The Perfect Webserver
what's the perfect webserver:
- start small
- extendable, expandable
- easily add more ram, more cpu, more host
- from simple load balancing, fail-over, to complex clusters system
choices:
- free
- outsource. let me handle your server.
- setup your own
free 'perfect' webserver
- blogger.com can host your web/blogs for free on their highly-available clusters with your own domain name. you can rest assure google will not let you down.
setup your own
- start small with one vps server which handle everything from web/mail/mysql/etc…
- when needed, you can always setup another vps to handle one single function. ie. if your database is hogging your vps, you can setup another vps which only handle database, etc…
- multiple web/mail/database server for fail-over/load-balancing
- multiple servers for clusters
the perfect vps lamp-server with ubuntu
overview:
- my host 'kick' me out from cpanel shared hosting for my clients web is quite high traffic and causing high cpu and memory resources usage.
- so we identified the single problem here is the web.
how do i 'fix' this issue?
- we already identified the web traffic is the problem
- we still need 'some' cpanel ease so that other administration can be delegated to less advance technical staffs
- only lamp server (apache+mysql+php) is moved out of shared hosting to vps server
- email still easily managed on cpanel
- another advantages: mail server require good spam protection. spam assassin require lots of cpu/memory resources. meaning your vps server need more ram. meaning, more expensive host.
- alternatives: setup zimbra on your local server to accept mail. see http://wiki.dennyhalim.com/search:site/q/zimbra
installation:
- get a good xen vps host
- choose ubuntu LTS (6 or 8) server setup. only LTS is recommended for serious business use.
- install lamp-server and stuffs
# first off all, activate firewall to protect your server
# only open the ports you will use. only open port 443 if you setup https.
ufw allow proto tcp from any to any port 22
ufw allow proto tcp from any to any port 80
#ufw allow proto tcp from any to any port 443
ufw enable
aptitude update
aptitude safe-upgrade
aptitude full-upgrade
tasksel install lamp-server
aptitude -y install phpmyadmin nginx awffull fail2ban rssh logrotate
# set awffull to read nginx log instead of apache2
#add this to /etc/logrotate.d/nginx just before postrotate:
prerotate
/usr/bin/awfull
endscript
# vi /etc/cron.d/customsched
01 2 * * * root /usr/sbin/ntpdate pool.ntp.org
12 3 * * * root /usr/bin/awffull
# now adduser and give restricted shell
#email. only if you need to read email on your server or on any other server
aptitude install mutt ilohamail
#anti ddos http://deflate.medialayer.com/
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
- change apache2 to use other ports and nginx to handle port 80
- setup geoip
- no ftp. not even ftps. coz, you can use sftp http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
- no other servers. no mail server. nothing else.
- you can install postfix for mail server if you really need it. or maybe for only sending email.
- less servers, less opened ports, less security problems
- everything from repo. so, let the ubuntu team watch for security issues and all we need to do just aptitude upgrade
result:
- after tuning apache/mysql configurations, my 'perfect' setup uses 70meg ram when idle.
- on busy hours, it uses no more than 120meg ram.
- this can safely run on 128meg vps
- you can tune it even more if you want to run it on 64meg vps
- see http://wiki.dennyhalim.com/webserver for more tuning
easily tuned to run on 64meg vps
i think it wont be hard to set it up for 64meg vps…
it's also with default openssh. so replacing it with dropbear will surely bring it below 60meg.
(and it's still full blown apache2+mysql5+php5+suhosin)