A virtual web server is a computer system that can act as a front end to the internet, allowing users to access the internet from anywhere in the world. A virtual web server can be used to host websites, or it can be used as a back-end for other websites. There are many different types of virtual web servers, and each one has its own advantages and disadvantages. The most important thing to consider when choosing a virtual web server is its performance. A good virtual web server should be able to handle large amounts of traffic quickly and without any problems. Another important factor to consider when choosing a virtual web server is its security. A good virtual web server should be able to protect your website from unauthorized access and theft. It also should be able to keep your website up and running even if there are occasional problems with the internet connection.

Overview

There’s a number of problem areas where we want to maximize performance:

Linux configuration There are usually services running that don’t need to be, wasting memory that could be used for more connections. MySQL configuration Often the default settings are based on a small server, we can add a few key changes to increase performance a great deal. Apache configuration By default most hosting providers install apache with nearly every module installed. There’s no reason to load modules if you aren’t ever going to use them. PHP configuration The default PHP configuration is similarly bloated, there are usually a ton of unnecessary extra modules installed. PHP Opcode Cache Instead of allowing PHP to recompile the scripts every single time, an opcode cache will cache the compiled scripts in memory for huge performance boosts. Backups Should probably setup some automated backups, since your hosting provider isn’t going to do it for you. Security Sure, Linux is secure enough by default, but there’s usually some glaring security issues that you can fix with a few quick settings.

Linux Configuration

There’s quite a number of tweaks you can do, which will vary slightly based on the server you are using. These tweaks are for a server running CentOS, but they should work for the majority of DV servers.

Disable DNS

If your hosting provider handles the DNS for your domain (likely), then you can disable the DNS service from running.

The chmod command removes execute permission from the script, stopping it from running on startup.

Disable SpamAssassain

If you aren’t using email accounts on your server itself, you shouldn’t bother running anti-spam tools. (Also you should check out Google Apps, much better email solution)

Disable xinetd

The xinetd process houses a number of other processes, none of which are useful for a typical web server.

Limit Plesk Memory Usage

If you use the plesk panel, you can force it to use less memory by adding an options file.

Add the following lines to the file:

Note that this option is known to work on MediaTemple DV servers, but has not been checked on any others. (See References)

Disable or Turn Off Plesk (optional)

If you only use Plesk once a year, there’s very little reason to leave it running at all. Note that this step is completely optional, and slightly more advanced.

Run the following command to turn off plesk:

You can disable it from running at startup by running the following command:

Note that if you disable it, then you can’t start it manually without changing the file permissions back (chmod u+x).

MySQL Configuration

Enable Query Cache

Open your /etc/my.cnf file and add the following lines in your [mysqld] section like this:

You can add more memory to the query cache if you’d like, but don’t use too much.

Disable TCP/IP

A surprising number of hosts enable access to MySQL on TCP/IP by default, which makes no sense for a website. You can figure out if mysql is listening on TCP/IP by running the following command:

To disable, add the following line to your /etc/my.cnf file:

Apache Configuration

Open your httpd.conf file, often found in /etc/httpd/conf/httpd.conf

Find the line that looks like this:

And change it to this:

Now find the section that includes these lines, and adjust to something similar:

PHP Configuration

One of the things to keep in mind when tweaking a server on the PHP platform is that every single apache thread is going to load up PHP in a separate location in memory. This means if an unused module adds 256k of memory to PHP, across 40 apache threads you are wasting 10MB of memory.

Remove Unneeded PHP Modules

You’ll need to locate your php.ini file, which usually is found at /etc/php.ini (Note that on some distributions, there will be an /etc/php.d/ directory with a number of .ini files, one for each module.

Comment out any loadmodule lines with these modules:

odbc snmp pdo odbc pdo mysqli ioncube-loader json imap ldap ncurses

 

Todo: Add more information here.

PHP Opcode Cache

There are a number of opcode caches that you can use, including APC, eAccelerator, and Xcache, the last one being my personal preference due to stability.

Download xcache and extract it into a directory, and then run the following commands from the xcache source directory:

Open your php.ini file and add a new section for xcache. You’ll need to adjust the paths if your php modules are loaded from somewhere else.

Add the following section to the file:

Todo: Need to expand this a bit and link to xcache in the references.

Backups

There’s very little more important than having automated backups of your website. You may be able to get snapshot backups from your hosting provider, which are also very useful, but I prefer to have automated backups as well.

Create Automated Backup Script

I usually start by creating a /backups directory, with a /backups/files directory beneath it. You can adjust these paths if you want.

Now create a backup.sh script inside the backups directory:

Add the following to the file, adjusting the paths and mysqldump password as necessary:

The script will first create a date variable so all the files will be named the same for a single backup, then dumps the database, tars up the web files and gzips them. The find commands are used to remove any files older than 5 days, since you don’t want your drive to run out of space.

Make the script executable by running the following command:

Next you’ll need to assign it to run automatically by cron. Make sure that you use an account that has access to the backups directory.

Add the following line to the crontab:

You can test the script ahead of time by running it while logged on to the user account. (I usually run the backups as root)

Sync Backups Off-Site With Rsync

Now that you have automated backups of your server running, you can sync them somewhere else by using the rsync utility. You’ll want to read this article on how to setup ssh keys for automatic login:Add Public SSH Key to Remote Server in a Single Command

You can test this out by running this command on a linux or Mac machine at another location (I have a linux server at home, which is where I run this)

This will take quite a while to run the first time, but at the end your local computer should have a copy of the files directory in the /offsitebackups/ directory. (Make sure to create that directory before running the script)

You can schedule this by adding it to a crontab line:

Add the following line, which will run rsync every hour at the 45 minute mark. You’ll notice that we use the full path to rsync here.

You could schedule it to run at a different time, or only once per day. That’s really up to you.

Note that there are a lot of utilities that will allow you to sync via ssh or ftp. You don’t have to use rsync.

Security

The first thing you want to do is make sure that you have a regular user account to use through ssh, and make sure that you can use su to switch to root. It’s a very bad idea to allow direct login for root over ssh.

Disable Root Login Over SSH

Edit the /etc/ssh/sshd_config file, and look for the following line:

Change that line to look like this:

Make certain that you have a regular user account and can su to root before you make this change, otherwise you might lock yourself out.

Disable SSH Version 1

There’s really no reason to use anything other than SSH version 2, as it’s more secure than previous versions. Edit the /etc/ssh/sshd_config file, and look for the following section:

Make sure that you are only using Protocol 2 as shown.

Restart SSH Server

Now you’ll need to restart the SSH server to make this take effect.

Check for Open Ports

You can use the following command to see which ports the server is listening on:

You really shouldn’t have anything listening other than ports 22, 80, and possibly 8443 for plesk.

Setup a Firewall

Main Article: Using Iptables on Linux‎

You can optionally setup an iptables firewall to block more connections. For instance, I usually block access to any other ports other than from my work network. If you have a dynamic IP address you’ll want to avoid that option.

If you have already followed all of the steps in this guide so far, it’s probably not necessary to also add a firewall to the mix, but it’s good to understand your options.

 

 

See Also

Using Iptables on Linux‎

References

Optimizing your DV server (mediatemple. net) XCache