Running my own web servers

There are excellent shared web hosting providers out there. Personally I prefer and recommend Uberspace and domainFactory, if you are located in Europe and you speak German, and DreamHost, if you are living in North America. But even these are not perfect.

While researching WordPress topics, I constantly noticed mentions of nginx, PHP-FPM, APC and memcached. Also, people are talking about fast WordPress site. Like, really fast. I wanted that, too, but a shared hosting provider can’t deliver this. Maybe DreamHost’s DreamPress WordPress hosting service does, but considering the number large of sites I manage, it’s too expensive for me.

So I began researching about how to set up my own web server. Many of the better tutorials I found on digitalocean.com. Only later I discovered that DigitalOcean offers Virtual Private Servers in several data centers around the world for a very good price. And today, I am a happy customer of theirs with VPSs in Frankfurt, Germany and San Francisco, USA – for my German and my Mexican clients respectively.

I will not post a detailed tutorial about how to set up a web server, many others have done this before me. But I’d like to link to all the resources that I found useful. These will give a head start to anyone who wishes to try this herself.

If you find anything that’s stupid, ridiculous or even dangerous, please drop me a note!

Initial server setup

It all starts with setting up, and somewhat securing, a virtual private server “droplet” at DigitalOcean. Because I am most familiar with Debian based GNU/Linux systems and because of the many, many existing tutorials, I choose the Ubuntu 14.04 LTS distribution as my server operating system.

I update the OpenSSH configuration according to the Applied Crypto Hardening paper from BetterCrypto.org.

mosh

Where I work (i.e. Mexico), the internet connection is often unreliable. And as I use SSH all the time to do work on the servers, the SSH replacement mosh is invaluable to me.

Automatic security upgrades

I like my servers to automatically install relevant security updates.

notification emails

I’m sure there must be a better solution, but to enable email notifications I install sendmail.

sudo aptitude install sendmail

The LEMP stack

The LEMP stack differs from the ubiquitous LAMP stack in the choice of the web server. Instead of Apache there is nginx.

fastcgi_params

To get PHP-FPM working, I need to add an extra line to the default /etc/nginx/fastcgi_params configuration file, as found in the nginx wiki:

fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;

APC vs. Zend Opcache

An OpCache caches compiled versions of the PHP scripts that e.g. WordPress runs on. This tremendously speeds up any PHP site. With PHP 5.5 came built-in support for the Zend Opcache. which effectively renders other solutions, like APC, obsolete.

To check if the OpCache is running, you can for example use

Zend OPCache on Uberspace

To enable the Zend OPCache in an Uberspace shared hosting environment, you only need to specify your PHP version to e.g. 5.6.

memcached

memcached caches database queries, among others. It’s so easy to install, there is no reason not to.

memcached and WordPress

The WP-FFPC plugin turns memcached into an in-memory page cache for WordPress.

PHP pools

For security and possibly performance purposes, php-fpm “pools” separate php users for different web sites running on the same server.

What’s next

user permissions

I am still researching and experimenting with the best setup of user permissions on the server itself. I run sites from several users on the same server, so that’s important. I want my clients to have full access to their files, too. But I also won’t offer shared hosting to everybody. So for now, it’s not a big deal.

my config files

Ideally I would publish all of my configuration files for reference. Maybe I will.

IPv6

It took me far too long to figure out how to enable IPv6 support in the nginx configuration. When I know why my current settings work, I’ll write about it.

To check IPv6 availability, I use ipv6-test.com.

Varnish

Varnish is a caching server that sits in front of the web server. Although I absolutely don’t need this for the sites I manage, I really want to try it out and play with it.

Conclusion

Many of the sites that I have already moved to my web servers run a lot faster than before, and more reliably as well. Google’s PageSpeed Insights likes them, too. Also, I pay less for my virtual servers than for all the shared hosting accounts.

I am very happy so far.