Installing vds. Setting up a server from scratch using the example of VPS from Hetzner

Twitter

Background

The best way to develop is to share your experience.

Previously, shared hosting was enough for me to launch websites. This is a reasonable saving if site traffic is low. This continued until 2014, when a fairly visited resource came into my hands, running on a VPS and at the same time being very slow. It's no joke - pages could be generated in 10 seconds! On my home Ubuntu, I have repeatedly installed a stack of LAMP programs with the command sudo apt-get install lamp-server^ , scattering the sites into different folders and creating simple configs, so the first thing I did was move the site to my hardware. It worked quite quickly on my home PC, so I decided that I just needed to reinstall the software from scratch on the server. In the dead of night, when there were few visitors, I installed Ubuntu 12.04.4 (then the most current version), Apache+PHP+MySQL+phpmyadmin+proftpd and launched the site. Alas, page generation lasted 5-10 seconds and continued to take up precious time.

I started digging further and became convinced that the problem was in the self-written CMS components (it was Joomla, by the way). Rewriting slow CMS code that I'm not familiar with is not the best solution when the work needs to be completed under a tight deadline. Therefore, I added caching to the components and hallelujah - the brakes disappeared! Pages began to load in 0.7-0.9 seconds, which is a more than fivefold increase in performance.

I will give a direct answer to the question: how can you make a website running on a cheap, slow server work quickly?

Selecting a VPS

If you don't have a virtual server, read about it. In the article, I talked about the minimum system requirements for a virtual server and how to choose the right one.

Selecting an OS for the server (Ubuntu Server 16.04)

Usually hosting gives you the opportunity to choose the operating system for your server. Most of the ones offered are various Linux distributions: Debian, Ubuntu, Arch Linux, CentOS, OpenSUSE, Fedora, Gentoo and others.

You can install anything on a personal computer, but on servers it is important stability. In my opinion, Ubuntu 16.04- reasonable compromise between new software versions and stability. Instructions for Debian are also suitable for Ubuntu, which means that novice users will have freedom in terms of improving their skills and finding answers to questions. Then, if you wish, you can switch to CentOS or even FreeBSD, but for starters, to avoid headaches during setup, Ubuntu couldn’t come up with anything better.

My subjective opinion about popular distributions:

CentOS (any version): It will be difficult for beginners, because there are not very many instructions. Quite recent versions of the software are available in the repositories.
Debian (any version): It takes up little RAM, which helps a website with high traffic work faster by allocating memory to the cache and PHP with MySQL (after fine-tuning, of course), but the old ones are available in the repository. verified versions of PHP, which is why the speed of sites will not be as high as it could be. There are a lot of instructions, novice users can figure it out, but setup takes time.
Ubuntu Server 16.04: server version of the popular Linux distribution. Version 16.04 will be supported until April 2021 - this means that after setup you will be able to just update the software. Updates are important because new versions fix found vulnerabilities and eliminate bugs. The software versions in the Ubuntu 16.04 repository are relatively recent. For example, at the time of writing, PHP 7.0 is available, which gives a 30% performance increase compared to PHP 5.6, which is the default in Debian 8.
Ubuntu Server 16.10, 17.04, 17.10: version 16.10 has already been released, but security updates will stop coming in July 2017, you will have to update the entire system to 17.04. At the time of writing, 17.04 is being prepared for release, and 17.10 is still only in plans; there is no point in installing them either: these are not LTS releases, which means they will also quickly turn into a pumpkin.

For those who like to configure everything manually, you may get a real kick out of the fact that I propose Ubuntu Server 16.04 as the basis for a web server, because there is CentOS/FreeBSD/Something_else_OS. The choice in the world of free software is always conflict and conflict. My position is this: Ubuntu is a good start, start with it, and then everyone has their own path.

How to connect to VPS

You need to understand what a console is and what commands there are. The fact is that each hosting strives to make its own VPS assembly. For example, installs Apache, MySQL, edits configs. Therefore, you need to be able to look at the logs and understand what is happening.

So, the OS was chosen, the server was ordered, the server’s IP address, username and password for access via SSH appeared in the hosting admin panel. How to connect to VPSke?

The server is controlled through the terminal (console) by entering commands. Typically, you connect to the console via SSH using appropriate programs. I recommend using Putty as the most common: link to the newest version. The version with the MSI installer (the first link in the list) is the most complete package. Or you can use a fork (modification) of Putty called KiTTY, which adds a lot of useful things compared to the original program.

After installing the VestaCP control panel, the server can be controlled via a browser, accessing the console only to update programs.

The instructions are suitable for Ubuntu 16.04 and 16.10. Please do not ask me about installing software on CentOS and other distributions - this is a topic for a separate article.

Login to the server using Putty

To log in, you only need the first tab in the Putty start window:

1 - enter the IP address of your server here;

2 - port, default 22;

3 - enter any name;

4 - saving settings under the name from the third paragraph;

5 - in the future, simply start by double-clicking on an item in this list. There are buttons to edit the settings of this particular item Load And Save.

After clicking Open(or double-click on a saved item in the list), if you entered the address and port correctly, a warning will appear:

This means that Putty does not yet know the digital fingerprint of this server and offers to remember it. Feel free to click “Yes”. In the future, if suddenly someone replaces your server with a fake one, the window will appear again. It's comfortable.

A console will appear asking you to log in:

You must first enter the login issued by the hoster, press Enter, password and Enter again:

Here's an important point: If you are given a password for the root user, you need to create another one with less rights. As the root user, you can accidentally delete any system files, and we want the VPS to last as long as possible.

To add a new user, enter the command:

adduser username

Then add it to the sudo group so that you can also perform root operations, but only with the sudo command:

usermod -a -G sudo username

After this, you can log out of the root using the logout command and log in as a new user. Use it in the future.

There is another way to authorize on the server: using a digital key. A key file is generated, thanks to which the server knows that you are you. It is simply impossible to find a digital key, so access to the server via the SSH protocol will be extremely reliable. By default, foreign hosters like to enable access using a digital key; so far only one of ours has seen it. If you have a simple login/password combination, don't worry and just keep in mind that there is a more secure method that can be enabled in the future. There are plenty of instructions on the Internet on how to set it up, I won’t dwell on this.

Software updates

You need to remember the update command, which you will have to enter often:

sudo apt update && sudo apt upgrade

More precisely, these are two commands combined into one, so as not to press Enter again:

apt update updates the list of programs by downloading Ubuntu 16.04 from their repository;
apt upgrade starts updating server programs if there are outdated ones;
sudo means that apt must be run as root.

Usually the software updates itself. Intervention is required only if the configuration files included in the kit do not match the contents available on the server. In this case, you are given a choice: replace, compare line by line, or leave existing files. In practice, you can leave the configuration unchanged.

A little theory: how a web server works

A web server is a program that will parse the visitor's browser request and give it the necessary files. To run a full-fledged website on WordPress, one web server is not enough - it can only serve static (pre-prepared) files; you also need a PHP interpreter and a database server. Any WordPress site is a set of scripts in the PHP programming language that requests information from the database server in order to generate pages with posts, user comments, admin panel and other useful information. interactive pieces.

The general operating principle is as follows:

1. The user's browser finds out from the provider's DNS server the IP address of the server on which the site is located.

2. Then the browser contacts the server by IP address, indicating at the same time which site it needs.

3. The web server parses the request, determining what to give to the visitor. Two possible events:

A) If it is just a photo, document or other static file, then the web server loads this file from disk and gives it to the visitor.

b) If the request involves processing through a PHP script, it is executed, generating the html code of the page and this ready-made code is transmitted to the web server, which, in turn, transmits it to the visitor’s browser.

You may be thinking, “Why read this ABC book? Since I bought a VPS, I know everything!” You will have to be patient a little, because there are nuances that many people forget about. Even professionals in their field, judging by the questions on such a serious site as toster.ru, sometimes get a rake in the forehead.

Selecting a Web Server: Apache vs Nginx

By default, the VPS will not have a web server, PHP interpreter, or database server. You need to install them yourself. Consider the two most popular web servers - Apache And Nginx.

Apache- the most popular choice. Compatible with all CMS, including WordPress. Unfortunately, the speed of work leaves much to be desired. A website running on Apache, when there is an influx of visitors, will begin to open slowly or will even display an error 500, 502, or another of the 5** series if the server does not have enough resources. There is only one plus: compatibility. It runs any website, any CMS, any software written in PHP.
Nginx- the second most popular web server. Used by many visited sites. For example, Yandex, Mail.ru and Vkontakte. The strength of nginx is it very fast gives the visitor static files (.htm, .jpg, .png and others). Thanks to this and some other features, on a server of similar performance, Nginx can handle a larger number of simultaneous visitors and also allows pages to load faster. Of course, there is no magic - if there are a lot of visitors and there are not enough server resources, 5** errors will also appear, but if O higher loads. There is information about why Nginx is faster

Everything is relative. If it were not for the existence of Nginx, we could safely install Apache and, when site traffic increases, simply move to a faster server. But I'm talking about how to make the site work fast, so let's send Apache somewhere else.

I suggest using Nginx because:

Nginx quickly serves static files. I emphasize - indeed fast. If you have a site with a lot of photos, the transition to Nginx will be noticeable to the naked eye: images on the pages will appear quickly, as if you were connected to a faster Internet.
Nginx can cache the results of PHP scripts and serve them to the browser as quickly as static files. This is the same rake that some admins fall into, including me. Nginx can work in any conceivable configuration, and if you suddenly want to speed up your site, it’s tempting to enable all types of caching. But with a long caching chain, performance, on the contrary, may drop! Moreover, visitors need a site that is not frozen in time - comments, forums, news feeds must be updated. It is quite expensive to update the cache page by page in WordPress. And if you reset everything with every new comment or blog entry, site performance will be low, because some of the resources will be spent on constantly rebuilding the cache. Therefore, next I will propose a guaranteed caching method that will definitely speed up the site; you will finish the rest yourself if you wish.
Nginx is fault tolerant. Since this is also a proxy server, with proper configuration, if the PHP interpreter suddenly “falls off,” the site will continue to work, giving cached pages to visitors.
We control Nginx in configuration. Everything is concentrated in several .conf files and all the logic of the parameters is based on the visitor’s request. Nginx parses the requested URL “brick by brick” and decides whether to give the photo, redirect the request to the PHP interpreter, take what you are looking for from the cache, or deny access. As a result, as many resources are given to deliver content as needed. Apache works differently. How exactly is described in the article, the link to which I provided at the beginning of the chapter.

In my opinion, you can use Apache only if the site developers explicitly declare compatibility only with this web server. But even in this case, you can make a proxy out of Nginx, allowing it to serve static and cached files, redirecting requests for generating dynamic pages to Apache. Since WordPress works well with Nginx, I will not consider such a chimera. Only Nginx and PHP-FPM, to eliminate any intermediate steps that could slow down the work speed and complicate the setup.

PHP Selection: Versions 5.6, 7.0, 7.1 and 7.2

I’ll say right away: you need at least PHP version seven. Compared to 5.6, the speed increase can be twofold. Those pages that opened slowly will open faster, and fast ones will be generated almost instantly.

At the time of writing, Ubuntu 16.04 comes with PHP 7.0 installed by default, although 7.2 has already been released. Between 7.0, 7.1 and 7.2 the difference in performance is minimal (from 1 to 10% in different tasks). Having gained experience in setting up PHP, you can install the latest one, but at first it is better to leave the one that will be in the standard OS repositories.

Selecting a database server: MySQL, MariaDB, PostgreSQL and others

In addition to the web server and PHP interpreter, the database server must be running. WordPress works great with MySQL and MariaDB, but with PostreSQL and other SQL-supposedly-compatible databases everything is sad. If the site does not have tens of thousands of actively commenting visitors, a regular MySQL Server will not be a bottleneck - read operations from the database are cached perfectly.

For now, it's better to stay with MySQL Server. In the future, you can transfer the database to MariaDB and thus speed up the work of a busy site; there are plenty of instructions on this topic on the Internet.

Do I need a DNS server?

It is often forgotten that a virtual server can act as a DNS server if the appropriate software is installed and the server’s IP address is indicated in the domain records as the DNS.

My opinion: This is a serious security risk because if the VPS is hacked, if the DNS records are changed, it can take a whole day to fix the consequences, even if you fix the hack instantly. That is, DNS servers all over the world can open a fake website instead of yours for 24 hours, which is why you will lose visitors and, more importantly, their trust.

Within 5-20 minutes, the Nginx web server, PHP-FPM as a PHP interpreter, Exim for sending email messages, MySQL Server for database operation, Vsftpd for FTP access, Iptables firewall and Fail2Ban automatic ban tool will be installed. The versions of the programs will be those that are in the Ubuntu repository.

At the end of the installation, information will appear about the address at which Vesta Control Panel is available, as well as the password of the new user admin, which matches what was specified earlier in the installation command:

After installing Vesta, you need to log out of your user’s session with the logout command and relogin under the newly created admin. And in the future, sit only under it, because:
a) all folders and files that need to be created in the /home/admin/ folder will belong to the admin user, you will not need to manually run the chown command,
b) less risk of deleting system files.

After installing VestaCP, install the PHP modules required for WordPress:
sudo apt install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc
One more thing: the software is far away after installation does not always start automatically. Restart the server with the restart command so that MySQL Server, Nginx and others start. You can start it manually, but restarting the VPS is the easiest way.

Working in Vesta Control Panel

Since I am using a local virtual server for this article, my address to access the panel will be https://192.168.110.11:8083. Yours, of course, is different. When you log in, the browser will warn you that the https connection is not secure - do not pay attention. Then you will be asked for a login/password (the same admin and your password), after entering the control panel will open:

For convenience, you can click “admin” at the top right and switch to Russian in your profile settings.

In the future, you'd better learn the basics of Linux to understand how to make your server bulletproof. In the meantime, in order to somehow secure the server, go to the “Firewall” tab and block the ports of the FTP, DNS, POP3, IMAP, DB services:

When you need to upload files via FTP (server address - its IP, port 21, user admin, same password), you can temporarily unlock the FTP line. You can't constantly keep ports open for services you don't use.

A brief list of Vesta control panel pages:

Packages. Here you can configure templates with restrictions assigned to accounts (there may be several of them). To be honest, there is little point in them, because Vesta has not matured into a full-fledged hosting control panel.
IP. Configuring server network cards. It's better not to touch.
Charts. The section where beautiful graphs of memory usage, network interface bandwidth, and database load should be drawn. In practice, I have never noticed that they showed anything related to reality. Perhaps I'm the only one so lucky.
Statistics. Just useful statistics, no explanation needed.
Magazine. Operations carried out in the control panel can be tracked here.
Updates. You can find out the versions of the main components of Vesta.
Firewall. Convenient fa settings th rvola iptables. The developers are literate.
Server. Here you can stop or restart important services, as well as configure them. To be honest, I don’t recommend setting up services through Vesta, because sometimes when saving it literally turns configuration files into mush. I don’t know what this is connected with, I observed it on several servers. It is better to use this tab only to restart services.
USER. Adding new users and managing existing ones.
WEB. Setting up sites. The most important tab, which is why Vesta is needed. More on that later.
DNS. Configuring domain records if the VPS acts as a DNS server.
MAIL. Setting up a mail server. In the configuration that I recommend to you, the page is useless.
D.B. The second most important tab after WEB allows you to quickly create a new database.
CRON. An extremely useful tab that allows you to configure the execution of commands on the server at specified intervals.
BACKUP. Here you can create and upload backups.

Vesta is far from ideal, but it can be used. In order not to step on the same rake as I did, I will list the disadvantages of VestaCP:

1) You cannot edit advanced settings through Vesta. There is a possibility, but it doesn't work well. For example, on the tab Server you can open the service settings, where some values are written in convenient text fields. If you change them, it is not a fact that they will be preserved. And if you press Additional options and try to edit the configuration file that appears manually, the service may stop starting because the lines will not be where they should be. For example, reappend at the end of the file. It may also open a configuration file from another version that, for some reason, remained on the server. It’s better to do the fine tuning yourself by editing the configuration files via mcedit (I’ll show you exactly how later).

2) VestaCP developers have their own vision of what software should be installed with the panel. They have written separate scripts for several Linux distributions that are downloaded from their website during installation. According to their logic, if PHP version 5.6 is installed in Ubuntu 16.04 using the apt install php command, then so be it. And it doesn’t matter that later, instead of 5.6, 7.0 will appear, and php7.1 will be added to the repository, installed with the apt install php7.1 command - judging by the comments on the official forum, this situation cannot exist in principle.

It’s even more fun with support for Ubuntu 16.10 - due to an error in the installation script, half of the software simply won’t install. At the time of writing this instruction, the mention of the error has been hanging on the official Vesta forum for a month; a single line with the error has not yet been corrected. In order not to be unfounded, I will show part of the software installation script for Ubuntu at http://vestacp.com/pub/vst-install-ubuntu.sh:

If you follow the logic of the installation script, then all Ubuntu distributions are divided into Ubuntu 16.04 and others. But Ubuntu 16.10 is not the rest. Its repositories contain neither apache2.2-common, nor php5-fpm and other outdated software. Without editing the installation scripts, you cannot get a web server working with VestaCP on Ubuntu 16.10.

3) The convenient database management tool phpMyAdmin, which installs the Vesta installation script, may simply not work.

4) There are tons of ways to “shoot yourself in the foot” in Vesta. For example, you should never delete a template default On the page Packages, otherwise you will know pain and suffering.

5) For some reason, the panel installation scripts do not correctly check for the existence of existing software. Therefore, if some software was initially installed on the server, for example Apache, and you install Vesta without enabling this software (only Nginx), failures are possible. For example, it just won’t work. I don’t know what to advise here, except to remove all the software listed in the panel installation command (nginx, phpfpm, apache, vsftpd, proftpd, exim, dovecot, and so on) and only then install the panel.

Despite the shortcomings, among the free control panels there is nothing better than Vesta Control Panel. Perhaps, but it does not have a web interface; you need to enter commands from the keyboard. Alternatives to Webmin, Froxlor, ajenti do not automate server management enough and are more difficult to configure, and the paid ISP Manager also has its share of problems.

Installing additional software

1. Memcached. Thanks to this software, you can place the cache in the server's RAM, which will speed up the delivery of cached pages.

Installed by the command
sudo apt install memcached php-memcache
After this, I recommend restarting the server.

2. Littleutils. Required for the CW Optimizer plugin to work, which compresses photos uploaded to the site. Optimizing images is one of the ways to attract visitors (nobody likes slow loading pages). It's better to start optimizing your photos today.

Save the settings with OK, then exit MC with F10 and run Commander again, this time with the command sudo mc and repeat the settings.

This non-obvious option will greatly simplify life when editing configuration files. It will allow you to temporarily hide the commander's mcedit text editor from the screen by switching to the console. For example, when you edit the Nginx configuration, you can edit the file, save it with the F2 button, then hide the editor with the Ctrl+O key combination and enter the command in the console:
If the result is like this:

Then everything is fine with the file and you can reboot the server, finally applying the new settings:
sudo service nginx restart
If a message about problems appears, you can press Ctrl+O and immediately correct the desired line, without wasting time on re-opening the file.

Many instructions advise editing files using text editors vi or nano. The console is not always convenient, why complicate your life even more? In my opinion, it’s easier and faster to go to the desired folder in MC, select a file and press F4 to open the editor, which can be hidden at any time.

How to Install WordPress

1. Before you start installing your WordPress site, create a separate database on the DB tab by clicking the green button “ + «:

Without a database, WP sites do not work. They need somewhere to store the settings and texts of the entries. And it is better to create a separate database for each site. Then, if one site is hacked, it will be more difficult to reach others.

2. On the tab WEB add a site using the " + «:

I’ll go through all the points in order when adding a new domain/site:

Domain: Website address. If you haven't purchased a domain yet, indicate the one you plan to buy. In the hosts file of the computer (and the server, also in the /etc/hosts folder), you can associate the domain and IP address of the server so that you can already use the site at the selected address.

IP address: your server address. There may be several network cards, so you need to make sure that the address that corresponds to the one issued by the provider is selected.

DNS support: Since VPS does not work as a DNS server, you need to uncheck the box.

Mail support: also uncheck this box, because the server will only have Exim for sending emails; VPS is not suitable as a mail server for the same reason as DNS support.

The following items will appear when you click "Additional options":

Alice: additional addresses from which to redirect to the main domain.

SSL support: encryption support. Modern sites must support the secure https protocol, there can be no doubt here. After enabling the option, you need to check “ Let's Encrypt support" to use free Let's Encrypt certificates. After saving the settings, you need to check the “Lets Encrypt Support” box again, because the certificate may not be generated the first time.

Consider two points:

You cannot obtain a certificate for a domain or subdomain if the A-records of the domain contain the IP of another server. This is done to ensure that no one other than the domain owner can obtain an SSL certificate. Therefore, you will not receive a certificate until you purchase a domain and configure DNS. That is, for the site to work using the https protocol, your site must open using the http protocol. Only then can you configure a redirect from http to https.
Generating Let’s Encrypt keys through Vesta works every time. You will have to look at the logs and figure out what the problem is (they are in the /usr/local/vesta/log folder) or use third-party utilities.

Site statistics: enabling the built-in statistics system. In most cases, it is better not to enable it so as not to load the server.

Additional ftp: creating an ftp account specifically for working with the folder where the site will be located. It gives a feeling of false security - they say, just give me the password for this site and no one will get to other files. In fact, this is not so; VestaCP is not suitable for hosting organizations with sites and users completely isolated from each other.

3. When you create a site on the WEB tab, don’t rush to leave. You need to go to the site settings again (the “Edit” button when you hover your mouse over the menu item. New settings will appear - selecting Web and Backend templates:

The Web template in VestaCP is responsible for a set of Nginx settings specific to each of the popular CMSs. The Backend template is responsible for setting up the connection between the web server and the PHP interpreter.

Select Web Template - wordpress, and Backend Template - socket(communication via sockets is faster than communication via ports). If the “Lets Encrypt Support” checkbox is unchecked, check it again. Click Save And open settings again website and install the Web Template - wordpress2 and save the settings again. Why not just select the WordPress2 template? Well, I said that VestaCP is a buggy thing, this is one of the problems - the correct configuration file for WordPress is not generated correctly the first time.

Update from 04/04/2017: First, generate Let’s Encrypt keys, then select the Web wordpress2 template, Backend - socket. Or, if SSL is not needed, select WordPress2, socket templates and save the settings.

If posts give a 404 error when permanent “beautiful” links are enabled in the WP admin, use the Nginx template from the post

4. Launch Putty, log in as admin.

Run the commands one by one:
cd /home/admin/tmp/
wget https://ru.wordpress.org/latest-ru_RU.zip
unzip latest-ru_RU.zip -d /home/admin/web/your_domain_name/public_html/
mv /home/admin/web/your_domain_name/public_html/wordpress/* /home/admin/web/your_domain_name/public_html/
rm latest-ru_RU.zip
rm -r /home/admin/web/your_domain_name/public_html/wordpress
sudo service nginx restart
5. The site should be up and running by now. Log in through your browser to the address https://site_address, the installation page will open:

If you log in using the regular http protocol, you will have to go to the WordPress control panel Settings - General and change the values in the fields WordPress Address (URL) And Website address (URL) from regular http to https so that the CMS understands that the secure protocol has priority.

Fill in all fields in order:

Database name- the name of the database that was created in the first step.
Username- username for the database from the first step.
Password- I think it’s clear that this is the password to the database.
Database server- since the database is on the same server, leave “localhost”.
Table prefix- enter something random.

6. At the next stage, you need to specify the name of the site, the username of the site administrator and your e-mail:

Please do not specify trivial logins such as admin or site domain as your username. There is no need to make life easier for malicious scanner bots who will try to guess the password to your admin panel.

7. The site control panel will open:

In principle, the site is already fully operational. But I recommend installing plugins that will speed up the site and increase security.

Installing and configuring the necessary WordPress plugins

All plugins are installed immediately from the admin panel. Just go to the section Plugins - Add new and enter the plugin name in the search field.

CW Image Optimizer. A plugin that optimizes every photo uploaded to the site. No setup required. It was enough to install Littleutils from the previous step. I want to emphasize that all alternatives to this plugin are paid. There is only EWWW Image Optimizer, but it does not optimize well.

DCO Russian Fixes- plugin for transliterating file names and links and adjusting date formats. After installation and activation, no configuration is required.

SSL Insecure Content Fixer(SSL Unsafe Content Filter) - makes all links on the site lead to the https version instead of http. The operation of a secure HTTPS connection affects rankings in Google search, you need to make the most of this opportunity. I recommend that after installing the plugin, go to the section Settings - SSL Insecure Content and switch the plugin to mode Widgets so that all page links lead to protected versions.

iThemes Security- plugin to improve security level. After installation and activation, a button “Get a free API key” will appear at the top of the control panel - click and get it. For iThemes Security settings, see the separate chapter below.

Autooptimize- to combine all .css and .js files of the theme and plugins into one to reduce the number of requests to the server. While the HTTP/2 protocol is not very relevant, you can save requests to speed up page loading. I have tried all such plugins, Autoptimize is the most correct, it is compatible with most WordPress themes. After installing and activating the plugin, go to its settings and enable all three types of optimization: HTML, CSS and JS.

W3 Total Cache- the world's best caching plugin. It works great with Nginx, after installation and configuration the site will fly. I separated the setting into a separate chapter. Nothing complicated, you just need to go through the points.

Setting up iThemes Security

After installing the plugin and receiving a free API key, go to Security in the panel menu and go through the settings sections. I will list only those that are better to change; you can leave everything else alone.

Basic settings:

Event Log Type - File Only so that the database does not grow in size.
Hide the security menu in the admin panel- check the box to remove a not very necessary item.

Blocked users:

Enable blacklist from HackRepair.com- check the box.

Local Brute Force Protection:

Automatically ban user "admin"- check the box so that every bot and smart guy who tries to log into your control panel using the most banal login in the Universe will receive an automatic ban.

SSL:

Click Enable in this settings block. Then go to its settings and check SSL for management console, so that the control panel works only over HTTPS.

Fine-tuning the system:

Click Enable to enable the settings block. Then in the settings, check the option System file protection,Disable directory browsing, Disable PHP in the Uploads folder, Disable PHP in Plugins, Disable PHP in Themes. The last three options can break the work of poorly written design templates and plugins, so it will help to identify such items.

WordPress tweaks:

Check the boxes for Remove the Windows Live Writer header, Remove the RSD (Really Simple Discovery) header, Reduce spam in comments, Disable the error message when a login attempt fails, Disables the author archive for a user who has no entries.
If you don't use WordPress on Android, check the option XML-RPC to mode Disable XML-RPC.
REST API- V Restricted Access.

Setting up W3 Total Cache

There are countless plugins for caching sites on WordPress, as well as ways to speed up a site in general by storing intermediate results of scripts. In total, I counted five stages/types of caching, each of which can speed up a site:

I. PHP caching using OPCache technology. Compiling scripts into faster code speeds up their execution by at least 2 times. The choice of web server does not affect the operation of OPCache; this is a setting of the PHP interpreter. I’ll tell you how to enable it in a separate chapter below.
II. Caching using CMS. Thanks to WordPress caching plugins such as W3 Total Cache or WP Super Cache, the result of scripts in the form of site pages is sent not only to the web server, but is also saved in the form of static HTML files. The most predictable, manageable type of caching. On your first visit, the page will open slowly (as usual), on subsequent visits - very fast, like all static files, if Nginx is used. When using Apache, pages will also open faster, but compared to Nginx the increase is small.
III. Caching with Varnish or any other caching proxy. Nginx and Apache can be configured so that instead of calling the interpreter, the page is loaded from the intermediate cache, if it exists there. If someone can explain to me why this bike is needed, I would be very grateful. I don’t see a single advantage in such a layer, because see below:
IV. Caching using Nginx. The web server itself can also save finished pages and serve them to visitors. Thanks to this work, the site will open very, very quickly. Especially if the cache folder is located in the server’s RAM.
Unfortunately, unlike caching with WordPress, Nginx will serve old pages to visitors until the cache files are deleted. Previously, it was possible to manage cleanup using the WordPress Nginx Helper plugin, but in recent times free versions of the web server, the developers removed the fastcgi_cache_purge module. It is still possible to configure caching in Nginx to work correctly, but this is a topic for a separate article. In most cases, such caching is not necessary; caching using CMS is sufficient.
V. Browser caching. You can and should configure the web server so that the browser caches static files (photos, .css and .js files) for at least a week, so as not to download the same thing from the server again. It can be easily enabled in the same W3 Total Cache, the benefits are undeniable.
When using Apache II And III types of caching will not be able to be effective because the slow web server will handle requests.

So how can you speed up with W3 Total Cache? Install this plugin, go to its settings page General Settings:

Chapter Page Cache:

Jackdaw on Enable, setting Page Cache Method on Memcached.

Chapter Database Cache:

Jackdaw on Enable, setting Database Cache Method on Memcached.

Chapter Object Cache:

Jackdaw on Enable, setting Object Cache Method on Memcached.

Chapter Miscellaneous:

Uncheck Enable Google Page Speed dashboard widget, this tool can be misleading.
Uncheck Anonymously track usage to improve product quality, there is no need to send information about your site.

Settings page Page Cache:

Check the boxes in the section General on options Cache feeds: site, categories, tags, comments, Cache SSL (https) requests.
In chapter Advanced, if you use the popular Yoast SEO plugin, change the contents of the field Never cache the following pages: on
wp-.*\.php
index\.php
(+)?sitemap(_index)?(-)?(*)?\.(xml(\.gz)?|xsl)$

Settings page Browser Cache(setting up browser caching):

Check the boxes in the section General on options Set expires header, Set cache control header, Set entity tag (ETag), Don’t set cookies for static files, Apply HTTP Strict Transport Security policy.
Check the boxes in the sections CSS & JS, HTML & XML, Media & Other Files on options Set expires header, Set cache control header, Set entity tag (eTag), Disable cookies for static files.

Page Extensions:

Turn off modules Fragment Cache And New Relic.

Such settings are enough for the site to open quickly. Don't forget to look at the next chapter to enable some of the Nginx settings that created the iThemes Security and W3 Total Cache plugins.

Setting up Nginx

There is just a little bit left: you need to make Nginx connect the settings made by the iThemes Security and W3 Total Cache plugins. To edit Nginx configuration files you need superuser rights, so run Midnight Commander with the command
sudo mc
and go to the /home/admin/conf/web folder:

You will see two files:

nginx.conf- setting up sites accessible via the http protocol.
snginx.conf- sites using the https protocol.

The site settings will always be in nginx.conf. In snginx.conf only if SSL was enabled when creating the site in the VestaCP control panel. In principle, you can edit these files, but after that, when you try to add a new site through Vesta, the configuration files will turn into mush. You will have to reset all edits with the command v-rebuild-web-domains admin yes.

Therefore, you need to create a separate file with settings that will be picked up by nginx and will not interfere with the operation of the control panel. To do this, in Midnight Commander, in the /home/admin/conf/web folder, click Shift+F4. If you have never edited files through MC before, an editor selection will appear. Select mcedit.

Paste the following code there:
include /home/admin/web/ your_domain_name/public_html/*.conf;
Thanks to this line, the nginx.conf file will be picked up, which is created by the W3 Total Cache plugin and others compatible with Nginx.

If you use the Yoast SEO optimization plugin, add this:

#Yoast SEO Sitemaps location ~ ([^/]*)sitemap(.*).x(m|s)l$ ( rewrite ^/sitemap.xml$ /sitemap_index.xml permanent; rewrite ^/(+)?-? sitemap.xsl$ /index.php?xsl=$1 last; rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap(+)?.xml $ /index.php?sitemap=$1&sitemap_n=$2 last; )

Click F2 To save the file, a file name selection window will appear. Enter nginx.yourdomain_name.conf_custom.

After Ctrl+O to hide MC and type in the console to check the config:
sudo service nginx configtest
If everything is OK, restart the server to apply the config:
sudo service nginx restart
Your site is now secure and caching is working properly.

Setting up PHP-FPM

The Internet is full of instructions on what can be edited in a file /etc/php/7.0/fpm/php.ini. I'll just give you a couple that are worth changing anyway.

To increase security:

Session.use_strict_mode = 1

To enable OPCache, which I wrote about above:

Opcache.enable=1 opcache.memory_consumption=128 opcache.max_accelerated_files=7963 opcache.max_wasted_percentage=10

Please note - you need to remove " ;» before the lines. You can also specify the parameter opcache.validate_timestamps=0 if you are ready to restart the server after each update of the theme, plugins and WordPress itself. This parameter disables checking for changes to PHP files; you will have to manually clear the OPCache cache.

After applying the settings, restart Nginx and PHP-FPM with the command:
sudo service nginx restart && sudo service php-fpm restart

What's next?

Configuration files where all settings that affect server performance are concentrated:

Nginx web server settings are stored in a file /etc/nginx/nginx.conf
PHP settings are stored in folder files /etc/php/7.0/fpm/
MySQL server settings in /etc/mysql/my.cnf

In order to delve into configs, you need knowledge and the ability to measure results. Therefore, I advise you not to worry and leave the default settings. They are suitable for most servers and sites. Once you truly understand how web servers work, that's when you can start experimenting.

In the meantime, the settings I’ve given will be enough for your site to support several thousand visitors per minute, depending on the server’s performance.

P.S. I received several offers to write instructions for installing VestaCP for CentOS. The difference between Ubuntu and any other Linux distribution is small. You can easily install Vesta on both Debian and CentOS if you know the package manager commands. Therefore, there will not be a separate article.

P.P.S. I do not provide assistance in setting up this control panel. Judging by the problems that arose after about a year of use, this panel is quite buggy. Some troubles constantly arise with it, which newcomers cannot solve. I am not the author of this product; I do not have the resources or time to be VestaCP technical support.

Setting up a VPS from scratch is a set of standard steps that even a beginner can do. With the help of our article.

The first place to start is choosing an operating system for your new virtual server. Let's look at the most popular UNIX-like systems.

Which operating system is best for VPS?

1. Debian and CentOS

Both of these operating systems are capable of running well on modest allocated resources. Based on this fact, these systems are worth choosing if you order with fairly modest resources, for example, you have chosen a tariff plan with 512 MB of RAM or lower.

It is worth noting that if you want to work with a control panel such as ISP Manager, then CentOS will be more suitable in your case, because it fits well with this panel.

2. Fedora and Ubuntu

3. FreeBSD

This system is necessary for some specific needs, but most often it can be perfectly replaced by any of the above operating systems. This system is also quite demanding on resources. Difficulties await you when installing it, because... This process is practically not automated by developers and takes quite a lot of time.

