KEMBAR78
Crossbox Server PDF | PDF | Proxy Server | Port (Computer Networking)
0% found this document useful (0 votes)
308 views22 pages

Crossbox Server PDF

This document provides requirements and installation instructions for CrossBox Server. Key points include: - Requirements include 1 CPU/vCPU, 512MB RAM (more for additional features), and 5GB disk space. Supported OSs are various Linux distributions. - Installation is a 5 step process involving downloading an install script, logging in via web browser, filling out a form, starting the install, and finishing setup. - Options allow customizing the install including hostname, IP, app port, enabling/disabling features, and setting up a reverse proxy for external access without port in URL. - Support is provided for automatic configuration when installing alongside control panels like cPanel to reduce RAM needs and dependencies

Uploaded by

Omar Trigui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
308 views22 pages

Crossbox Server PDF

This document provides requirements and installation instructions for CrossBox Server. Key points include: - Requirements include 1 CPU/vCPU, 512MB RAM (more for additional features), and 5GB disk space. Supported OSs are various Linux distributions. - Installation is a 5 step process involving downloading an install script, logging in via web browser, filling out a form, starting the install, and finishing setup. - Options allow customizing the install including hostname, IP, app port, enabling/disabling features, and setting up a reverse proxy for external access without port in URL. - Support is provided for automatic configuration when installing alongside control panels like cPanel to reduce RAM needs and dependencies

Uploaded by

Omar Trigui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

CrossBox Server

Requirements
Quick Installation
Options in Details
Admin Area
Command Line Tools
Performance Tuning
Uninstall

Requirements
Standalone Version
1 CPU or vCPU
512 MB of RAM
5GB of Disk Space

Following features require additional memory when enabled:

Anti-Spam - 250 MB of RAM


Anti-Virus - 600 MB of RAM
TURN/STUN - 50 MB of RAM
CrossBox Document Converter (CDC) - 100 MB of RAM

To run a standalone version with all features enabled, we recommend


you install CrossBox on a server with at least 2GB of RAM.

Don't forget to plan out the disk space which will be used to store
emails, attachments, files and other storable objects by the users.

Supported Operating Systems


CrossBox Server runs on any x86-64 (64 bit) Linux based operating system,
including but not limited to:

RedHat/CentOS/CloudLinux 6+
Ubuntu 12.04+
Debian 7+
Fedora 13+
OpenSUSE 11.3+
ArchLinux
Slackware

Control Panel Version


It's common for servers that utilize a control panel to have most of the needed
services already running and in place.
Thus, when installing on a server that has cPanel, Plesk, DirectAdmin, VestaCP,
Webmin, CWP or any other control panel already running, CrosBox will auto-
detect and use the following services automatically:

MySQL
Exim
Dovecot
MailScanner
ClamAV
CSF
Firewalld
UFW
Solr

This effectively reduces the total memory needed for CrossBox to run to
just 512 MB of RAM, when used alongside the control panel.

Supported Control Panels

cPanel and Plesk currently have deep-integrations available, with


DirectAdmin integration on the way.

However, you can still use CrossBox with any control panel due to its plug and
play nature but some functions are not automated and may require a manual
action.

Software Dependencies
You don't need to install any new software dependencies for
CrossBox to work as it uses its own packages and libraries which are
prebuilt and shipped with CrossBox.
This means that we will not install any software via your system's package
manager (like yum, apt-get, pacman, etc) and will never interfere with
other software you may already have running on the server.

Other Dependencies
Hostname

Make sure that before installing CrossBox your server has a resolvable
hostname.

PTR (Reverse DNS)

We recommend that the server has a valid PTR (Reverse DNS) record that
matches the server's hostname.
A valid PTR record is important for good e-mail delivery.
Most VPS/Dedicated server providers allow you to edit a PTR record via the
control panel they provide.
Root user

A root user account and SSH access are required to install a CrossBox
Server.

Home Directory

Your system needs to have a /home directory. If it doesn't exist, CrossBox


Installer will automatically create it.

