ed
Member
Registered: 10th Sep 03
User status: Offline
|
I didn't want to go off topic in James' thread but Dom brought something up that interested me 
So, getting a VPS for peanuts with no configuration sounds brilliant - the one I use at the moment has Plesk on it and as it generates Apache configuration files itself it's a constant battle to keep the damn thing running. It overwrites a file somewhere and your websites all go down. This obviously wouldn't be a problem if I was using it the way Plesk intended but I need the ability to configure Apache how I like.
I had a look on http://www.lowendbox.com and there seems to be a decent collection of products out there. Does anyone know what sort of configuration I'd need to do to get a basic LAMP stack up and running? Thinking about security, do I need to take into consideration things like firewalls too?
I'd probably start with one for Apache and then get another for node.js so I don't have to do a reverse proxy.
[Edited on 27-06-2012 by ed]
|
noshua
Member
Registered: 19th Nov 08
User status: Offline
|
I also had a look into LEB VPN's as a result of Dom's post. For the price they're amazing, however I can't think of a single benefit that I would have 
This doesn't answer your question but I'm interested as to what people are using them for.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
With a LEB box it's unmanaged (usually no backups are provided either), so apart from container/service support you're pretty much on your todd and it's obviously cost vs available resources, so you tend to install the minimal (my boxes haven't got DNS, Email, monitoring services install; which saves a fair amount) and optimise as much as possible unless you want to splash out on the VPS.
As for a LAMP stack, the main 'issues' is Apache and MySQL being a tad hungry on resources. MySQL you can optimise reasonably well for LEB boxes but Apache is a bit bloated compared to light-weight variants like Nginx (what i run on my boxes; great for reverse proxies as well) and Lighttpd. Only downside i've found to running Nginx is the lack of htaccess, instead everything is done via config files (reasonably straight forward) and requires restarting the webserver (not a big issue personally), and when using SSL it requires the PEM password everytime you restart (can get around it by decrypting the cert. key but obviously is a big security issue).
And if you can get away from using a control panel then do as again they'll eat resources. However there are a handful of decent free panels like Webmin, Kloxo (CentOS only), ISPConfig plus the handful of open-source panels (i'm currently working on a basic Nginx panel based on someones off LET).
As for security you mostly rely on decent iptable rules (software firewall; limit ports/ips etc). But obviously employ some standards like strong passwords, the use of non-standard ports where possible (SSH being the main one, mail too if possible) and setting up correct user/group permissions so you're not executing front-facing services under root (ideally you'd never touch root unless you need to).
There are a number of decent security 'addons' like Fail2ban and various rootkit scanners/AV's which are great but they all tend to be resource heavy.
LEB and LET forum (lowendtalk.com) are great resources, so is WHT (webhostingtalk.com) and howtoforge.com (some decent tutorials, although they aren't really aimed at LEB's).
And research your LEB host, plenty of c*nts that are just in it for the cash-n-grab and there's almost a weekly horror story on LET.
noshua - Cost is the main benefit ie: $1/2 a month vs $5/6 for a state-side VPN. Granted it requires 10-15mins of fannying around but still.....
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Thanks for the info 
I might give something other than Apache a go for the web server - the main job this web server will do is run a WordPress network and I have found WordPress config files for Nginx in a matter of seconds
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Nginx's configs are pretty straight forward and i wouldn't say they're that much different to Apache. And you'll know doubt find plenty of tutorials on getting Wordpress installed on a LNMP stack anyway.
As for distro, personally i opt for Debian as it's relatively lightweight once you strip out the crap ie: a minimal install is around 10-15MB (i've seen smaller, MB's, but you'll fannying around forever) usage and on my LNP (no mysql) boxes it idles around 25MB (inc dropbear, syslog etc) and loads to around 50-100MB.
And it's worth looking at some of the custom install/config bash scripts (aka LEB scripts) that are around as it gives you a good platform to start with. There's a good thread over on LET - http://www.lowendtalk.com/discussion/2775
However with Debian i tend to use a mixture of >Minstall< for the 'clean package' (not all VPS hosts carry minimal install distro images, so this clears a lot of the crap that tends to get installed on the instance) and >ilevkov's< LEB script for everything else (although i've edited out the install of *top/VI/MC packages as a lot of them require python which, unless you need it, is rather bloaty).
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Thanks for the help again - Minstall looks like it'll provide a good base to start with. Best get PuTTY out and start configuring!
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Oh, don't have to worry about mail either - we use Google Apps for that.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Right, after saying I didn't need mail I just realised I do for WordPress signups and password recoveries.
How do I configure sendmail for PHP on an nginx server using Debian? I've found a few tutorials online but I can't get any of it to work
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Are you able to send mail if you cli sendmail (something like /etc/sbin/sendmail *email address*)?
Also worth flushing the iptables just to make sure you haven't got any dodgy rules.
Tbh i haven't had much experience with using MTA's on LEB boxes, although it was all pretty straight forward when i've installed Exim in the past.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
I installed postfix and it just worked (though a few previous attempts didn't work at all). No idea why it worked this time round 
Only issue is email goes straight through to the spam folder. The email address is wordpress@ecssrv.net which I can whitelist, but previously I don't think I had to. I'm guessing there's some more configuration that needs doing with that one?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Check the VPS IP isn't blacklisted on any of the spam lists, i've seen it a bit with LEB boxes. Otherwise it probably isn't whitelisted with the mail server/ISP you're sending mail to, which case (if they have the option) you have go through the palaver of requesting a whitelist of the IP; from past experience with a clients mail server it's a royal PITA.
If you're going to be sending mail to clients/customers then it might be easier to use a third party SMTP.
Edit - Might be worth posting on LET and seeing what some of the LEB old-timers say.
[Edited on 28-06-2012 by Dom]
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Good shout. Could probably set it up to use the GMail SMTP server with My Apps account if all else fails.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
If it shows as originating from a single box it'll be blocked by loads of spam software.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Just for completeness, here's what I did:
http://www.nixtutor.com/linux/send-mail-with-gmail-and-ssmtp/
Using a GMail account on a domain on my Google Apps account - PHP can now send mail straight to my inbox rather than spam folder. It's slower than doing it all locally, but it works.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Oh, and by ripping out Postfix and using SSMTP I seem to have halved the amount of RAM being used
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by ed
Oh, and by ripping out Postfix and using SSMTP I seem to have halved the amount of RAM being used
Good to know about SSMTP, will have to give it a try.
Who did you end up going with for your VPS anyway?
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
I went with Evorack as they seemed to have loads of positive comments in their bit on lowendbox.com. They also have a £3.50 off deal at the moment
|
