测试hhvm性能

测试hhvm性能:

echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 30 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 10 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo 2 > /proc/sys/net/ipv4/tcp_keepalive_probes
echo 10000 63000 > /proc/sys/net/ipv4/ip_local_port_range
echo 1 >  /proc/sys/net/ipv4/tcp_syncookies
echo 2 >  /proc/sys/net/ipv4/tcp_synack_retries

echo 150000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 10 >  /proc/sys/net/ipv4/tcp_fin_timeout

ulimit -SHn 102400

CPU: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
内存: 4G

一. yii首页(不连数据库)

ab -n 20000 -c 100 ‘http://test.com/’
1. php-fpm不带opcache
第一次:
top – 11:32:00 up 22:25, 1 user, load average: 68.52, 20.99, 7.56
Requests per second: 210.26 [#/sec] (mean)
Time per request: 475.612 [ms] (mean)
Time per request: 4.756 [ms] (mean, across all concurrent requests)
Transfer rate: 555.41 [Kbytes/sec] received

第二次:
top – 11:34:31 up 22:28, 1 user, load average: 82.87, 39.94, 16.32

Requests per second: 206.72 [#/sec] (mean)
Time per request: 483.743 [ms] (mean)
Time per request: 4.837 [ms] (mean, across all concurrent requests)
Transfer rate: 546.08 [Kbytes/sec] received

2. phpfpm + xcache
第一次
top – 11:49:29 up 22:43, 1 user, load average: 14.50, 22.48, 20.74
Requests per second: 564.22 [#/sec] (mean)
Time per request: 177.235 [ms] (mean)
Time per request: 1.772 [ms] (mean, across all concurrent requests)
Transfer rate: 1490.45 [Kbytes/sec] received

第二次
Requests per second: 575.21 [#/sec] (mean)
Time per request: 173.851 [ms] (mean)
Time per request: 1.739 [ms] (mean, across all concurrent requests)
Transfer rate: 1519.46 [Kbytes/sec] received

php-fpm + opcache
第一次:
top – 11:58:49 up 22:52, 1 user, load average: 9.40, 8.52, 14.38
Requests per second: 1014.22 [#/sec] (mean)
Time per request: 98.598 [ms] (mean)
Time per request: 0.986 [ms] (mean, across all concurrent requests)
Transfer rate: 2679.17 [Kbytes/sec] received
第二次:
top – 11:59:43 up 22:53, 1 user, load average: 22.55, 12.22, 15.29
Requests per second: 946.65 [#/sec] (mean)
Time per request: 105.635 [ms] (mean)
Time per request: 1.056 [ms] (mean, across all concurrent requests)
Transfer rate: 2500.68 [Kbytes/sec] received

hhvm
第一次:
top – 11:53:38 up 22:47, 1 user, load average: 2.23, 14.72, 18.40
Requests per second: 2365.27 [#/sec] (mean)
Time per request: 42.278 [ms] (mean)
Time per request: 0.423 [ms] (mean, across all concurrent requests)
Transfer rate: 6261.97 [Kbytes/sec] received

第二次:
Requests per second: 2337.67 [#/sec] (mean)
Time per request: 42.778 [ms] (mean)
Time per request: 0.428 [ms] (mean, across all concurrent requests)
Transfer rate: 6188.89 [Kbytes/sec] received

二. wordpress首页(连数据库)
ab -n 5000 -c 100 ‘http://test.com/’
1. php-fpm

Requests per second: 35.90 [#/sec] (mean)
Time per request: 2785.251 [ms] (mean)
Time per request: 27.853 [ms] (mean, across all concurrent requests)
Transfer rate: 260.76 [Kbytes/sec] received

2. php-fpm + xcache

Requests per second: 89.28 [#/sec] (mean)
Time per request: 1120.118 [ms] (mean)
Time per request: 11.201 [ms] (mean, across all concurrent requests)
Transfer rate: 648.39 [Kbytes/sec] received

3. php-fpm + opcache

Requests per second: 138.40 [#/sec] (mean)
Time per request: 722.561 [ms] (mean)
Time per request: 7.226 [ms] (mean, across all concurrent requests)
Transfer rate: 1005.13 [Kbytes/sec] received

4. hhvm

Requests per second: 262.68 [#/sec] (mean)
Time per request: 380.698 [ms] (mean)
Time per request: 3.807 [ms] (mean, across all concurrent requests)
Transfer rate: 1907.73 [Kbytes/sec] received

总结:
php                     php + xcache                     php + opcache                hhvm

yii首页面(req/s)      208.49                 569.71                             980.43                        2351.47

wordpress首页(req/s) 35.9                89.28                                 138.40                            262.68

php中起始符

在看php的词法解释时候。翻了翻zend_language_scanner.l这个文件。。。。总结一下起始符:

1.
2. <%='hello'%> //开启短标记
3.
4. <% code;%> //开启短标记
5. //开启短标记
6.

raspberry pi当路由无痛翻墙。

最近用了shadowsocks(google play上叫’影棱’)。很爽。翻墙无压力。那么如何把这个东西部署在路由器上,利用透明代理,客户端零配置自动翻墙呢?