Let's start
Are you ready to get started?
Continue to Quick Installation Guide and have CrossBox up and running in
under 5 minutes.

Quick Installation
Intro
We know that you're excited about installing CrossBox, but first please make sure
that you checked out the Requirements before you start with the installation.

Sign Up
To install CrossBox you need to have a valid CrossBox.io account and an active
license. You can create an account with a 30-day free trial license here .

Single Server Setup


Here we will show you how to install CrossBox on a single server.

Multiple Server Setup


If you plan to install CrossBox on multiple servers, please head out to our
CrossBox Cluster documentation to learn how to create a master-slave cluster.

Installing in 5 Easy Steps


STEP ONE

SSH into your server and run the following command as


root:

sh <(curl https://cdn.crossbox.io/install.sh || wget -O -


https://cdn.crossbox.io/install.sh)
Then proceed to log in with your CrossBox.io account:

After a successful login, you'll find the URL that you can now use to start the
installation via your web browser:

STEP TWO
Open your favorite web browser and paste the URL you
copied

STEP THREE

Click your way through

After accepting the End User License Agreement and selecting a license,
installing CrossBox is as easy as filling in some basic details.
Almost everything is already pre-populated for you and the entire process takes
about five minutes or often less, depending on your server's performance.
Detailed Help

If you're not sure what to enter in a certain field during the installation, just click
on the "Learn more" link which is displayed beneath it:

By clicking it, you'll be taken directly to that option's more detailed


documentation.

STEP FOUR

Start the installation

After you click the " Install" button, CrossBox will start setting everything up. You
can track the progress in real-time as shown below:
STEP FIVE

Finish the installation

After the installation finishes successfully, you'll see a link which leads you to your CrossBox

App.

Options in Details
Server
Tweaking CrossBox Server to fit your needs is as easy as enabling and disabling
features with a simple checkbox click. CrossBox will auto-detect if some kind of a
control panel is already installed on the server and will auto-adjust itself. Here we
have listed all the options and associated help descriptions.

Hostname
CrossBox will try to automatically resolve a hostname of the server it's
being installed onto.

However, make sure that before installing CrossBox you have a valid PTR
(Reverse DNS) record that matches your hostname and that your hostname can
be successfully resolved.

You will not be in able to change the hostname after installation.

Public IP Address

CrossBox will try to automatically resolve an IP address of the server it's


being installed onto.

Reverse Proxy URL

You can skip this option if you're installing CrossBox on port 80 (HTTP) and
port 443 (HTTPS), or you don't mind accessing CrossBox via a port in the
URL.

If you are installing CrossBox on a port different from 80 or 443, you can reverse
proxy via a domain that you enter here. This is useful if you have something like
a website already running on ports 80 and 443, but you still want to access
CrossBox without entering a port in the URL.

For example, you can have a server with a hostname (server1.my-domain.com)


running multiple websites (example.com, something.com) on port 80 and 443.
Usually, when you install CrossBox on a server like this one, you must choose a
port that differs from those two, because they are already in use. When this is the
case, you must use HTTP(S):// Hostname: Port to access CrossBox.

However, if you don't like having a port in your CrossBox URL, you may enter a
domain (or a subdomain) from which you can reverse proxy to CrossBox. In the
above example, you would install CrossBox on server.my-domain.com:1703 and
then you would reverse proxy from some-domain.com to server.my-
domain.com:1703. By entering some-domain.com as a Reverse Proxy URL, you
are telling CrossBox to allow connections coming in from some-domain.com. This
will give you the ability to access CrossBox without entering a port and just by
visiting HTTP(S)://some-domain.com.

