July 26, 2012 at 09:00Improving the security of the web application stack (LAMP virtualization, step 3/6)
- Transfer
Configure Memcached Caching Server
Let's move on to the third practical lesson in the series and talk about setting up a Memcached server.
Memcached can speed up working with databases on a dynamic web site. It should be deployed on a trusted network, where vm01 and vm02 clients can freely connect to our server. You will need to enter the following commands on vm03 with the IP address 192.168.1.12 .
Install Memcached Server on vm03
Enter the following yum manager command to install the Memcached server on RHEL-like operating systems:
# yum install -y memcached
Install Memcached client on vm01 and vm02
You may need to install one of the following packages on vm01 and vm02 virtual machines (php5 + Apache / Lighttpd server):
- Perl-Cache-Memcached: Perl client (library) for working with Memcached server.
- Python-Memcached: Python client (library) for working with a Memcached server.
- PHP-PECL-Memcache: PHP extensions for working with a Memcached server.
Memcached setup
Edit the configuration file / etc / sysconfig / memcached by entering the following command:
# vi /etc/sysconfig/memcached
Setting example:
PORT="11211";
USER="memcached";
MAXCONN="1024";
CACHESIZE="512";
## make sure we accept connection from vm01 and vm02 on 192.168.1.12:11211
OPTIONS="-l 192.168.1.12 -L"
Save and close the file. Launch the memcached server:
# chkconfig memcached on
# /sbin/service memcached start
We will edit the configuration file / etc / sysconfig / iptables and make sure that only the virtual servers vm01 and vm02 have the appropriate rights to connect to our server:
## открываем tcp/udp порты vm01 and vm02 для доступа к memcached-серверу ##
-A INPUT -m state --state NEW -s 192.168.1.10 -m tcp -p tcp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.11 -m udp -p udp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.10 -m udp -p udp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.11 -m tcp -p tcp --dport 11211 -j ACCEPT
Save and close the file. Restart the iptables service with the following command:
# /sbin/service iptables restart
# /sbin/iptables -L -v -n
Increasing file and port descriptor limits on vm03
For loaded memcached servers, increase the number of file descriptors and IP ports :
# Увеличить лимит дескрипторов файлов
fs.file-max = 50000
# Увеличить число IP-портов
net.ipv4.ip_local_port_range = 2000 65000
We apply the sysctl command so that the modified kernel parameters of the Linux system take effect:
# sysctl -p
Related materials:
- WordPress Install Memcached Object Cache Plugin To Speed Up Blog
- Memcached source installation for RHEL 5.x and older systems.
- Introduction
- Step # 1: Setup / Installation: NFS file server
- Step # 2: Setup / Installation: MySQL Database Server
- Step # 3: Setup / Installation: Memcached Caching Server
- Step # 4: Setup / Installation: Apache + php5 web server application
- Step # 5: Setup / Installation: Lighttpd Web Server for Static Assets
- Step # 6: Setup / Installation: Nginx reverse proxy server