经过一番google。shadowsocks的作者已经开发了这个功能。

https://github.com/clowwindy/shadowsocks-libev

这个东西也可以安装在openwrt上。我是把它装在raspberry pi上,然后raspberr pi当无线路由用的。

1. 安装hostapd

需要找到一个支持’ap’功能的无线网卡。http://wireless.kernel.org/en/users/Drivers。这个页面过滤一下支持ap的驱动。然后再去网上找一块无线网卡。
我有两块支持ap的网卡。分别是:ar9271芯片(山寨)和rt2770f(这是华硕出的一款双网卡,不好买着了,缺点是发热量大)。
推荐tp-link的721n无线网卡。。
apt-get install hostapd

/etc/hostapd.conf

 interface=wlan1
 driver=nl80211
 ssid=vlad_is_here
 channel=6
 hw_mode=g
 ignore_broadcast_ssid=0
 auth_algs=1
 wpa=2
 wpa_passphrase=xxxxxxxx
 wpa_key_mgmt=WPA-PSK
 wpa_pairwise=TKIP
 rsn_pairwise=CCMP

配置一下iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

此处的eth0为我的上级网关出口的网卡.
2. 安装dnsmasq
安装dnsmasq纯粹是为了用它的dhcp功能。因为它只支持udp的dns查询。不支持tcp。GFW这个混蛋不会污染tcp的dns查询。

apt-get install dnsmasq

/etc/dnsmasq.conf找到以下参数进行修改。

  port=5353   #这里改成非标准端口,使用pdnsd来做dns查询(因为它支持tcp的dns查询)
  interface=wlan0  #改成无线网卡名称
  bind-interfaces   #绑定无线网卡(要不然。会造成其它网卡也进行dhcp广播)
  dhcp-range=192.168.10.50,192.168.10.150,12h   #按需修改

3. 安装pdnsd

apt-get install pdnsd

修改/etc/pdnsd.conf
global {
server_port=53;
server_ip = any;
query_method = tcp_only; #这是最重要的。。
min_ttl = 1d; #缓存一天
neg_rrs_pol=on;
par_queries=1;
}
server {
ip = 223,5,5,5, #增加这两个ip,第一个是阿里云的公共dns,第二个是google的dns
8.8.8.8,
…….; #这里是默认的
uptest = none;
proxy_only=on;
purge_cache=off;
}

注意上边红色的标注的是最重要的。。一定要设置好了。。否则就有性能问题了。在下边会详细解释。
到此为止,就把所有的组件都安装好了。。写个启动脚本

#!/bin/bash
/etc/init.d/hostapd restart
#因为每个hostapd启动的时候。会把网卡上的ip给清掉。所以再次给个ip,网卡没有ip,dnsmasq启动会报错的。。
#按需修改一下。。
ifconfig asus_2770 192.168.10.1 netmask 255.255.255.0 up
/etc/init.d/dnsmasq restart
/etc/init.d/pdnsd restart

试一下看能不能上正常的网站了。。

4. 安装shadowsocks

https://github.com/clowwindy/shadowsocks-libev

apt-get install libev-dev  build-essential autoconf libtool libssl-dev
git clone 'https://github.com/clowwindy/shadowsocks-libev'
cd shadowsocks-libev
./configure &amp;&amp; make &amp;&amp; make install

配置shadowsocks

/etc/shadowsocks.json

{
	"server":"你的vps地址",
	"server_port":你在vps上shadowsock开的服务端口,
	"local_address": "127.0.0.1",
	"local_port":1080,
	"password":"密码",
	"timeout":300,
	"method":"aes-256-cfb",
	"fast_open": false,
	"workers": 10
}

如果没有vps的话。你需要去网上找公开的shadowsocks服务…

ss-redir -c /etc/shadowsocks.json

5. 配置透明代理

#!/bin/sh

#create a new chain named SHADOWSOCKS
iptables -t nat -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -d {you shadowsocks server ip}-j RETURN