Reverse proxy from Apache to CrossBox

CrossBox by default runs only an SSL version. The following configuration will:

Redirect from HTTP to HTTPS


Make a proxy pass from some-domain.com to CrossBox installed and running
on port 1703

# HTTP
<VirtualHost *:80>
ServerName some-domain.com
# Redirect any HTTP request to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
# HTTPS
<VirtualHost *:443>
ServerName some-domain.com
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/certificate.private_key
SSLCertificateChainFile /path/to/your/certificate/chainfile.crt
# Reverse proxy configuration
<Location />
ProxyPass http://127.0.0.1:1703/
ProxyPassReverse http://127.0.0.1:1703/
</Location>
</VirtualHost>

Make sure you modify ServerName, certificate parts, and CrossBox port to match
your own installation. Note that some-domain.com is the domain you are reverse
proxying from.

Reverse proxy from .htaccess to CrossBox

It is also possible but not advisable to do a reverse proxy from a .htaccess file by
using mod_rewrite:

RewriteEngine on
RewriteRule (.*) https://127.0.0.1:1703/$1 [P,L]

Reverse proxy from Nginx to CrossBox

server {
listen 80;
server_name some-domain.com;
charset utf-8;
# Redirect any HTTP request to HTTPS
return 301 https://some-domain.com$request_uri;
}

server {
listen 443;
server_name some-domain.com;
charset utf-8;
ssl on;
ssl_certificate /path/to/your/certificate.pem;
ssl_certificate_key /path/to/your/privkey.pem;
# Reverse proxy configuration
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass https://127.0.0.1:1703;
}
}

App Port
Enter a Port number that CrossBox will bind to and listen on. If you are using the
server only for CrossBox, and you don't have anything else running on ports 80
and 443, you can safely use those. If, however, these ports are already taken, you
can enter a custom Port number. In the case when you have to use ports
different from 80 and 443, but you still want to access CrossBox without entering
a port in the URL, you can do so by making a Reverse Proxy URL.
You will not be in able to change the App Port after the installation.

WebSocket Port
WebSocket service serves as message passing between the server and various
connected clients. The default WebSocket Port is 8349.

You will not be in able to change the WebSocket port after the installation.

SSL
We strongly recommend that you enable the SSL feature. Not only it will help
protect data being sent over the network from prying eyes, it is also needed for
audio and video calls to work. It is very easy to set up and you have four options
to choose from:

Generate SSL certificates automatically (by using Let's Encrypt Certbot)


Select from auto-detected list (will scan the system for existing certificates)
- this is visible if the installer detects SSL certificates
Enter .crt/pem .key paths (lets you enter paths to certificate files)
Upload .crt/pem and .key files (lets you upload certificate files)

TURN/STUN Server
CrossBox uses Coturn as a fast and reliable TURN/STUN server. It is responsible
for streaming audio and video data during the CrossBox audio/video conference
and for relaying media traffic when persons attending the call can't reach each
other directly via a peer-to-peer protocol. This is most often the case when the
person is behind a corporate firewall.

Overall, enabling a TURN/STUN server will greatly improve the quality of audio
and video calls. The CrossBox Installer will give you the ability to choose if you
wish to enable TURN/STUN integration and will also allow you to decide where it
should be hosted. You can choose to install it on the same server as CrossBox or
you can enter an external server to offload audio and video streaming to a
separate machine in the case you have thousands of concurrent calls being
made.

If you plan on having more than 50 people streaming audio and video at
the same time, please make sure that you allocate enough CPU/Network
resources for your TURN/STUN server. The other approach would be to
offload media streaming to a Coturn server hosted on another machine, by
choosing "Use external coturn server" and filling in Host and SSL Host
fields.

Coturn Non-SSL Port


Enter a non-SSL port that Coturn will use. The default Coturn non-SSL port
is 3478.

Coturn Port
Enter an SSL port that Coturn will use. The default Coturn SSL port is 5349.

Coturn UDP Port Range


You may leave the default value. If not, please enter a port range in format
12345:13456. The default value is 49152:65535.

Updates
CrossBox has a built-in update system that keeps your installation up to date and
automatically updates CrossBox when new updates are available.

At what hour to perform an update


Enter an hour when you wish to check for updates. Uses a 24h format and
accepts a number between 0 and 23. 0 means 00:00.

