Optimal systemd configuration for Caddy?

vvic · July 30, 2024, 1:42am

I was wondering what is the ideal systemd configuration for optimal Caddy performance?

I have the following on the caddy.service file:

      LimitNOFILE=1048576
      LimitNPROC=512
      AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

Is that enough for Caddy to maximize the CPUs of the machine?

1. The problem I’m having:

Not a problem, but a question.

2. Error messages and/or full log output:

No errors.

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

Running binaries from github

a. System environment:

Debian 12

b. Command:

No special command.

c. Service/unit/compose file:

No special unit.

d. My complete Caddy config:

No special config.

5. Links to relevant resources:

No links.

francislavoie · July 30, 2024, 8:47pm

If you install using our apt repo, it ships with a systemd config:

You can find our systemd config here:

github.com

caddyserver/dist/blob/master/init/caddy.service

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

This file has been truncated. show original

There’s nothing special to change. Caddy is written in Go, which automatically scales to the amount of available CPU threads.

vvic · July 31, 2024, 3:24am

Would you say those issues are obsolete, then?

github.com/caddyserver/dist

Switch systemd unit to TasksMax

opened 03:20PM - 28 Dec 23 UTC

bt90

I'm hitting the same problem as outlined in https://github.com/caddyserver/caddy…/issues/1802. The culprit seems to be how systemd handles the `LimitNProc` option: https://github.com/caddyserver/dist/blob/49a805b0196e8c9e394cfe3546f2cd568d6e37d1/init/caddy.service#L30 While caddy doesn't occupy that many processes, some other docker containers seem to use the same UID for their processes: ```sh sudo ps -U caddy ``` ``` PID TTY TIME CMD 4491 ? 00:00:01 mailrise 36706 ? 00:00:28 postgres 36760 ? 00:00:01 postgres 36761 ? 00:00:06 postgres 36762 ? 00:00:10 postgres 36763 ? 00:03:55 postgres 36764 ? 00:00:14 postgres 36765 ? 00:01:17 postgres 36766 ? 00:00:00 postgres 1597030 ? 00:00:03 postgres 1599669 ? 00:00:03 postgres 2081581 ? 00:25:43 redis-server 2082548 ? 00:00:36 postgres 2082623 ? 00:00:34 postgres 2654461 ? 00:00:00 start.sh 2654495 ? 00:00:00 Xvfb 2654496 ? 00:00:00 dumb-init 2654497 ? 00:48:58 node 2654671 ? 00:01:16 chrome 2654672 ? 00:01:16 chrome 2654673 ? 00:01:14 chrome 2654674 ? 00:01:14 chrome 2654675 ? 00:01:16 chrome 2654676 ? 00:01:13 chrome 2654677 ? 00:01:15 chrome 2654678 ? 00:01:14 chrome 2654683 ? 00:00:00 chrome_crashpad 2654684 ? 00:00:00 chrome_crashpad 2654685 ? 00:00:00 chrome_crashpad 2654686 ? 00:00:00 chrome_crashpad 2654691 ? 00:00:00 chrome_crashpad 2654692 ? 00:00:00 chrome_crashpad 2654693 ? 00:00:00 chrome_crashpad 2654694 ? 00:00:00 chrome_crashpad 2654703 ? 00:00:00 chrome 2654704 ? 00:00:00 chrome 2654705 ? 00:00:00 chrome 2654706 ? 00:00:00 chrome 2654707 ? 00:00:00 chrome 2654708 ? 00:00:00 chrome 2654709 ? 00:00:00 chrome 2654710 ? 00:00:00 chrome 2654711 ? 00:01:14 chrome 2654712 ? 00:01:13 chrome 2654715 ? 00:00:00 chrome_crashpad 2654717 ? 00:00:00 chrome_crashpad 2654718 ? 00:00:00 chrome_crashpad 2654722 ? 00:00:00 chrome_crashpad 2654723 ? 00:00:00 chrome 2654724 ? 00:00:00 chrome 2654727 ? 00:00:00 chrome 2654728 ? 00:00:00 chrome 2654729 ? 00:00:00 nacl_helper 2654730 ? 