=====First, create the Universe...=====

In this guide, I'm just gonna do everything as root unless otherwise specified.

Install Debian, following the [[nndocs:initial|Naptastic Initial]] guide. During the install process:

  * De-select Graphical Desktop Environment and Laptop.
  * Select Web Server, SQL Database, and SSH server.


===== Apache =====

Apache is already installed by virtue of your having selected "Web Server" in the installer.

==== Change to a Threaded Multi-Process Module (MPM) ====

Change Apache to the Event MPM and install the development libraries

  * ''apt-get install apache2-mpm-event apache2-threaded-dev''

==== Enable mod_proxy_fcgi ====

  * ''a2enmod proxy_fcgi'' (something like that anyway. Tab-complete is your friend.)

==== Tune Apache ====

Find this section in /etc/apache2/mods-available/mpm_event.conf:

  <IfModule mpm_event_module>
      StartServers          2
      MinSpareThreads      25
      MaxSpareThreads      75 
      ThreadLimit          64
      ThreadsPerChild      25
      MaxClients          150
      MaxRequestsPerChild   0
  </IfModule>

Change it to look like this:

  <IfModule mpm_event_module>
      StartServers         2
      ServerLimit          16
      MaxClients         1024
      MinSpareThreads      32
      MaxSpareThreads      96 
      ThreadLimit          64
      ThreadsPerChild      64
      MaxRequestsPerChild   0
  </IfModule>

What we're doing here is tuning Apache to handle the largest possible number of simultaneous connections while consuming the least resources and producing the fewest errors.

''ThreadLimit'' and ''ThreadsPerChild'' are set to 64. This is a good value, and also convenient. On the Apache scoreboard, each line is 64 clients wide, so it makes it easier to read.

  # apache2ctl status
                 Apache Server Status for localhost (via 127.0.0.1)
  
     Server Version: Apache/2.4.62 (Debian) SVN/1.14.2 OpenSSL/3.0.14
            mod_perl/2.0.12 Perl/v5.36.0
  
     Server MPM: event
     Server Built: 2024-07-18T05:29:16
       __________________________________________________________________
  
     Current Time: Saturday, 14-Sep-2024 20:17:57 MDT
     Restart Time: Saturday, 14-Sep-2024 20:16:11 MDT
     Parent Server Config. Generation: 1
     Parent Server MPM Generation: 0
     Server uptime: 1 minute 45 seconds
     Server load: 0.24 0.16 0.06
     Total accesses: 8 - Total Traffic: 85 kB - Total Duration: 816
     CPU Usage: u.07 s.03 cu0 cs0 - .0952% CPU load
     .0762 requests/sec - 828 B/second - 10.6 kB/request - 102 ms/request
     1 requests currently being processed, 0 workers gracefully restarting,
            63 idle workers
  
  Slot PID  Stopping   Connections      Threads       Async connections
                     total accepting busy graceful idle writing keep-alive closing
  1    1343 no       0     yes       1    0        63   0       0          0
  Sum  1    0        0               1    0        63   0       0          0
  
  ................................................................
  ______________W_________________________________________________
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  ................................................................
  
     Scoreboard Key:
     "_" Waiting for Connection, "S" Starting up, "R" Reading Request,
     "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
     "C" Closing connection, "L" Logging, "G" Gracefully finishing,
     "I" Idle cleanup of worker, "." Open slot with no current process

''MaxClients'' needs to be equal to ''ThreadsPerChild'' * ''ServerLimit''.

''MinSpareThreads'' and ''MaxSpareThreads'' should not be multiples of ThreadLimit. That will lead to need to constant spawning and reaping of server processes, adding latency and wasting CPU time. If a server is very busy, or traffic is very spiky, these are the values you want to increase first.

== Timeout ==

Then find the ''Timeout'' variable and change it to 15 instead of 300. This is how long Apache will wait for a new connection to send a request before giving up on it. Having it so long allows attackers to just saturate the server with new connections. Lowering it makes that kind of attack more difficult. (20 times more difficult, to be precise.) Having a very short timeout set increases the risk of errors for users on slow connections, or with slow applications. Users are not especially patient; I can imagine someone waiting 15 seconds for a website to respond, but not 300, and if my connection or application is that slow, it probably should just fail.

== KeepAlive ==

Make sure KeepAlive is turned on.

==== MySQL ====

  * ''apt-get -y install mysql-server mysql-client''

Since Debian Buster, I haven't needed a .my.cnf. If you need it, the format of ~/.my.cnf is as follows:

  [client]
  user="root"
  password="password"

You can create a .my.cnf file in any user's home directory so they can do mysql stuff from the shell without having to constantly supply their MySQL username and password.

  * Don't give users the root password or grant them privileges on *.*.
  * chmod 600