« InnoDB on VPS (among other things)
Moving to a VPS »

VPS Configuration

April 9th, 2009 by michael

This site will shortly be transferred to a VPS (Virtual Private Server) along with my other sites. Rational is simple, save money. Effect is limited resources, and a smug sense of satisfaction once I have it working.

Here are my software choices so far, with reasoning.

 

  • OpenSSH. I need remote access, and you can’t go far wrong with OpenSSH. I tried DropBear, and it worked really well with literally zero config, but I had one other requirement. Prevention of brute force attacks. Here are the considerations (last one is the clincher):
    • OpenSSH uses more memory than DropBear. But not enough to be a problem.
    • DropBear provides all of the functionality I need from an SSH server.
    • Denyhosts works out of the box with OpenSSH.
  • Denyhosts. This protects against brute force password attacks. I used to use Fail2ban, and it works really well, really very well. But, it also consumes an excessive amount of memory. This wasn’t a problem before, but on a VPS it is. Here are the considerations (last one is the clincher):
    • Fail2Ban will monitor any kind of service, and is highly configurable.
    • Denyhosts will only monitor OpenSSH.
    • The main reason I used Fail2Ban was to monitor the FTP upload server. But if I could stop using FTP, and insist on SCP instead.
    • Denyhosts uses 40 times less memory than Fail2Ban.
  • MySQL with InnoDB support. This is controversial in the VPS world. Nearly all advice tells you not to use InnoDB, but think what you are giving up, foreign key constraint checks, transactional integrity. These are big things!…  This isn’t an either/or situation, you have or not and that’s all. It turns out that by limiting stack sizes with ‘ulimit -s 1024′ (or name your figure) you can seriously reduce the memory footprint of MySQL with InnoDB.
  • Apache. The following are the considerations (last two are the clinchers):
    • Apache is a mature well rounded product.
    • Apache uses a lot of memory.
    • Lighttpd / Nginx are light weight and fully functional alternatives.
    • Apache with lower stack sizes, ulimit -s 1024 (see above), and using the worker MPM will have a significantly reduced memory footprint.
    • All of my experience is with Apache.

I am less concerned with email services, as there are many good choices there. But just so you know, I went with Dovecot and Postfix.

All software I use is available as a Fedora package without recompilation. Low maintenance is what I like.

 

 

 

Share/Save/Bookmark

This entry was posted on Thursday, April 9th, 2009 at 4:04 pm and is filed under computing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply