Archive for the ‘ GNU/Linux ’ Category

Nginx PHP-FPM APC cache on cheap Linux VPS

Some months ago I started playing at my very good but cheap Linux VPS with Nginx, PHP-FPM process manager and APC memory cache over Debian. Now I can say that I’m a fan of this configuration and we have a rock solid web server that can handle at least hundreds of requests per second at an incredible low price per month, low response times and low RAM memory requirements.

 

Some basic concepts

A cheap Linux VPS is just a virtual private server hosting plan with any flavor of GNU/Linux OS (Debian in my case, is similar to Ubuntu, in fact, Ubuntu is based on Debian distro) at an affordable price. With a cheap VPS hosting you have more resources and much more control(e.g. full root access) over your virtual private server than with a shared hosting, similar to a dedicated server but much more cheaper and easy to manage. There are expensive ones too, but for most web projects a reliable, affordable or cheap VPS is more than enough.

There are a lot of cheap VPS providers out there, but the one that I can recommend is DreamHost, I think that their features/support/prices combination is excellent and much better than other cheap Linux VPS. DreamHost has fast servers, good and unlimited bandwidth, unlimited disk space too, great support, backups for no extra money and all this over Debian GNU/Linux. At the VPS you have full root access, you can manage and install everything yourself or let it managed by DreamHost if you don’t want all that hassles for the same price.

A basic VPS service(with 300MB of RAM that you can instantaneously rise it at any time you want) at DreamHost costs $24 USD / month (VPS server $15 plus shared server $8.95 with unlimited bandwidth, disk, databases and domains) but if you sign up using the next banner to buy cheap Linux VPS you get a 50 % discount for the first whole year so it is just $12 / month for a VPS and a shared hosting for the first 12 months, unbelievable but true.

A great detail is that you don’t need to pay nothing yet, sign up and you have a free trial period of two weeks, only after that you decide if you want to purchase that hosting plan with shared hosting and virtual private server or not.

 

I recommend you to have the high load and priority websites on the VPS and other websites and databases on the shared hosting.

If you’re going to sign up to try that hosting, I recommend you that sign up at the shared hosting plan, and then at your administration panel upgrade to VPS, is going to be totally free for the first two weeks.

 

  • Nginx is basically a lightweight and powerful web server, with high performance, concurrency and optimum resource usage as main goals.
  • FPM or PHP-FPM is a robust FastCGI Process Manager for PHP, in other words, is going to be the handler or manager between Nginx and PHP, the one that is going to spawn the PHP process to execute your web applications and pass the results to the web server.
  • APC(Alternative PHP Cache) is a PHP opcode cache. You know that PHP is an interpreted programming language, then with APC opcode cache, your PHP source code is interpreted once, optimized and saved in shared memory, so all upcoming requests to that PHP file are going to be processed much faster because the code is already interpreted and optimized in RAM memory.
    One great detail about PHP APC cache is that uses shared memory, this means that all your PHP-FPM childs are going to be using that shared memory so the total memory consumption is ridiculously low, even with a lot of childs.

Enough introduction, shared and VPS hosting talk, let’s move forward.

 

Technical details

I’m going to describe how I did it at DreamHost over Debian OS but is going to be very similar on any other VPS provider with any GNU/Linux flavor.

First of all, you need to choose Nignx at your VPS server configuration on your administration panel.

 

Install PHP-FPM

Send a support ticket telling that you want PHP-FPM in your Nginx VPS server. They are going to compile the latest stable version and install it for you.

 

Compile and install Nginx

An optional step(I did it) is to compile and install the latest stable version of Nginx, most of the time the shared hosting or virtual private servers haven’t the latest ones. It’s very easy, just download the Nginx sources from nginx.org to your VPS. Then tar xzvf on the file, cd to the sources folder and run the ./configure script, make and install it.


./configure --prefix=/choose_your_path/nginx1014 --with-ipv6 --with-pcre --with-md5-asm --with-sha1-asm --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module


make

Then login at your root account and:

make install

Modify the /etc/init.d/nginx script to use your new nginx binary. Now you have the latest version of nginx installed and everything running as they should do.

One more thing to install and then move to the configuration files.

 

Compile and install PHP APC opcode cache

Download the latest stable version of PHP APC opcode cache at http://pecl.php.net/get/APC. Again tar xzvf, cd to the sources folder and:

/usr/local/php53/bin/phpize
./configure --with-php-config=/usr/local/php53/bin/php-config
make

Copy ./modules/apc.so to your PHP extensions folder(do it with your root user).

 

Configure APC module and PHP with a couple security and stability related parameters

Add a file at /etc/php53/conf.d/ with:

display_errors = 0
log_errors = 1
error_log = syslog
file_uploads = 0
mysql.connect_timeout = 10

Create /etc/php53/conf.d/apc.ini with:

[apc]
extension=apc.so
apc.enabled=1
apc.shm_size=48M
apc.ttl=7200
apc.user_ttl=7200
apc.stat=0

Configure PHP-FPM process manager

Next is my configuration that handles this WordPress blog and several other lightweight websites, with lightweight I mean not very big RAM memory usage, without using complex frameworks like Drupal or Joomla, but attending a lot requests per second at normal basis. All this with only 300 MB of RAM memory. I copy only the relevant parameters:

[global]
log_level = notice
emergency_restart_threshold = 0
emergency_restart_interval = 0
process_control_timeout = 0
daemonize = yes


[your_username]
listen.backlog = -1
pm = dynamic
pm.start_servers = 15
pm.max_children = 70
pm.min_spare_servers = 15
pm.max_spare_servers = 18
pm.max_requests = 500
request_terminate_timeout = 0
request_slowlog_timeout = 0
slowlog = log/$pool.log.slow
catch_workers_output = yes

Configure Nginx

Next I paste only the relevant nginx.conf configuration parameters.

worker_processes 4;
events {
worker_connections 1024;
use epoll;
}
http {
...
...
sendfile on;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
keepalive_timeout 25;
#some cache configurations
open_log_file_cache max=64 inactive=60s;
open_file_cache max=3000 inactive=300s;
open_file_cache_valid 600s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_vary on;
...
...
...
...
}

And that’s it, our experience and results with that setup are really good, much better than with our old Apache mod-php or with fastCGI PHP.

Feel free to write any question that you have on the comments section or even better, write about your experience with Nginx/PHP-FPM/APC configuration, possible improvements or anything else.

 

We have all this running with a DreamHost account that includes a shared hosting and a VPS with full root access. If you use this linkĀ  cheap Linux VPS or the banner you have two free weeks and if you decide to buy it, you get a 50 % off for the first whole year, only $12 USD / month the first 12 months, then $24. That’s from $15 monthly for the VPS account and $8.95 for the shared hosting that is required to have your databases at least that you prefer VPS databases too.

Cheap Linux VPS

If you’re going to try it, you can sign up at the shared hosting and then upgrade to VPS, that way is easier and for the first two weeks it’s 100% free anyway.

 

How to create a portable encrypted file system on a loop file

Here I’m going to explain how to create an encrypted file system over a loop file. I also have a encrypted filesystem on a LVM partition but having them on a file has advantages like the capacity of copy the encrypted file in another PC and mount the file system there ( a portable encrypted file system ) or when you are, for example, in a server and you can’t create a new partition.

I do this with LUKS (Linux Unified Key Setup).

This “how to” is for Debian or Ubuntu but if you have another GNU/Linux distribution, it shouldn’t be too different, just install the packages like you always do.

First of all, use apt to install these packages:

apt-get install lvm2 cryptsetup e2fsprogs

Now let’s create, for example, a 500MB file:

dd if=/dev/zero of=/home/you/cryptfile bs=1M count=500

Asociate it with a loop device:

losetup /dev/loop0 /home/you/cryptfile

(if you have /dev/loop0 in use, just use another, like /dev/loop1, /dev/loop2, …)

Fill the file with random data:

badblocks -s -w -t random -v /dev/loop0

Using badblocks is better than create the file from /dev/urandom.
If you haven’t loaded the kernel module for the encryption you want, load them:

modprobe blowfish

When I write this, the default encryption algorithm was AES (if you prefer this use “modprobe aes”).

Create the encrypted file system asociated with the loop device:

cryptsetup -y luksFormat -c blowfish -s 256 /dev/loop0
cryptsetup luksOpen /dev/loop0 crypt_fun
mkfs.ext3 -j /dev/mapper/crypt_fun
e2fsck -f /dev/mapper/crypt_fun

In this case I create a ext3 file system, you can choose any other.

Also you can use another encryption algorithm with another options.

Try “man mkfs.ext3” and “man cryptsetup” to see different parameters and options.

Create a folder to mount the encrypted file system:

mkdir /media/fun

I made a couple of scripts to mount and unmount the file system:

mountCrypt.sh:

………………………………………

#! /bin/sh

(losetup /dev/loop0 /home/you/cryptfile || echo) && (cryptsetup luksOpen /dev/loop0 crypt_fun && mount /dev/mapper/crypt_fun /media/fun)
………………………………………

umountCrypt.sh:

………………………………………

#! /bin/sh

umount /media/fun && cryptsetup luksClose crypt_fun && losetup -d /dev/loop0
………………………………………
And that’s all, you have your portable encrypted file system ready!

How to create a LVM encrypted partition

Be carefully with all this commands, with some of them you can erase all the data in a partition, always use ‘man’… of course, I’m using GNU/Linux.

I do this in Debian, works perfect for me, I’m working, mounting and unmounting the partition for more than a year without any problems.

Well, let’s do it…

First, create the LVM partition(in this case named lv_fun):

lvcreate -n lv_fun –size 1G VolGr01

Then, fill the partition with random data:

badblocks -s -w -t random -v /dev/mapper/VolGr01-lv_fun

Now let’s create the encrypted partition with dm-crypt and luks:

cryptsetup -y luksFormat /dev/mapper/VolGr01-lv_fun
cryptsetup luksOpen /dev/mapper/VolGr01-lv_fun crypt_fun

You must write the passphrase after this commands, use a good passphrase, a reasonable hint is using leters, numbers, some other sign and it should have 20 or more characters (just a quick hint, theres a lot to talk about this).

Use the ‘man’, you can modify a lot of parameters in the previous commands.

OK, the encrypted partition is done! Let’s make the filesystem in this:

mkfs.ext3 -j /dev/mapper/crypt_fun
e2fsck -f /dev/mapper/crypt_fun

In this case I make a ext3 FS, you can do anything else.

And it’s done!

Now you can have some privacy… just some… ;)

We only need to know how to mount and unmount it:

Mount:

cryptsetup luksOpen /dev/mapper/VolGr01-lv_fun crypt_fun && mount /dev/mapper/crypt_fun /media/fun

Umount:

umount /media/fun && cryptsetup luksClose crypt_fun

And that’s it, you have your privacy with a LVM encrypted partition.

If you can’t create a partition or you want a portable encrypted file system you can read my other post about privacy and encryption on linux:

How to create a portable encrypted file system on a loop file