About Web Development by Activo

There are plenty of settings in that file, especially if you are running CentOS 5.3 with latest patches and fail2ban from atomic repository. Here is a short list of steps that I follow when setting up new servers:

1. Setup sendmail to start on boot. Make sure it can send emails correctly (Reverse DNS records, hostname config, etc).

2. Make sure that fail2ban starts on boot (I use ntsysv for that).

3. Edit the jail.conf file, type vi /etc/fail2ban/jail.conf

4. Change the time for increased security:

bantime = 86400
findtime = 3600

5. After you save and exit, change all the destination emails to go to root which will then be forwarded to you:

sed -i 's/you@mail.com/root/g' /etc/fail2ban/jail.conf

6. Add a forward for all emails to root to your email:

echo "myemailaddress@mydomain.com" > ~/.forward

7. Restart fail2ban:

service fail2ban restart

Ron Peled Web Application Hosting CentOS, fail2ban

If you ever run Magento eCommerce on your servers you know that it requires some serious horse power. It is just the nature of the beast, with XML configuration, the usage of the Zend Framework, and MVC design – every page load is not trivial. I realize that there are many lighter and various other forms of web servers, however I always stick to the safest and most reliable which usually happens to be the most popular option out there: httpd. Here is an optimized httpd.conf targeting a dedicated server box for running only httpd (no mysql) and Magento:

A couple of assumptions first:

• You are running CentOS (I did not test any other distros)
• You have httpd installed
• You have lots of RAM (this server has 16GB of RAM)
• This is a dedicated box
• You know what you are doing…

Download the file, copy over your httpd.conf, restart httpd:

wget http://www.activoinc.com/downloads/httpd.conf-magento
cp /etc/httpd/conf/httpd.conf ./httpd.conf.old
cat httpd.conf-magento > /etc/httpd/conf/httpd.conf

Once done, you will also need to update the vhosts area of the file near the bottom of it. In case you wanted, here is a direct link to the file: http://www.activoinc.com/downloads/httpd.conf-magento

Ron Peled Web Application Hosting CentOS, httpd.conf

This is great if you have a server that performs plenty of disk access operations and you are interested in speeding things up a bit. Here is how to do this in three steps. First some assumptions:

• You have root access
• You are the only one that will ever need to mount or unmount this file system
• Running CentOS (this may work, but was not tested on any other linux server)

This is what we are doing:

1. Editing /etc/fstab to set the noatime and nodiratime flags for the file system
2. Remounting the drives/file systems (without rebooting)
3. Checking our work

Step 1: Edit the /etc/fstab, type:

vi /etc/fstab

Add the noatime, nodiratime flags right after the defaults flag in the “/” root mount partition. Repeat to all the partitions that you wish to speed up. Here is how my fstab file looks like after the change (click to enlarge):

Step 2: Remount the file system:

mount -oremount /

Step 3: Check our work:

cat /proc/mounts

Tip: the following command will perform a tiny benchmark test, in case you want to see how fast your hard drives perform. If you want to compare, you should perform a before and after tests.

hdparm -tT /dev/sda

Ron Peled Web Application Hosting, Web Development noatime, nodiratime

Since I provide fully managed hosting services to my selective clients, I’ve been setting up iptables more than I can count. After a while I have the tendency to automate common tasks. In the case of setting iptables it can easily be done by downloading and running a shell script. So I created these two shell scripts each one targets a specific server usage: one for WWW servers and the other is for dedicated DB servers.

Here is a couple of assumptions:

• Using a linux server
• Has iptables installed and running
• You have root access to the server (or enough privileges to run these commands)
• Not a must, but I only tested these scripts on a CentOS server (and many of them…)
• You know what you are doing!

The scripts simply clears the current settings of your iptables, adds open ports as necessary and restarts the iptables service. In the case of WWW it opens the ports 22, 80, and 443 (SSL). In the case of MYSQL it opens the ports 22, and 3306 and if you wish you can uncomment a line in there to restrict access only to a specific set of IPs. In the case of a dedicated server you may only want the corresponding WWW server to be able to access the MYSQL server. Here are the steps, I will divide them by the type of the server:

Setting iptables on a WWW server:

wget http://www.activoinc.com/downloads/iptables-www
chmod +x iptables-www
./iptables-www

Setting iptables on a MySQL server:

wget http://www.activoinc.com/downloads/iptables-mysql
chmod +x iptables-mysql
./iptables-mysql

Note: there is absolutely no warranty that this will work, it is provided with the sole hope that it may save you a few minutes or a couple of hours.

Ron Peled Web Application Hosting CentOS, iptables

When I setup a new server, I typically install it with nothing checked in the packages list of the installation process. I like using yum update first and then running yum install on the packages that I absolutely need. Clean and mean is my favorite way to run a Linux server. Two main reason are behind this: one is performance, this is a bit obvious: the less you got on the HD and processes running in the background the faster the server. Two is security: the less software you have installed your vulnerability “surface area” is smaller.

While installing it clean is great, I do have a minimum set of tools that I usually need in any server. Most of these tools are small and do not require background services so I install them almost by default. You should check if they suite your needs and use it at your discretion. Hint: the goal here is to copy and paste once a new server is installed.

(correction) Before I can use the next command I need to install wget:

yum install wget

Add the Atomic repository (newer versions of LAMP, some security packages):

wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh

Install basic packages:

yum install unzip sendmail ntsysv fail2ban logrotate pdns

Ron Peled LAMP: Linux Apache MySQL PHP, Web Application Hosting CentOS, Linux server

Lately I have been noticing high activity of cyberattacks. In fact, a few of our servers got hit and had to be rebuilt. Of course some of these servers were never built with security in mind. We did manage to save all the data and the redo took less than one day total so the end result is great overall with fully patched servers, firewall, email alerts in place, and finally a way to automatically block failed logins. I’ll show you how to setup the last part, it is actually quite easy.

So, I assume you have a CentOS server. I am using CentOS 5.3 fully updated (yum update) and i have the atomicorp repository setup. The atomicorp is not necessary (it seems) but will allow you to use newer versions of PHP and other packages. The package that will do the work is called fail2ban. A simple install seems to take care of it for us:

yum install fail2ban

Lets install the service, in case that we restart the server – the service will automatically start running, I use ntsysv for this:

ntsysv (hit enter, select the service, make sure it has a start inside the brackets, and click 'ok')

Lets start the service:

service fail2ban start

Here is recommend to setup a auto forward on the root emails to you:

echo 'youremail@yourdomain.com' > ~/.forward

You should be all set. Try to check the log files once a week after the install, see if the service actually blocked potential hackers. Let me know if this worked for you or if you are using a better package?

Ron Peled Web Application Hosting CentOS, Linux

Website performance should not be taken lightly. Now, when I say website performance optimization in general I mean the time that it takes a webpage to fully render in the browser. Many different factors can influence that including the number of files that make your page, the size of the files, whether it renders in standard XHTML or quirks mode, etc. But, for search engines all that matters is the raw HTML output of your site. One of the ways that search engines measure a site’s validity is by measuring the speed it takes it to serve the HTML portion. Yes, raw web server power. Why?

Search engines try to guess which websites out there should gain more respect than others, one characteristics is speed. If you think of it, the speed it takes to serve a page reflects how much the owner invested in it and hence reflects on the ranking that it should get in a backwards way. In other words, a site that is served on a dedicated server with serious horse power should get higher rankings than a site that is served on the cheapest shared hosting plan. Another fact is that major search engines researched user return rate and have found that the return is higher for faster sites and even microseconds count. That is why the best search engines focus on speedier results and favor results from faster websites. Really?

Look at the graph above, you will see a direct correlation between the website’s speed and the number of indexed pages. There might be a delay and it is not 100% accurate because the speed is not the only factor here, but over time it seems to have an effect. These graphs are from Google Webmaster Tools, under the crawler stats. Ok, how should I increase the performance of my site?

Here are a few things to consider:

• Invest in a good hosting package. If you are serious, get at least a VPS with your own IP address (dedicated IP is also a measure). A VPS or a dedicated server will always trump the performance of shared hosting over time. Notice that some shared hosting environments reach 500+ websites on the same piece of hardware.
• If you use PHP make sure to use APC: Alternative PHP Caching.
• Always turn on caching at all levels: Apache, PHP, and your application. All levels usually have some sort of a caching mechanism – use it!
• Research your biggest bottleneck and tackle it, always repeat over time. Just like you do with SEO – it is always work in progress.
• Look in the logs: every time that your server experiences an error or a warning it has to trigger the error handling mechanism which in most environments require additional resources. Especially unhandled exceptions in ASP.NET/IIS7 environments.

The list is really long and can get very technical but in general you always want to keep website performance optimization in the back of your head. It is well worth it!

What is your experience with speed optimized websites? how did it affect your SEO results?

Ron Peled Performance Optimization, Web Application Hosting, Web Development Performance Optimization, Search Engine Optimization (SEO)

As web traffic grows constantly and will continue to grow, I am always on the lookout for better ways to host a robust websites. Our clients always demand the best hosting solution but with an eye on the price. Currently the biggest price tags when it comes to hosting data centers is the power consumption and second is the actual space. Note that a side benefit to lower power consumption is reduction in the need of cooling, since logically increased power consumption means more generated heat.

