- This topic is empty.
May 19, 2014 at 9:01 pm #170648
Just set up a VPS on Linode in Dallas, TX (closer to me than San Francisco… which is where it was before). This is important because most of the people visiting my site will be in Denver. It will be running Arch Linux with Nginx as my webserver and a combination of static pages and Ghost because Node.js is super fast.
There’s really nothing more to that announcement, other than I’d like to recommend Linode to people looking for a VPS.
First off, they’re NOT more expensive than Digital Ocean, they just don’t have options at the $5 and $10 price point like DO. That sounds weird but it’s not. With Linode’s base option ($20), you get actually more than DO gives you at the $20 price.
Also, a few months ago, Linode got SSDs, just like DO. And, when you scale up… you get more cores across the board.
Plus, customer support is second to none. Tickets are responded to in 2 minutes and their forums/IRC channel is awesome.
I have no affiliation with Linode whatsoever, other than the fact that I’ll be forking over $20 per month for the foreseeable future.May 19, 2014 at 9:33 pm #170650
All truth, of course, but don’t underestimate the $5 price point. Although it may seem like meager specs, it’ll work for a lot of sites (and in many cases, will be better performance than they ever got out of comparably priced shared hosting).
Of course, DO doesn’t offer an Arch image.
So, that, as they say, is that. : )May 19, 2014 at 9:50 pm #170651
Yeah, I’m down with the $5 price point. The only thing is… I want to host multiple sites on this with no problems. I think $5 is totally fine for someone running one site that doesn’t get a ton of traffic. However, I’m running 3-5 that don’t get a ton of traffic… which still would be fine on $5 but I’m sick of DO and thinking positively!!! Ha ha ha.
In all honesty, I’d be fine to deploy a Debian server. But, all of DO’s kernels are not current. That kind of worries me. Plus, I have serious question about how well they scrub each droplet when its destroyed. I’ve seen MANY sketchy things in that regard. Kind of makes you wonder if you’re inheriting malicious settings. I mean, I know how to lock down SSH and restrict root login and compartmentalize all things sensitive. That being said… I’m not a Linux EXPERT. I don’t know the bowels of the UNIX file system and kernel.
I’d kind of like to maybe go custom and try out Crunch Bang on a server. THAT seems AWESOME! You’d get the best of both worlds and philosophies. I’d like to play around with Pi Bang on the Raspberry Pi beforehand though.May 19, 2014 at 10:12 pm #170653
Oh… and I went full-blown nerd with a Star Wars (specifically Sith) naming convention. My workstation is darth@deathstar and my server is darth@executor. Now I just need a NAS setup called “tiefighter.” Maybe all my wife’s devices will be all Jedi.May 19, 2014 at 10:49 pm #170655chrisburtonParticipant
Why nginx rather than apache? Are there more pros than cons versus Apache?May 19, 2014 at 10:59 pm #170656
Nginx is easier to configure in my personal opinion. Plus, it’s got it’s whole non-blocking processes thing going on. It can serve multiple concurrent requests at the same time. The biggest thing for me: simplicity.
Keep in mind, I have a VERY strict computing philosophy. I believe whole-heartedly in lightweight everything. It’s absolutely a bitch at times to administer an Arch server. But… I love how minimalist and lightweight it is. I usually know what’s going on because I built the system myself and it only has a select number of packages on it. Not a bunch of junk that some other distro thinks I want.
Same type of deal with Nginx. I don’t need the Swiss Army Knife that is Apache. I’m good with a really sharp combat knife :)May 19, 2014 at 11:14 pm #170657
Are there more pros than cons versus Apache?
Anecdotally, I find it to be faster as well. I mean… I haven’t benchmarked it but I use the LEMP stack in dev and production. You should give it a shot.May 19, 2014 at 11:25 pm #170659
You should give it a shot.
Err.. MEMP I guess it would be. Maybe WEMP?May 19, 2014 at 11:28 pm #170660
Maybe I can work this into my network:May 19, 2014 at 11:54 pm #170662chrisburtonParticipant
What about htaccess or phpMyAdmin (does that run on nginx?)?May 20, 2014 at 12:14 am #170663
I believe the latter does. I don’t personally use it though. htaccess I know for a fact does not run natively on Nginx. There’s a bunch of stuff on Github to convert certain things though.
But for example, the only thing I ever modified in htaccess was a snippet from boilerplate that enabled gzip. That’s really easy to set in Nginx. You just uncomment the line that turns it on in the config. Easy as pie.May 20, 2014 at 9:22 am #170705
nginx does support url rewriting too, if that’s what you’re thinking of. I haven’t worked with it myself, but the syntax looks pretty straightforward — more intuitive and script-like than mod_rewrite directives.May 20, 2014 at 9:43 am #170709
So, obviously Linux systems really excel at setting permissions for various users/applications. It provides really, really fine-grained control over who/what can access what/where.
You can relatively easily lock down Nginx so that it can only access what it needs to do its job. More than that, you can make it all owned by root, so that no one can really mess with ANYTHING, should they somehow gain access to your server via Nginx, i.e. through some public facing webpage. This, it would seem to me would be real convenient with WordPress.
Now, provided that you run a Linux server, which I’m pretty sure you do(CentOS?), you can probably do the same thing for Apache. The problem for me is that Apache is SO much bigger, with SO many more files and SO much more code. It’s much, much easier to totally lock down the handful of files that Nginx uses and set their permissions accordingly.
I plan on doing this today.May 20, 2014 at 10:45 am #170714
Don’t make your webserver root. (If that’s what you meant…?) It is far too easy to hack into websites. (I know, I know, we all write infallible code, and infinitely secure websites. But why risk it?) If someone manages to break in, you do not want them to automatically have root access.
Make a new user+group for the webserver, and limit that group to only what it needs. You can create another user to log in/ ssh with, and then “clean up” permissions for other, unused/limited use users and groups.May 20, 2014 at 11:15 am #170717
That’s not what I meant and I’m probably explaining it poorly and this is a mistype:
More than that, you can make it all owned by root
I meant to say that it’s chrooted. Anyway, the default user/group that owns the webserver in Arch is
http, located at
/srv/http. That’s where you’d put all your site files. That doesn’t change. Now, in this case, we would create a chrooted environment, i.e. $JAIL for all the files Nginx will need.
All the info is here:
Beyond that, I’ve restricted root login and ONLY connect via SSH keys and took the time to verify the ECDSA key fingerprint before accepting the connect… so I know it’s clean.
Beyond all of that, I think I should be fine because I plan on serving mostly static pages. I’ll be using Node.js for Ghost, but I’ll make sure that’s properly compartmentalized as well.
- The forum ‘Other’ is closed to new topics and replies.