From a6000e1bfa1c82664d574e5267dc6aa22e9580a2 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Sun, 27 Apr 2025 09:33:05 +0100 Subject: [PATCH] wiki: tune fpm in attempt to survive AI bot DDOS --- cookbooks/mediawiki/resources/site.rb | 4 ++-- cookbooks/wiki/recipes/default.rb | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb index 840016fa4..a7a23b913 100644 --- a/cookbooks/mediawiki/resources/site.rb +++ b/cookbooks/mediawiki/resources/site.rb @@ -51,7 +51,7 @@ property :fpm_max_children, :kind_of => Integer, :default => 5 property :fpm_start_servers, :kind_of => Integer, :default => 2 property :fpm_min_spare_servers, :kind_of => Integer, :default => 1 property :fpm_max_spare_servers, :kind_of => Integer, :default => 3 -property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 300 +property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 120 property :fpm_prometheus_port, :kind_of => Integer property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true @@ -476,7 +476,7 @@ action :create do request_terminate_timeout new_resource.fpm_request_terminate_timeout php_admin_values "open_basedir" => "#{site_directory}/:/usr/share/php/:/dev/null:/tmp/" php_values "memory_limit" => "500M", - "max_execution_time" => "240", + "max_execution_time" => "60", "upload_max_filesize" => "70M", "post_max_size" => "100M" prometheus_port new_resource.fpm_prometheus_port diff --git a/cookbooks/wiki/recipes/default.rb b/cookbooks/wiki/recipes/default.rb index 4daec683c..20a9bf5b8 100644 --- a/cookbooks/wiki/recipes/default.rb +++ b/cookbooks/wiki/recipes/default.rb @@ -34,10 +34,10 @@ mediawiki_site site_name do version node[:wiki][:mediawiki_version] - fpm_max_children 200 - fpm_start_servers 25 - fpm_min_spare_servers 25 - fpm_max_spare_servers 50 + fpm_max_children 300 + fpm_start_servers 50 + fpm_min_spare_servers 50 + fpm_max_spare_servers 150 fpm_prometheus_port 9253 database_name "wiki" -- 2.39.5