Application Limits
Max Number of Workers
Max number of CPU cores that the application will utilize. Depending on the
application traffic/usage you can specify a maximum number of workers based on
the number of cores your server has.

Each worker takes about 70-100 MB of RAM.

Max Request Size


In megabytes, enter maximum request body size that the end user can send. For
example, users won't be able to upload a file larger than what's defined here.
The default value is 1024MB.

CrossBox Administration
Admin Username
The default is "admin".

Admin Username cannot be changed after the installation.

Admin E-mail Address


Admin e-mail address. You may use any email address you want.

Admin Password
This password should be very complex.

Admin Area URL


Used for hiding your admin area from prying eyes. Make it difficult to guess.

Admin Area URL cannot be changed after the installation.

MySQL
Use CrossBox MySQL database
Enable if you don't have a MySQL server already running on the server. If you
enable this feature, CrossBox will use its own MariaDB server for storing users'
data. Otherwise, it will try to connect to a MySQL server already running on the
system and use that server for storing data.
Mail
Enable mail server integration
CrossBox has two ways of integrating with a mail server:
1. Use the mail server already running on the machine (when installing on a
cPanel/Plesk server)
2. Automatically install and set up a CrossBox mail server (when installing a
bare metal/standalone version)

In the first case, the installer will try to find locally available IMAP/SMTP servers
and use those for everything related to email.

In the second case, you'll be able to enable or disable following mail server
features:

Enable Anti-Virus Service


Enable this if you want an anti-virus to scan emails for malicious content.
Currently, only ClamAV is supported. If you have ClamAV already running on the
server, CrossBox will use that one automatically.

ClamAV requires 600 MB of RAM.

Enable Anti-Spam Service


Enable this if you want an anti-spam service to check whether the e-mail being
sent/received is spam or not. Automatic spam/ham learning is also enabled with
this service.

Enabling this service requires an additional 250 MB of RAM.

E-mail Message Max Size


Enter the maximum allowed email message size in megabytes. Generally, it
should not exceed 50MB.

Automatically create postmaster@ and admin@


This can save you some time by creating often needed email addresses
automatically for you.

Features
Google Analytics
To track App usage in real time you need to enter a valid Google Analytics
Tracking ID in UA-XXXXX-Y format.

Chat Channel Max Participant Count


The maximum number of participants allowed in a chat channel. Increase this if
you plan on having more than 50 persons attending. This is a per one channel
(room) limitation.

Audio/Video Chat Channel Max Participant Count


The maximum number of participants allowed in an Audio/Video call. Increase
this if you plan on having more than 50 persons joining in with their cameras and
microphones active. This is a per one channel (room) limitation.

Branding
Branding is a great way to white label CrossBox as your own product or service.
You can give it a custom name, upload your own logo and change the color
scheme to best match your brand. Also, branding addon allows you to have a
fully branded CrossBox Client Apps (Web, Desktop, Android & iOS).

Branding feature is most useful for service and hosting providers.

App Name
Enter a custom name for the application.

App Name cannot be changed after the installation.

App Description
Enter a custom Application slogan or a motto. This is usually shown beneath the
App Name.

App Description cannot be changed after the installation.

App Product URL


URL of the web page advertising the application. Users are taken to this URL
when they want to find out more about the App.

App Product URL cannot be changed after the installation.

Default Language
Choose a default language for the App. If you want to add your own language,
you can do so by translating a language file and sending it back to us. We will
then ship it with the next App update.

Theme
Lets you brand the App with your own color scheme. Apart from that, you can
also upload your own App logo. Image for the logo should be in a PNG format
with 1024x1024 px dimensions. CrossBox will then use that image to create logo
versions of different dimensions used throughout the application.

iOS and Android App Settings


iOS and Android sections let you define App manifests that Apple and Google
stores require when publishing the Apps. You will need to fill in a couple of
details:

App Identifier (This is the Application ID. For example,


com.example.appname)
App Author (The name of the Author)
App Author E-mail (E-mail address of the author)
App Support URL (URL where you provide customer support)

Push Notifications
This enables push notifications for your branded CrossBox Android and iOS Apps.
They keep your end users up to date with new emails, chats, calls, files, and
reminders.

