Boost or at least unlock the website’s performance

### configure /etc/sysctl.conf:
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
net.ipv4.tcp_syncookies=0
# https://linux.die.net/man/5/proc
# https://www.kernel.org/doc/Documentation/sysctl/fs.txt
fs.file-max = 6815744
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
# https://linux.die.net/man/7/tcp
# The maximum number of queued connection requests which have still not received an acknowledgement from the connecting client.
net.ipv4.tcp_max_syn_backlog = 65535
# https://www.kernel.org/doc/Documentation/sysctl/net.txt
# Maximum number  of  packets,  queued  on  the  INPUT  side, when the interface receives packets faster than kernel can process them.
# for 1G NIC:
net.core.netdev_max_backlog = 3000

### limits (/etc/security/limits.conf)
# see current user limits:
ulimit -a
# see process limits (e.g. pid 1660):
cat /proc/1660/limits

### systemd service
# configure http server's "max number of open files" limit (soft and hard):
[Service]
LimitNOFILE=65536

### debug your website's performance:
tailf apps/log/nginx-error.log
# watch for "too many open files" problem:
tailf /var/log/syslog | grep SNMP
# watch the main log for other possible problems:
tailf /var/log/syslog
# your application server logs:
tailf ~/apps/opt/apache-tomcat-7.0.64/logs/catalina.out
# see (roughly) how many sockets are open:
watch --interval=1 'netstat -tuna | wc -l'
# or using lsof to count the list of open files:
watch --interval=1 'lsof | wc -l'
# use apache benchmarking tool:
ab -c 1000 -n 10000 -s 80 -H 'Accept-Encoding: gzip' -qd https://yourhost/yourwebsite > nginx1k-10k-ssl.txt

### Conclusion (jetty as application server):
http with nginx (+gzip) in front of jetty is 44% slower comparing to jetty direct access.
https with nginx (+gzip) in front of jetty is 2x faster comparing to jetty direct access.

### test with tomcat with Tomcat Native Library:
# https://tomcat.apache.org/native-doc/
# text/plain:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMString
# text/plain:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMStringDeferred
# application/json:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMObjectToJson
# application/json, get all ORDER BY sql:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMObjectToJsonDeferred
# application/json, get all ORDER BY sql:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testGetNoCacheableOrderedAppConfigs
# application/json, search by indexed string column sql:
curl -i http://127.0.0.1:8080/exifweb/app/json/appconfig/testGetNoCacheableAppConfigByName

rm -v adr*.txt tom*.txt ng-tom*.txt ngs-tom*.txt ngs-gz*.txt
grep -P "Failed|Requests|Document Length|Request rate|Reply status" adr*.txt tom*.txt ng-tom*.txt ngs-tom*.txt ngs-gz*.txt
# -H 'Accept-Encoding: gzip'

## tomcat:
# RAM text/plain
ab -c 3500 -n 35000 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMString > tom-testRAMString-3,5k.txt
# RAM text/plain deferred
ab -c 2300 -n 23000 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMStringDeferred > tom-testRAMStringDeferred-2,3k.txt

# RAM application/json
ab -c 3000 -n 30000 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMObjectToJson > tom-testRAMObjectToJson-3k.txt
# RAM application/json deferred
ab -c 1900 -n 19000 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testRAMObjectToJsonDeferred > tom-testRAMObjectToJsonDeferred-1,9k.txt

# sql: get all ORDER BY
ab -c 675 -n 6750 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testGetNoCacheableOrderedAppConfigs > tom-testGetNoCacheableOrderedAppConfigs-675.txt

# sql: search by indexed string column
ab -c 800 -n 8000 -s 360 -qdr http://127.0.0.1:8080/exifweb/app/json/appconfig/testGetNoCacheableAppConfigByName > tom-testGetNoCacheableAppConfigByName-800.txt

## nginx -> tomcat:
# RAM text/plain
ab -c 2250 -n 22500 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testRAMString > ng-tom-testRAMString-2,25k.txt
# RAM text/plain deferred
ab -c 1400 -n 14000 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testRAMStringDeferred > ng-tom-testRAMStringDeferred-1,4k.txt

# RAM application/json
ab -c 1975 -n 19750 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testRAMObjectToJson > ng-tom-testRAMObjectToJson-1,975k.txt
# RAM application/json deferred
ab -c 1450 -n 14500 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testRAMObjectToJsonDeferred > ng-tom-testRAMObjectToJsonDeferred-1,45k.txt

# sql: get all ORDER BY
ab -c 625 -n 6250 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableOrderedAppConfigs > ng-tom-testGetNoCacheableOrderedAppConfigs-625.txt

# sql: search by indexed string column
ab -c 710 -n 7100 -s 360 -qdr http://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableAppConfigByName > ng-tom-testGetNoCacheableAppConfigByName-710.txt

## tomcat (ssl):
# RAM text/plain
ab -c 90 -n 900 -s 360 -qdr https://127.0.0.1:8443/exifweb/app/json/appconfig/testRAMString > toms-testRAMString-90.txt

# RAM application/json
ab -c 90 -n 900 -s 360 -qdr https://127.0.0.1:8443/exifweb/app/json/appconfig/testRAMObjectToJson > toms-testRAMObjectToJson-90.txt

# sql: get all ORDER BY
ab -c 90 -n 900 -s 360 -qdr https://127.0.0.1:8443/exifweb/app/json/appconfig/testGetNoCacheableOrderedAppConfigs > toms-testGetNoCacheableOrderedAppConfigs-90.txt

