How to optimize CloudLinux OS limits – Presentation

very nice

There are several contradictions here. They suggest not to set anything below one core, but we never had a problem on some servers even with 25% which is suggested as default in the documentation and with new installations. Even 10% works fine for most websites if your processors are fast enough, but I would not suggest using anything below that as indeed it will cause more load. 50% or half a core on a multi-core server with extremely powerful chips is overkill.

There is something seriously wrong if a website is consuming that unless you are charging for it. CloudLinux is suggesting higher and higher limits over time which actually neglects the whole purpose of having LVE on a server. If you allow one core per user, it only takes a few accounts to take a server down and usually, when there is a new WordPress vulnerability out, multiple accounts are usually attacked the same day and same hour, so traffic spikes happen simultaneously. Some suggestions here are overkill unless you are running 64 core servers and only host 100 sites per server.

They also suggest leaving NPROC limits at 100. This is also seriously wrong in my experience. NPROC will usually be higher than EP but only by a very small margin. So if a user is hitting 10 EP (entry process) they will usually have 12 NPROC running which should be closed just as fast as incoming process. The number that controls how many processes a user can have is actually NPROC. We had for example, users that had some web game running, the entry process where never over 15 but their running process where over 150 and it caused a decent load on the machine (8 cores). EP had absolutely no effect to stabilize the account, even when set to 5, the user would still have over 100+ process running. Once you set the limit in NPROC, the load dropped and the user process where limited correctly. The only way to limit the process was using NPROC.

I am actually surprised CloudLinux suggest 100 processes here per user. This is seriously wrong with a web site. A user should never have so many running processes. They even say it is safe to increase it to 1000!!! They contradict themselves several times in the video about limits.

I would advise a server admin to test and see what fits his server based on the hardware and type of users they have running. No magic number fits everyone. If you are running CloudLinux on a VPS or smaller server, even the default limits are too high for most users. Setting EP to the same number as NPROC should give you absolutely no troubles if your servers are properly configured in terms of Apache/PHP. A process should be closed in seconds, not minutes, so NPROC will never be high. And if its high, there is something wrong, so you surely don't want that setting at 100 or more.