";
#more_set_headers "Server: nginx";
#more_clear_headers "X-Powered-By";

# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site + setup cron job for command
# /usr/local/src/centminmod/tools/csfcf.sh auto
# run the auto command once to populate cloudflare ips
include /usr/local/nginx/conf/cloudflare.conf;
# uncomment incapsula.conf include if using incapsula for
# server and/or vhost site + setup cron job for command
# /usr/local/src/centminmod/tools/csfincapsula.sh auto
# run the auto command once to popular incapsula ips
#include /usr/local/nginx/conf/incapsula.conf;
include /usr/local/nginx/conf/maintenance.conf;
#include /usr/local/nginx/conf/vts_http.conf;
include /usr/local/nginx/conf/geoip.conf;
include /usr/local/nginx/conf/webp.conf;
include /usr/local/nginx/conf/ssl_include.conf;
#include /usr/local/nginx/conf/pagespeedadmin.conf;
include /usr/local/nginx/conf/fastcgi_param_https_map.conf;
include /usr/local/nginx/conf/redisupstream.conf;
include /usr/local/nginx/conf/wpcacheenabler_map.conf;
include /usr/local/nginx/conf/normalize_encoding.conf;
include /usr/local/nginx/conf/default_phpupstream.conf;

log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                ' "$connection" "$connection_requests" "$request_time"';

log_format  ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                ' "$connection" "$connection_requests" "$request_time"';

log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$host" sn="$server_name" '
                      'rt=$request_time '
                      'ua="$upstream_addr" us="$upstream_status" '
                      'ut="$upstream_response_time" ul="$upstream_response_length" '
                      'cs=$upstream_cache_status' ;

log_format main_json escape=json '{'
  '"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
  '"connection": "$connection", ' # connection serial number
  '"connection_requests": "$connection_requests", ' # number of requests made in connection
  '"pid": "$pid", ' # process pid
  '"request_id": "$request_id", ' # the unique request id
  '"request_length": "$request_length", ' # request length (including headers and body)
  '"remote_addr": "$remote_addr", ' # client IP
  '"remote_user": "$remote_user", ' # client HTTP username
  '"remote_port": "$remote_port", ' # client port
  '"time_local": "$time_local", '
  '"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
  '"request": "$request", ' # full path no arguments if the request
  '"request_uri": "$request_uri", ' # full path and arguments if the request
  '"args": "$args", ' # args
  '"status": "$status", ' # response status code
  '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
  '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
  '"http_referer": "$http_referer", ' # HTTP referer
  '"http_user_agent": "$http_user_agent", ' # user agent
  '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
  '"http_host": "$http_host", ' # the request Host: header
  '"server_name": "$server_name", ' # the name of the vhost serving the request
  '"request_time": "$request_time", ' # request processing time in seconds with msec resolution
  '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
  '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
  '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
  '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
  '"upstream_response_length": "$upstream_response_length", ' # upstream response length
  '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
  '"ssl_protocol": "$ssl_protocol", ' # TLS protocol
  '"ssl_session_reused": "$ssl_session_reused", ' # TLS session reused
  '"ssl_cipher": "$ssl_cipher", ' # TLS cipher only OpenSSL 3.0 supported
  '"ssl_curve": "$ssl_curve", ' # TLS curve OpenSSL 1.0.2+ supported
  '"ssl_curves": "$ssl_curves", ' # TLS curves
  '"scheme": "$scheme", ' # http or https
  '"request_method": "$request_method", ' # request method
  '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
  '"pipe": "$pipe", ' # “p” if request was pipelined, “.” otherwise
  '"gzip_ratio": "$gzip_ratio", '
  '"http_cf_ray": "$http_cf_ray", '
  '"http_cf_worker": "$http_cf_worker", '
  '"http_cf_request_id": "$http_cf_request_id", '
  '"http_cf_railgun": "$http_cf_railgun", '
  '"http_accept": "$http_accept"'
'}';

# only uncomment include line to enable it you have enabled ngx_brotli module
# which is disabled by default https://community.centminmod.com/threads/10688/
#include /usr/local/nginx/conf/log_format_brotli.conf;

access_log  off;
error_log   logs/error.log warn;

    index  index.php index.html index.htm;
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;

sendfile on;
sendfile_max_chunk 2m;
tcp_nopush  on;
tcp_nodelay on;
server_tokens off;
server_name_in_redirect off;

keepalive_timeout  30s;
keepalive_requests 100000;
lingering_time 20s;
lingering_timeout 5s;
keepalive_disable msie6;

gzip on;
gzip_vary   on;
gzip_disable msie6;
gzip_static on;
gzip_min_length   1400;
gzip_buffers      1024 8k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_proxied    any;
gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;

client_body_buffer_size 64k;
client_body_in_file_only off;
client_body_timeout 30s;
client_header_buffer_size 64k;
## how long a connection has to complete sending
## it's headers for request to be processed
client_header_timeout  30s;
client_max_body_size 1024m;
connection_pool_size  512;
directio  4m;
directio_alignment 512;
ignore_invalid_headers on;      
large_client_header_buffers 8 64k;
output_buffers   2 32k;
postpone_output  1460;
proxy_temp_path  /tmp/nginx_proxy/;
request_pool_size  32k;
reset_timedout_connection on;
send_timeout     60s;
types_hash_max_size 2048;

# for nginx proxy backends to prevent redirects to backend port
# port_in_redirect off;

open_file_cache max=50000 inactive=60s;
open_file_cache_valid 120s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
open_log_file_cache max=10000 inactive=30s min_uses=2;

## limit number of concurrency connections per ip to 16
## add to your server {} section the next line
## limit_conn limit_per_ip 16;
## uncomment below line allows 500K sessions
# limit_conn_log_level error;
#######################################
# use limit_zone for Nginx <v1.1.7 and lower
# limit_zone $binary_remote_addr zone=limit_per_ip:16m;
#######################################
# use limit_conn_zone for Nginx >v1.1.8 and higher
# limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
#######################################

 include /usr/local/nginx/conf/conf.d/*.conf;
}

---

Hi @eva2000
Sorry for bothering you

I recently moved from centos which it was working perfect for the past 3 years to almaLinux8 and installed latest beta version.
following the default installations, as i thought it auto optimize mysql php nginx based on server info per default

the find out it became slower and high cpu usage, and noticed nginx worker_processes set to 2 where it usually to auto

Can you please tell if there is a script to re-run or a the best optimization for v140
i didn't want to implement 130 optimization as most of them for centos and afraid to break things

should i follow this post ?
https://blog.centminmod.com/2019/07/15/117/centmin-mod-advanced-customised-installation-guide/

thank you

Thank you for your time