GCM is not recommended anymore. Please use FCM - Firebase Cloud


Messaging. We strongly recommend that you use FCM for both
Android and iOS versions.

When using FCM, you need to obtain FCM Sender ID and FCM Key.
Please follow this blog post to find out how to obtain these.

If, however, you must use GCM, then you'll need to fill in GCM Sender ID and
GCM Key. To obtain these, please start here.

We do not recommend using APNs, use FCM instead. If you insist on using APNs,
then you'll need to obtain APNs certificate as explained in "Generate an APNs
client TLS certificate" and then upload it by using "Upload APNs Certificate"
upload box during the installation.

Admin Area
Intro
CrossBox features a simple to use administration interface which is used for
managing a CrossBox server.

Accessing Admin Area


To access the administration, login to Admin Area via
https://hostname:port/administer/area

Replace hostname and port with those you specified during the
installation.

Replace area in the URL if you chose a custom Admin Area URL during the
installation.

Adding a Domain
When using CrossBox for cPanel or Plesk, this is already automated with
hooks. When a new cPanel/Plesk user is created, the domain being created
is automatically added to CrossBox if the cPanel/Plesk user has CrossBox
enabled.

Do this step if:

you are using a standalone version


or you installed CrossBox on a server that has a control panel which is not
officially supported

Simply log in to your CrossBox Admin Area and manually add domains that you
wish to have CrossBox enabled.
An account is a Linux user which you wish to associate with the domain.
A name is domain's name.

After you click Save, the domain you specified will be allowed to use
CrossBox.

When submitted, the form will also output DNS records for DKIM, SPF, and
DMARC. Make sure you add these to your domain's DNS zone to maximize
e-mail deliverability.
This feature is only available in the standalone version.

Make sure that the domain you are creating has MX records pointing to
an IP address of the server which is running CrossBox.

Adding a CrossBox Account


If you are using CrossBox with cPanel or Plesk

When using CrossBox for cPanel or Plesk, this is already automated with
hooks. When a cPanel/Plesk user creates a new e-mail address, the e-mail
address which is being created is automatically added to CrossBox if the
cPanel/Plesk user has CrossBox enabled.

If you are using CrossBox with a control panel which is not officially
supported, you can skip this step. This is possible because CrossBox will auto
create a CrossBox Account when a user logs in with an e-mail
address/password combination which is recognized as a correct one by a local
mail server.

If you are using a standalone CrossBox version, you need to log in to


your CrossBox Admin Area and manually add e-mail addresses, which are
actually CrossBox accounts. A new user form is shown below:
E-mail username is the first part of the e-mail address. For example, joe.doe
A domain is the second part of the e-mail address. For example, domain.com
The password is the password user will use to access CrossBox and
IMAP/SMTP protocols
A quota is a soft quota limit that CrossBox will not allow the user to exceed
Active checkbox defines if a user is allowed to log into CrossBox

After you click Save, the CrossBox user you specified will be created along
with a fully functional e-mail address.
This feature is only available in the standalone version.

Managing a Server
To manage a CrossBox Server login to your Admin Area, pick a server you wish to
manage and click "Manage".

Easy to use Admin Interface lets you stay in full control over:

Domains
Users
Devices
System Accounts
Changing Server's Settings
To change the CrossBox Server Options, login to your Admin Area, pick a server
you wish to modify and click "Settings".

Command Line Tools


The "crossbox" CLI Command
This is the CrossBox command line utility. Use it to view status, restart services,
view logs, trigger updates, and a lot more.

You need to be a root user to run the command.


Monitoring

crossbox stop|start|restart|status

Easily stop, start, restart or output the status of a CrossBox Server.

Updating

crossbox update

Perform a manual update check and update the application if possible.

crossbox update-slaves

Perform a manual update of CrossBox slave servers, provided that the command
is run from the master server.

Logs

crossbox log [--paths --lines]

Displays all logs in real time. If it's too verbose, try using crossbox <service> log.

--paths
displays locations of log files on the system
--lines
defines a number of "last lines" to display for each log file

Service Specific

crossbox <service> stop|start|restart|status|log

You can also specify several <services> by separating multiple services from the
list below with a comma:

redis
mysqld
exim
dovecot
opendkim
rspamd
freshclam
clamd
turnserver
uwsgi
webserver

Medic

crossbox medic

CrossBox Medic will collect all the relevant CrossBox logs from your server, send
them to us and give you a unique key which you can reference when requesting
support.
Utility

crossbox info

Will tell you general information about your CrossBox installation.

crossbox websocket|taskqueue info

Allows you to view WebSocket and task queue statuses. This will also show you
how many users are connected to the server.

crossbox change-admin-password

Allows you to reset admin's password.

crossbox change-admin-email

Allows you to reset admin's e-mail address.

crossbox extra migrate-roundcube-contacts

Imports cPanel RoundCube contacts to CrossBox (useful for users migrating away
from Roundcube).

crossbox changelog

Shows latest update messages.

Debugging
You can enable the debug mode if you are faced with a bug and you want to find
out more about what the application is doing.

crossbox debug disable|normal|unsafe

Use unsafe mode only when you don't see anything indicating a problem. When
using the unsafe debug mode the application may leak information, so use it with
care.

NOTE: Changing the debug mode will restart all CrossBox services.

Performance Tuning
CrossBox Server
Max Number of Workers
Increase the number of workers by setting Max Number of Workers to your total
CPU count. This will allow CrossBox to utilize a multi-core processing. For
example, if you have a server with 8 CPUs, set this to 8.
Remember that each worker also allocates 70-100 MB of RAM. Multiply this by a
number of workers and you'll get the total amount of additional RAM which the
change of this setting will require.

Linux Server
For a high-performance system trying to serve thousands of concurrent network
clients, default Linux kernel parameters are often too low. Consider making
following changes

Increase max open files to 100,000 from the default (typically 1024). In Linux,
every open network socket requires a file descriptor. Increasing this limit will
ensure that lingering TIME_WAIT sockets and other consumers of file descriptors
don’t impact our ability to handle lots of concurrent requests.
Decrease the time that sockets stay in the TIME_WAIT state by
lowering tcp_fin_timeout from its default of 60 seconds to 10. You can lower this
even further, but too low, and you can run into socket close errors in networks
with lots of jitter. We will also set tcp_tw_reuse to tell the kernel it can reuse
sockets in the TIME_WAIT state.
Increase the port range for ephemeral (outgoing) ports, by lowering the
minimum port to 10000 (normally 32768), and raising the maximum port to
65000 (normally 61000). Important: This means you can’t have server
software that attempts to bind to a port above 9999! If you need to bind to a
higher port, say 10075, just modify this port range appropriately.
Increase the read/write TCP buffers ( tcp_rmem and tcp_wmem ) to allow for larger
window sizes. This enables more data to be transferred without ACKs,
increasing throughput. We won’t tune the total TCP memory ( tcp_mem ), since
this is automatically tuned based on available memory by Linux.
Decrease the VM swappiness parameter, which discourages the kernel from
swapping memory to disk. By default, Linux attempts to swap out idle
processes fairly aggressively, which is counterproductive for long-running
server processes that desire low latency.
Increase the TCP congestion window, and disable reverting to TCP slow start
after the connection is idle. By default, TCP starts with a single small segment,
gradually increasing it by one each time. This results in unnecessary slowness
that impacts the start of every request – which is especially bad for HTTP.