# Ignore LANs IP address
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# Ignore Asia IP address
iptables -t nat -A SHADOWSOCKS -d 1.0.0.0/8 -j RETURN
#注意这句,改成你的上游dns服务器地址
iptables -t nat -A SHADOWSOCKS -d 8.8.8.8 -j RETURN

iptables -t nat -A SHADOWSOCKS -d 14.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 27.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 36.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 39.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 42.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 49.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 58.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 59.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 60.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 61.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 101.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 103.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 106.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 110.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 111.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 112.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 113.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 114.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 115.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 116.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 117.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 118.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 119.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 120.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 121.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 122.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 123.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 124.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 125.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 126.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 175.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 180.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 182.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 183.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 202.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 203.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 210.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 211.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 218.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 219.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 220.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 221.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 222.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 223.0.0.0/8 -j RETURN

# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080

# Apply the rules to nat client
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
# Apply the rules to localhost
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

把’you shadowsocks server ip’替换成真实的地址,然后执行.

最后用电脑或手机连一下无线。。看看能上twitter.com了吗? 神马?不能上?。。那就继续google吧。。。

Update: 2014-7-13

修正三个问题:
1. iptables中需要忽略 pdnsd中配置的上游dns的ip,即增加
iptables -t nat -A SHADOWSOCKS -p tcp -d 8.8.8.8 -j RETURN

2. pdnsd出了点问题。在服务器上测试没有问题,但在客户端ubuntu上测试总是返回不了结果。
debug后如下错误:

1 07/12 16:46:55| Received query.
1 07/12 16:46:55| Query has a non-empty additional section!
1 07/12 16:46:55| Outbound msg len 12, tc=0, rc="query format error"
1 07/12 16:46:55| Answering to: 192.168.100.102, source address: 192.168.100.170

对比两个机器的dig,版本不一样。raspberry pi服务器(即路由器)上的dig是9.8.1,而ubuntu客户端上的dig是9.9.2。

google也没有答案。然后尝试升级了一下pdnsd。问题解决。源码包下载地址如下:

http://members.home.nl/p.a.rombouts/pdnsd/dl.html

3. 访问墙外很慢,很慢。。
访问twitter.com很慢很慢。如果不用透明代理很快很快。。。肯定是哪出了问题了。。
首先从域名解析入手。dig twitter.com。。嗯。很快。。
然后strace -p shadowsocks的pid

客户端打开twitter。然后就可以看到。解析’hackers365.com’这个地址很慢很慢。。这个地址是我在配置文件里配的shadowsocks服务器地址,假设换成域名就很快了。。

继续深究。为什么这么慢。我dig的很快呀。。为什么程序一解析就慢。。

strace继续观察。。发现shadowsocks会进行AAAA即ipv6的解析。pdnsd会在没有得到ipv6地址的时候不进行缓存。每次就解析啊解析啊解析啊解析。导致shadowsocks连接不上hackers365.com这个服务器,那么怎么解决呢?
看这里。有performance setting这一段。需要设置四个参数。就可以了。。在上边的pdnsd.conf配置中我用红色进行了标注。
https://wiki.archlinux.org/index.php/pdnsd

至此。完美解决!

新装的ubuntu 14.04 解决apt-get update报错

apt-get update的时候报错提示没有找到

忽略 http://cn.archive.ubuntu.com trusty-backports/multiverse Translation-zh
忽略 http://cn.archive.ubuntu.com trusty-backports/restricted Translation-zh_CN
忽略 http://cn.archive.ubuntu.com trusty-backports/restricted Translation-zh
忽略 http://cn.archive.ubuntu.com trusty-backports/universe Translation-zh_CN
忽略 http://cn.archive.ubuntu.com trusty-backports/universe Translation-zh
下载 1,666 kB,耗时 3分 35秒 (7,740 B/s)
W: GPG 错误:http://ftp.cn.debian.org squeeze Release: 由于没有公钥,无法验证下列签名: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9
W: 无法下载 http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/trusty/main/binary-amd64/Packages  404  Not Found

W: 无法下载 http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/trusty/main/binary-i386/Packages  404  Not Found

1. 要解决签名的问题

apt-key adv --recv-keys --keyserver keyserver.Ubuntu.com AED4B06F473041FA

2. 要解决404 Not Found的问题

sed -i 's/trusty/saucy/g' '/etc/apt/sources.list.d/yannubuntu-boot-repair-trusty.list'

好了。继续apt-get update吧。