From 7f6b37ea4d315e3a0889601d156ea1b6692b33bd Mon Sep 17 00:00:00 2001 From: Daenney Date: Sun, 21 Jan 2024 11:35:52 +0100 Subject: [PATCH] [docs] Updates for DB, swap and HTTP/2 on nginx (#2547) * [docs] Add warning about DBs on network storage * [docs] Mention tuning swappiness on Linux * [docs] Mention enabling HTTP/2 on nginx --- docs/getting_started/index.md | 11 +++++++++++ docs/getting_started/reverse_proxy/nginx.md | 7 +++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/getting_started/index.md b/docs/getting_started/index.md index c01e1d37e..98b9a7251 100644 --- a/docs/getting_started/index.md +++ b/docs/getting_started/index.md @@ -12,6 +12,11 @@ Before deploying GoToSocial, it's important to think through a few things as som GoToSocial supports both SQLite and Postgres and you can start using either. We do not currently have tooling to support migrating from SQLite to Postgres or vice-versa, but it is possible in theory. +For databases to perform properly, they should be run on fast storage that operates with low and stable latency. It is possible to run databases on network attached storage, but this adds variable latency and network congestion to the mix, as well as potential I/O contention on the origin storage. + +!!! danger + The performance of Hetzner Cloud Volumes is not guaranteed and seems to have very volatile latency. You're going to have a bad time running your database on those with extremely poor query performance for even the most basic operations. Before filing performance issues against GoToSocial, make sure the problems reproduce with local storage. + SQLite is great for a single-user instance. If you're planning on hosting multiple people it's advisable to use Postgres instead. You can always use Postgres regardless of the instance size. !!! tip @@ -97,6 +102,12 @@ Unless you're experienced in doing this kind of tuning and troubleshooting the i * less than 2GB of RAM: swap = RAM × 2 * more than 2GB of RAM: swap = RAM, up to 8G +Linux swaps pretty early. This tends to not be necessary on servers and in the case of databases can cause unnecessary latency. Though it's good to let your system swap if it needs to, it can help to tell it to be a little more conservative about how early it swaps. Configuring this on Linux is done by changing the `vm.swappiness` [sysctl][sysctl] value. + +By default it's `60`. You can lower that to `10` for starters and keep an eye out. It's possible to run with even lower values, but it's likely unnecessary. To make the value persistent, you'll need to drop a configuration file in `/etc/sysctl.d/`. + +[sysctl]: https://man7.org/linux/man-pages/man8/sysctl.8.html + ### Memory and CPU limits It is possible to limit the amount of memory or CPU your GoToSocial instance can consume. Doing so can be done on Linux using [CGroups v2 resource controllers][cgv2]. diff --git a/docs/getting_started/reverse_proxy/nginx.md b/docs/getting_started/reverse_proxy/nginx.md index 2cfd9020a..c223274b2 100644 --- a/docs/getting_started/reverse_proxy/nginx.md +++ b/docs/getting_started/reverse_proxy/nginx.md @@ -2,6 +2,9 @@ In order to use NGINX as a reverse proxy for GoToSocial you'll need to have it installed on your server. If you intend for the NGINX instance to also handle TLS, you'll need to [provision TLS certificates](../../advanced/certificates.md) too. +!!! tip + Enable HTTP/2 in nginx by including `http2` in the `listen` directives. This can speed up the experience for clients. Browsers do not support HTTP/2 over plain text, so this should only be added to `listen` directives for port `443` that also include the `ssl` directive. + NGINX is [packaged for many distributions](https://repology.org/project/nginx/versions). It's very likely you can install it with your distribution's package manager. You can also run NGINX using a container runtime with the [official NGINX image](https://hub.docker.com/_/nginx) that's published to the Docker Hub. In this guide we'll also show how to use certbot to provision the TLS certificates. It too is [packaged in many distributions](https://repology.org/project/certbot/versions) but many distributions tend to ship fairly old versions of certbot. If you run into trouble it may be worth considering using the [container image](https://hub.docker.com/r/certbot/certbot) instead. @@ -159,8 +162,8 @@ server { } client_max_body_size 40M; - listen [::]:443 ssl ipv6only=on; # managed by Certbot - listen 443 ssl; # managed by Certbot + listen [::]:443 ssl ipv6only=on http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot