When it comes to CMaNGOS, we speak about:
- hardwork
- teamwork
- stability
- performance
- unique features
and never the last,
- experience

How can we improve all that work in a "perfect" server? Experience is what make difference when it comes to a simple private server and a proffessional private server. Only by working together, we will achieve the best combination of tweaks and tips to strive perfection.

Edit by Schmoo: Many of the points here are derived from High Performance Tips from old forums by kero99

Tips:
* Core Server and Database server are split in 2 servers connected through GigaLan
* Use MySQL as it is the best solution for 2 reasons:
- InnoDb support
- cMaNGOS is tunned up for MySQL
* OS suggested:
- Ubuntu 12.04 (Server or Desktop comes with same tuned up kernel)
- OpenSuse 12.3

* Suggested System Configuration (3k players, NO LAG)
- хXeon QC Е5430 (2.66) DDR2 FB-DIMM 16Gb / 2хHDD 320Gb WD 3200YS 16Mb SATA II. (Velvet)

Settings:
* Networking: mangos bandwidth consumption for about 3000K players is aprox 70 mbps, but you need a 100mb symetric hosting.

TCP Stack: Linux systems have a automatic system to configure self TCP stack but when you have more of 1000k players if posible that you need tunning some TCP and kernel config for better system performance and responses. This is my sysctl.conf for example i use: KeRo99 - Pastebin.com

* RAM Memory & HDD:
- 8 - 16Gb would be inoff for 3 - 5k/realm.
- SSD HDDs can offer a very viable solution.
- Swap Memory is more than the cherry above the cake when it comes to memory. Swap memory is a file (windows) or a filesystem (linux) on your harddrive which acts like memory. whenever your memory is filled up, the OS starts to "swap": it moves currently unused parts of the memory to the swap file(system) and thus gives some real memory to another application. the program won't know whether its data currently is in swap or in the real RAM, but accessing data which is in swap is a lot slower (as slow as your HDD is). RAM is always faster than HDD (unless you use the top-end SSD solutions for datacenters. (DasBlub)
- MaNGOS loads most tables at startup and you can also configure how it handles various things (e.g. set GridUnload to 0, so it keeps all grids in memory) so that it only accesses things once. (DasBlub)
- You could also create a RAMDISK (a filesystem purely in memory - sometimes /tmp is a RAMDISK, check your fstab to check/create one) and copy all files in there and also configure your database server to cache the whole database and then you'll have a pretty fast config (assuming that you set up everything correctly, have enough RAM so it won't start swapping and have fast enough RAM.(DasBlub)

* File Descriptors: In some linux distros the limit on the number of file descriptors a process may have by default is 1000 and if you want to have more of 900 - 1000 player you need modify this limits in limits.conf adding:
root soft nofile 4096
root hard nofile 4096
(use root if your mangos users is root)

* MySQL Tunning:
Config designed for 2000 to 3000 player online max:
max_allowed_packet = 128M # Allows inserts dumps with bulks up to 128 MB which allows backups / restore faster.

Recomended values:

Code:

max_allowed_packet = 1M # Default
max_allowed_packet = 32M # 256 MB RAM
max_allowed_packet = 64M # 1 GB RAM
max_allowed_packet = 128M # 2.5+ GB RAM

default-storage-engine = INNODB # For characters DB tables (dont forgot change your tables to INNODB)

skip-external-locking - Recommended to avoid table locks with MaNGOS running.

max_connections = 20 -> MaNGOS opens 3 connections. One for mangosworld table, other for characters and one for scriptdev2. Realmd open the fourth connection for logon.
20 connections with more than enough to even have PHP scripts accessing the DB.

sort_buffer_size = 4M -> Recommended for MaNGOS.
join_buffer_size = 4M -> Recommended for MaNGOS.




INNODB FEATURES
===============

Code:

innodb_additional_mem_pool_size = 50M # Values beetween 20M and 50M are enough for character tables and for every innodb database.
innodb_thread_concurrency = 8 # 1 To Processors of 1 or 2 cores. 2 for Quad CoRe. 4 for i7 / Xeon and 8 for Bi-XEON (2 processors).
innodb_flush_method = O_DSYNC # Depend of your HDD
innodb_flush_log_at_trx_commit = 0 # 0 to reduce the I / O of HD, but in case of a fall is to lose data from the last transaction. 1 recommended for losing nothing. (More I/O) 2 Mix beetween one and two.
innodb_buffer_pool_size = 7G # The size of the table of characters plus a margin. ĦĦĦĦATTENTION THIS IS SPACE FOR MYSQL RAM!!!! which is reserved!
innodb_log_files_in_group = 2 # Recomended for reduce log file access.
innodb_log_file_size = 32M # Size of the log. innodb_log_file_size x innodb_log_files_in_group.
innodb_log_buffer_size = 16M # Buffer needed to process... 1/4 del log_size total.
innodb_file_per_table = 1 # Recomended for reduce file access.
innodb_table_locks = 0 # Disable table lock. We do not care that an application crash or MaNGOS crashes too!.



MAGIC FORMULA

=============

Code:

max_connections = 4096
table_cache = 4096
max_allowed_packet = 160M
binlog_cache_size = 1M
max_heap_table_size = 256M
sort_buffer_size = 8M
join_buffer_size = 8M
thread_cache_size = 24
thread_concurrency = 16
query_cache_limit = 50M
query_cache_size = 512M
ft_min_word_len = 4
thread_stack = 50M
tmp_table_size = 256M
key_buffer_size = 256M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M

[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M





MaNGOS Conf.

==========
Code:

UseProcessors = 0
ProcessPriority = 1
Compression = 4 # This is the best combination between speed and compression
PlayerLimit = 5000
SaveRespawnTimeImmediately = 1
MaxOverspeedPings = 2
GridUnload = 0 # Why? Because every new instance = new memory. With high online you will go out of memory.
GridCleanUpDelay = 300000
MapUpdateInterval = 100
ChangeWeatherInterval = 86400000 # Set to 24 hrs. Later values, more performance!
PlayerSave.Interval = 120000 # 2 min.
PlayerSave.Stats.MinLevel = 10+ # Prevent to litter DB with many low level characters( this is for armory, see below ).
PlayerSave.Stats.SaveOnlyOnLogout = 1
vmap.enableLOS = 1
vmap.enableHeight = 1
vmap.ignoreSpellIds = "7720"
vmap.enableIndoorCheck = 0 # Turned off because of BG. WSG tunnel should be outdoor, AV the same bug at entrance.
DetectPosCollision = 1
TargetPosRecalculateRange = 0.5 # It lows performance( it is written in config ), but if you make it more than 0.5 PVP for
# melee classes becomes a hell( You stand in player & server told you that he is out of range ).
# On my opinion it should be 0.1... But in config written, that min 0.5...
mmap.enabled = 1
mmap.ignoreMapIds = ""
UpdateUptimeInterval = 30 # Later updates, faster the server
MaxCoreStuckTime = 20
AddonChannel = 1
CleanCharacterDB = 1



Server Security
=========
* own user for running and accessing configs (this can prevent overreaction to security flows)
* own DB-user for accessing the database (this can prevent overreaction to security flows)
- You can also go a step further by adding one (edit: MySQL) user for realmd and one for mangos, and tightening the permissions of each (example: remove the DROP TABLE permission because MaNGOS will never use it) (Sirenfal)

* BLOCK all ports and let only server ports open (you can use a GUI to edit IPTABLES and configure firewall)
* Tweak your linux security with:
- SELinux
- grsecurity - it's a lot easier to use and is no less effective or secure (Sirenfal)
- AppArmor
* One step further would be chroot (or BSD jail) all public internet-facing daemons.

Web Security
* First important thing - DON'T hold webserver on same machine with game server!!!


(Sirenfal) Pay attention to any web applications you run (like an armory or forum), because that is the most likely place an attacker will get into your box. To try to prevent this:
- Make each PHP application run as it's own user. You can do this by setting up multiple php-fpm pools, or using suPHP if you use Apache.
- Harden PHP by using Suhosin
- Jail each separate PHP application to it's own directory using open_basedir
- Restrict dangerous PHP functions (all forms of exec, basically)

Example of the last two:
Code:
Code:

php_admin_value[open_basedir] = /tmp:/home/armory/www
php_admin_value[suhosin.executor.func.blacklist] = dl,exec,passthru,shell_exec,system,proc_open,popen ,show_source




F.A.Q.
* How can I improve dos/ddos attacks?
DDoS attacks simply overwhelm the target's network connection. The only way to protect against DDOS to a certain degree is to have lots of servers with loadbalancing, so that you can distribute the requests to all of them. but this only works good with webservers and not that good with application servers. a good example for websites using this is all those using CloudFlare. (DasLub)
* There are many attacks (asymmetric resource consumption attacks, e.g. SYN/SSYN flood, Sockstress, etc see below) that can and should be mitigated with firewall rules. It's quite important to do this because botnets are fairly rare, and are unlikely to be commonly used on a WoW server. It's more likely script kiddies will be attacking, and many of the things they do can be mitigated cheaply and efficiently, saving you a great deal of headache. (Sirenfal)
* Here are some things that can/will help. They're not fullproof by any means, but they're much better than nothing.

- Rate limit SYN packets and enable SYN cookies in /etc/sysctl.conf
- Put your WoW server behind several cheap ($5-$20/month VPS) reverse proxies. This will help because most script kiddie's booters will only attack one IP at a time (meaning people can still connect). They can only take down one reverse proxy at a time. Even if they take your reverse proxies down you will have saved your expensive game server (which is probably an order of magnitude more expensive than the VPSes) from being suspended, and potential rollback or complete loss of your WoW database. Additionally, keep your game (mangosd) server behind it's own reverse proxy (that's not on the DNS). Odds are your log-on server will be attacked, and they won't sniff the game server IP, which means that people online can continue playing uninterrupted, people just won't be able to log in.
- Limit concurrent connection per IP to some reasonable value (3-5)
- See if your host can put restrictive firewall rules in to drop all inbound UDP packets at edge routers for you, except those for DNS and WoW (if it uses any)
- Set iptables rules to filter Sockstress
- Rate limit or disable entirely ICMP packets (Sirenfal)

Credits:
- kero99, cyrex (from old forum)

-- Axxl



› See More: All versions High Performance Tips