In other words, to remain competitive hosting providers will strive to provide servers with lower power consumption and smaller form factors while assuming a certain level of processing power. This is exactly what DELL’s R&D is working on these days. Here is a video of what is in the works:

What is interesting is that the fortuna will supposedly place 12 of these mini servers in a single enclosure that fits in 2U space. This makes it a 1/6U server. 6 Servers per 1U of space. Here is a photo of a prototype:

Now, can you imagine each mini server hosting 2-4 VPS with CentOS serving the LAMP stack and either a Joomla, WordPress, or ZenCart on it? Nice!

Ron Peled Web Application Hosting, Web Development Dell Fortuna, web server

If you manage a website that is hosted with the latest Windows Server 2008 and IIS7 you probably want to be aware of the Application Pool settings in general, and in particular the Application Pool Recycle settings. As it turns out, by default, Windows Server 2008 sets the Application Pool to recycle every 1740 minutes. Which is exactly 29 hours or one full day and 5 hours or the number of lattes I had in the winter. All kidding aside, this number is a bit random, especially because it determines when the website’s application pool will recycle and the website will need to recompile, recache, etc. Here is a screenshot:

Instead, what I recommend is that you uncheck the regular time intervals checkbox and use the Specific time one. I chose here 2:00 AM because it is when the site sees the lowest numbers of hits and it is the best time to handle a recycle. You should setup your webserver to recycle when your site is experiencing the lowest traffic levels. So, you’ll probably need to dig into the analytics a bit. Here is a screenshot of how I setup my server:

Pros:
- Recycles during off peak hours
- You actually control when it recycles
- Typically a performance boost on average

Cons:
The application will now recycle every 24 hours, instead of 29 hours. In fact, if you are certain that your website has no major problems and no memory leaks you can potentially set the application pool to not recycle automatically at all. This state needs to be monitored but may result in a longer smooth ride. Enjoy!

Ron Peled .NET Framework, Performance Optimization, Web Application Hosting iis7

Sometimes, when you realize that you could have improved the system with so little effort, we blush. This is what happened to me when I realized that most of the neworking delays could have been avoided with this tiny but wity utility. I knew that having a local caching DNS or the like is the answer but I did not want to use a full fletched DNS server. I found pdnsd – a small proxy DNS server with permanent caching. Perfect!

In a nutshel, pdnsd is a small utility that caches DNS translations locally on the HD, hence next time the server queries the address the response time is likely to be minimal. Usually, the server has to query your ISP’s DNS or whatever DNS server you specified in the /etc/resolve.conf file. In a high performing web servers you are constantly competing with other packets on the network or your network resources. This is a great advantage. By installing pdnsd you achieve the following:

• Decrease the average DNS response time sharply!
• Increase your server performance, especially if this server needs to communicate externally a lot like an eCommerce server which constantly needs to communicate with shipping and credit card servers.
• Save on bandwidth.

Here is how you go about setting up pdnsd on a CentOS server:

1. Download the latest stable rpm:
go to pdnsd download page and look for your relevant rpm. For CentOS 5.2 64bit I got the latest version as of yesterday:

wget http://www.phys.uu.nl/~rombouts/pdnsd/releases/pdnsd-1.2.7-par_sl5.x86_64.rpm

2. Install the rpm:

rpm -i pdnsd-1.2.7-par_sl5.x86_64.rpm

3. Configure pdnsd to use your current DNS servers:

vi /etc/pdnsd.conf

Paste the following, of-course you should use your DNS servers instead:

server {
label="opendns";
ip = 208.67.222.222,208.67.220.220;
}

4. Start pdnsd and test that it is actually working

service pdnsd start

 dig @127.0.0.1 yahoo.com

If you get the IP, it is working. Notice the response time, if you try again you will see a sharp decrease in response time. My servers’ second response time is almost always between 1-0 ms.

5. Set pdnsd to start automatically on boot

vi /etc/default/pdnsd

Enter the following and save:

START_DAEMON=yes

Also make sure the daemon is set to auto start on boot. I use ‘ntsysv’, you can use chkconfig or whatever you are used to.

6. Set your server to use the pdnsd instead of your DNS servers

vi /etc/resolv.conf

Make sure that the first nameserver line is ‘127.0.0.1′. Should look like this:

nameserver 127.0.0.1

7. Restart your network service:

service network restart

How do you know that it is working? try to use any script that needs to go outside to the network, like ‘yum update’. In most cases, you will notice that the second time is much faster. Enjoy!

Ron Peled LAMP: Linux Apache MySQL PHP, Performance Optimization, Web Application Hosting, Web Development CentOS, DNS caching, DNS proxy, pdnsd, Performance Optimization