00:00:00 nacl_helper 2654732 ? 00:00:00 chrome_crashpad 2654750 ? 00:00:00 chrome_crashpad 2654752 ? 00:00:00 chrome_crashpad 2654753 ? 00:00:00 nacl_helper 2654757 ? 00:00:00 nacl_helper 2654759 ? 00:00:00 chrome_crashpad 2654761 ? 00:00:00 chrome 2654762 ? 00:00:00 chrome 2654767 ? 00:00:00 chrome_crashpad 2654768 ? 00:00:00 chrome_crashpad 2654770 ? 00:00:00 nacl_helper 2654781 ? 00:00:00 chrome 2654786 ? 00:00:00 chrome 2654796 ? 00:00:00 chrome_crashpad 2654800 ? 00:00:00 chrome 2654802 ? 00:00:00 chrome 2654816 ? 00:00:00 chrome_crashpad 2654817 ? 00:00:16 chrome 2654818 ? 00:00:17 chrome 2654821 ? 00:00:00 chrome 2654822 ? 00:00:00 chrome 2654823 ? 00:00:17 chrome 2654824 ? 00:00:17 chrome 2654828 ? 00:00:00 nacl_helper 2654881 ? 00:00:17 chrome 2654884 ? 00:00:00 nacl_helper 2654885 ? 00:00:16 chrome 2654886 ? 00:00:17 chrome 2654901 ? 00:00:00 nacl_helper 2654907 ? 00:00:17 chrome 2654910 ? 00:00:17 chrome 2654916 ? 00:00:00 nacl_helper 2654922 ? 00:00:17 chrome 2654985 ? 00:00:19 chrome 2654999 ? 00:00:00 nacl_helper 2655029 ? 00:00:05 chrome 2655048 ? 00:00:17 chrome 2655053 ? 00:00:05 chrome 2655063 ? 00:00:16 chrome 2655065 ? 00:00:17 chrome 2655066 ? 00:00:17 chrome 2655079 ? 00:00:17 chrome 2655080 ? 00:00:16 chrome 2655085 ? 00:00:05 chrome 2655089 ? 00:00:05 chrome 2655092 ? 00:00:17 chrome 2655096 ? 00:00:05 chrome 2655097 ? 00:00:05 chrome 2655105 ? 00:00:05 chrome 2655129 ? 00:00:05 chrome 2655136 ? 00:00:05 chrome 2655179 ? 00:00:05 chrome 2655180 ? 00:00:20 chrome 2655186 ? 00:00:17 chrome 2655199 ? 00:00:05 chrome 2655223 ? 00:00:05 chrome 2655315 ? 00:00:05 chrome 2655323 ? 00:00:05 chrome 2655330 ? 00:00:05 chrome 2655337 ? 00:00:05 chrome 2655341 ? 00:00:05 chrome 2655346 ? 00:00:05 chrome 2655385 ? 00:00:05 chrome 2655391 ? 00:00:05 chrome ``` The systemd documentation notes that `TasksMax` should be preferred over `LimitNProc`: > Note that `LimitNPROC=` will limit the number of processes from one (real) UID and not the number of processes started (forked) by the service. **Therefore the limit is cumulative for all processes running under the same UID.** Please also note that the `LimitNPROC=` will not be enforced if the service is running as root (and not dropping privileges). Due to these limitations, `TasksMax=` (see [systemd.resource-control(5)](https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#)) is typically a better choice than `LimitNPROC=`. https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Process%20Properties

Nothing to tune at all?

francislavoie · July 31, 2024, 5:25am

We’ve already dropped LimitNPROC (because a good point was made that it doesn’t work the way we expected), and TasksMax wasn’t available in all supported OS versions we needed until just recently. But setting TasksMax isn’t really necessary, Go’s execution model doesn’t really necessitate it.

Forza · August 1, 2024, 1:07pm

Not directly related, but I think AllowedCPUs= can be used to limit how many CPU cores can be used.

Otherwise, TasksMax, seems to be what you want if you indend to limit amount of pids.

But what is the end goal with setting various cgroup settings? Perhaps just tune cpu.weight for your services is enough?

https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html

system · August 31, 2024, 1:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.