# sql: search by indexed string column
ab -c 90 -n 900 -s 360 -qdr https://127.0.0.1:8443/exifweb/app/json/appconfig/testGetNoCacheableAppConfigByName > toms-testGetNoCacheableAppConfigByName-90.txt

## nginx -> tomcat (ssl):
# RAM text/plain
ab -c 550 -n 5500 -s 360 -qdr https://127.0.0.1/photos/app/json/appconfig/testRAMString > ngs-tom-testRAMString-550.txt

# RAM application/json
ab -c 550 -n 5500 -s 360 -qdr https://127.0.0.1/photos/app/json/appconfig/testRAMObjectToJson > ngs-tom-testRAMObjectToJson-550.txt

# sql: get all ORDER BY
ab -c 410 -n 4100 -s 360 -qdr https://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableOrderedAppConfigs > ngs-tom-testGetNoCacheableOrderedAppConfigs-410.txt

# sql: search by indexed string column
ab -c 450 -n 4500 -s 360 -qdr https://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableAppConfigByName > ngs-tom-testGetNoCacheableAppConfigByName-450.txt

## nginx (gzip) -> tomcat (ssl):
# RAM text/plain
ab -c 560 -n 5600 -s 360 -qdr -H 'Accept-Encoding: gzip' https://127.0.0.1/photos/app/json/appconfig/testRAMString > ngs-gz-tom-testRAMString-560.txt

# RAM application/json
ab -c 560 -n 5600 -s 360 -qdr -H 'Accept-Encoding: gzip' https://127.0.0.1/photos/app/json/appconfig/testRAMObjectToJson > ngs-gz-tom-testRAMObjectToJson-560.txt

# sql: get all ORDER BY
ab -c 405 -n 4050 -s 360 -qdr -H 'Accept-Encoding: gzip' https://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableOrderedAppConfigs > ngs-gz-tom-testGetNoCacheableOrderedAppConfigs-405.txt

# sql: search by indexed string column
ab -c 445 -n 4450 -s 360 -qdr -H 'Accept-Encoding: gzip' https://127.0.0.1/photos/app/json/appconfig/testGetNoCacheableAppConfigByName > ngs-gz-tom-testGetNoCacheableAppConfigByName-445.txt

## nginx
ab -c 625 -n 6250 -s 360 -qdr https://127.0.0.1/public/mysqld.sh > ngs-625.txt
ab -c 4600 -n 40000 -s 360 -qdr http://127.0.0.1/public/mysqld.sh > ngs-4600.txt

Crossroads load balance and fail over utility

Original description
Crossroads is an open source load balance and fail over utility for TCP based services. It is a daemon running in user space, and features extensive configurability, polling of back ends using 'wakeup calls', detailed status reporting, 'hooks' for special actions when backend calls fail, and much more. Crossroads is service-independent: it is usable for HTTP(S), SSH, SMTP, DNS, etc.. In the case of HTTP balancing, Crossroads can provide 'session stickiness' for back end processes that need sessions, but aren't session-aware of other back ends.

Setting Up ‘XR’ (Crossroads) Load Balancer for Web Servers on RHEL/CentOS/

Spring security with kerberos

What is a keytab, and how do I use one?
Introduction to Kerberos for Managers
Crash Course to Kerberos
Appendix D. Troubleshooting
JAAS authentication with Kerberos
http://www.roguelynn.com/words/explain-like-im-5-kerberos/
KDC = Kerberos Key Distribution Center
TGT = Ticket Granting Ticket
TGS = Ticket Granting Server

For the configuration below (just a copy from spring security reference):
<sec:authentication-manager alias="authenticationManager">
	<sec:authentication-provider ref="kerberosAuthenticationProvider"/>
</sec:authentication-manager>

<bean id="kerberosAuthenticationProvider"
	class="org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider">
	<property name="kerberosClient">
		<bean class="org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient">
			<property name="debug" value="true"/>
		</bean>
	</property>
	<property name="userDetailsService" ref="dummyUserDetailsService"/>
</bean>

<bean
	class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig">
	<property name="debug" value="true" />
	<property name="krbConfLocation" value="/path/to/krb5.ini"/>
</bean>

<bean id="dummyUserDetailsService"
	class="org.springframework.security.kerberos.docs.DummyUserDetailsService" />
The file /path/to/krb5.ini could be an exact copy of /etc/krb5.conf from the KDC machine. You'll have to make sure the host names used in krb5.ini's default_realm are accessible for the application.

zoneminder

https://wiki.zoneminder.com/Ubuntu_Server_14.04_64-bit_with_Zoneminder_1.30.0_the_easy_way

# when already have mysql do:
sudo systemctl start mysql

sudo apt-get install zoneminder
sudo chmod +r /etc/zm/zm.conf
sudo chmod g+rw /etc/php/7.0/apache2/php.ini

# edit /etc/php/7.0/apache2/php.ini
date.timezone = Europe/Bucharest

# create mysql user zmuser/zmpass and mysql schema zm
# grant all privileges for zm schema to zmuser
mysql -u zmuser -p < /usr/share/zoneminder/db/zm_create.sql

sudo a2enconf zoneminder.conf
sudo a2enmod cgi
sudo systemctl restart apache2

# access http://127.0.0.1/zm/