Kernel Parameters
To start, edit /etc/sysctl.conf and add these lines:

# /etc/sysctl.conf
# Increase system file descriptor limit
fs.file-max = 100000

# Discourage Linux from swapping idle processes to disk (default = 60)


vm.swappiness = 10

# Increase ephermeral IP ports


net.ipv4.ip_local_port_range = 10000 65000

# Increase Linux autotuning TCP buffer limits


# Set max to 16MB for 1GE and 32M (33554432) or 54M (56623104) for 10GE
# Don't set tcp_mem itself! Let the kernel scale it based on RAM.
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.core.optmem_max = 40960
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# Make room for more TIME_WAIT sockets due to more clients,
# and allow them to be reused if we run out of sockets
# Also increase the max packet backlog
net.core.netdev_max_backlog = 50000
net.ipv4.tcp_max_syn_backlog = 30000
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 10

# Disable TCP slow start on idle connections


net.ipv4.tcp_slow_start_after_idle = 0

# If your servers talk UDP, also up these limits


net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192

# Disable source routing and redirects


net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0

# Log packets with impossible addresses for security


net.ipv4.conf.all.log_martians = 1

Since some of these settings can be cached by networking services, it’s best to
reboot to apply them properly ( sysctl -p does not work reliably).

Open File Descriptors


In addition to the Linux fs.file-max kernel setting above, we need to edit a few
more files to increase the file descriptor limits. The reason is the above just sets
an absolute max, but we still need to tell the shell what our per-user session
limits are.

So, first edit /etc/security/limits.conf to increase our session limits:

# /etc/security/limits.conf
# allow all users to open 100000 files
# alternatively, replace * with an explicit username
* soft nofile 100000
* hard nofile 100000

Next, /etc/ssh/sshd_config needs to make sure to use PAM:

# /etc/ssh/sshd_config
# ensure we consult pam
UsePAM yes

And finally, /etc/pam.d/sshd needs to load the modified limits.conf :

# /etc/pam.d/<g class="gr_ gr_808 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del


multiReplace" id="808" data-gr-id="808">sshd</g>
# ensure pam includes our limits
session required pam_limits.so

You can confirm these settings have taken effect by opening a new ssh
connection to the box and checking ulimit :

ulimit -n
100000

TCP Congestion Window


Finally, let’s increase the TCP congestion window from 1 to 10 segments. This is
done on the interface, which makes it a more manual process that
our sysctl settings. First, use ip route to find the default route, shown in bold below:

route
default via 10.248.77.193 dev eth0 proto kernel
10.248.77.192/26 dev eth0 proto kernel scope link src 10.248.77.212

Copy that line, and paste it back to the ip route change command,
adding initcwnd 10 to the end to increase the congestion window:

route change default via 10.248.77.193 dev eth0 proto kernel initcwnd 10

To make this persistent across reboots, you’ll need to add a few lines of bash like
the following to a startup script somewhere. Often the easiest candidate is just
pasting these lines into /etc/rc.local :

defrt=`ip route | grep "^default" | head -1`


ip route change $defrt initcwnd 10

Hardware
More CPUs means more concurrency
More than 4GB of RAM is often not required, even with high concurrency
Faster Disk means faster IO, therefore we always recommend having an SSD

Uninstall
Simply run the command cd /root/crossbox-installer && uninstall.sh

Steps:

1. Do you want to uninstall crossbox from this machine?


y/n (n):
type "y" and hit enter

2. Do you want to delete all crossbox related data for all


users in the database? y/n (n)
all data that crossbox generated will be irreversibly erased from the disk, enter
"y" or "n"

3. Do you want to delete /home/crossbox? y/n (n)


if "y" will delete crossbox user too

4. Final warnings
You have decided to uninstall crossbox from this machine and all it's users data
and databases along with /home/crossbox. This action is not reversable. Are you
sure you want to proceed? y/n (n)

This will be final prompt-able warning, after this you will still have 10
seconds to cancel the action by entering CTRL+C and sending interrupt
signal to the script

5. Uninstall will start


After 10 seconds the uninstallation will begin by preparing the setup, once this
step starts you should not interrupt the script as it might not completely delete
the software. Depending on the amount of work and performance of the machine
the uninstallation might take from few seconds to several minutes

You might also like