VPS setup

Now let's talk directly about setting up a VPS. As an example, let's look at setting up a VPS on CentOS.

The first thing we will need to do is establish an SSH connection to the brand new VPS. This is done quite simply, and the PuTTY program will help us. After downloading and launching it, you will see the following window:

In the field called Host name, enter the DNS name or IP address of your VPS. Specify the port that will be used for access (this information can be obtained from your hoster). Next, in the menu on the left, find the Translation item and go to it.

In the Remote character set drop-down list, select UTF-8 encoding. After this, click the Open button and the connection will be established.

It is assumed that CentOS is already installed on the server, and we can start working directly with the system. Many hosters independently install the required operating system for free, so we will omit the installation issue.

First, the system needs to be updated; to do this, just enter one command in the console window:

# yum update

It is quite possible that the hoster has installed the most current version of the system, so in some cases an update may not be required, but it would be a good idea to check.

The next stage awaiting us is setting up iptables (firewall). For this we need a special setup utility. Most often it is in the system, but if it is not there, installing it is not difficult:

#yum install setuptool system-config-securitylevel-tui authconfig system-config-network-tui ntsysv

After the setup installation is complete, you can proceed to launch it:

# setup

In the window that appears, you can either disable the firewall altogether or open only the necessary ports. It is recommended to open the ports and select the connections with which we will work (most often these are Web, SSH, FTP).

If desired or for some special need, you can disable iptables, but this is not recommended:

# service iptables stop && chkconfig iptables off

Once we're done, we'll move on to installing and configuring the Apache web server and SSL. To get started, enter the following command into the console:

# yum -y install httpd mod_ssl

Once finished, you need to move on to editing the Apache configuration file. To do this, you need to open the /etc/httpd/conf/httpd.conf file in any text editor. We need to enter the IP or server name in ServerName. Once this step is complete, you need to configure Apache to start automatically:

# chkconfig httpd on

After all this, Apache can be started:

# service httpd start

If you want to check the performance of a web server, then there is a simple and quite indicative test - just create a small web page:

# echo " Hello, world! " > /var/www/html/index.html

After executing the command, find another computer or any device with an active Internet connection and, using its browser, go to an address like:

http://IP-address_of_your_VPS

You should see a page that says “Hello, world!” Its appearance indicates successful installation and configuration.

# yum -y install php php-common php-gd php-mysql php-xml php-mbstring

After successfully installing PHP, Apache needs to be restarted:

# service httpd restart

To check the operation of PHP, you can write a small script that will show information about the installed PHP version:

# echo "" > /var/www/html/info.php

To see it in action, also from another machine, go to an address like:

http://IP-address_of_your_VPS/info.php

If PHP is running, information will be displayed on the page that opens and you can proceed to the next steps.

Our next task is to install MySQL. MariaDB has been the official implementation of MySQL on CentOS for some time now. To do this, enter:

yum -y install mariadb mariadb-server

Once we've finished this, we'll need to set MySQL to autoload:

# systemctl enable mariadb.service

Now is the time to launch this DBMS:

# systemctl start mariadb.service

It is also mandatory to set a root password and configure some other options:

# mysql_secure_installation

Having finished working with MySQL, let's move on to deeper configuration of Apache. Having made sure that the main services are working properly, we can move on to creating directories for our sites.

Their structure will be like this:

/home/ - this directory will contain websites

/home/site.ru/ - each of the individual sites will be located here

/home/site.ru/www/ - this directory will contain files for each specific site

/home/site.ru/logs/ is the place for log files

/home/site.ru/tmp/ - temporary files will be sent to this directory

For convenience, in the /etc/httpd/conf.d/ directory we will contain configuration files for each of the sites located on our VPS.

As an example, here is the contents of the configuration file for the site site.ru (its name should be site.conf):

If your VPS running CentOS has several sites, then such a file will need to be created for all of them.

Once done, restart Apache again:

# service httpd restart

If something doesn't work, the error report can be found in /var/log/httpd/.

The final step in basic VPS setup on CentOS will be setting up and installing PHPMyAdmin.

In this article we will consider the manual installation method. In order to do this, we need wget - a special download manager, it is installed quite simply:

# yum -y install wget

Next, you need to go to the home page of the PHPMyAdmin project http://www.phpmyadmin.net/home_page/downloads.php and find a link to the latest version of PHPMyAdmin with support for several languages in tar.gz format. EYou just need to copy that link.

Then enter the command:

# cd /var/www/html/

After this you need to download PHP My Admin:

#wgethttps://files.phpmyadmin.net/phpMyAdmin/4.8.1/phpMyAdmin-4.8.1-all-languages.zip

There should be a downloaded phpMyAdmin archive in the specified directory, you need to unpack it:

# tar xzfphpMyAdmin-4.8.1-all-languages.zip

A directory phpMyAdmin-4.8.1-all-languages will be created, which must be renamed phpmyadmin:

# mv phpmyadmin

We bring the file /etc/httpd/conf.d/phpMyAdmin.conf to the form:

Order allow,deny
Allow from all

Attention! These settings will allow everyone to see the phpMyAdmin resource. We recommend installing additional authorization for the section or using other methods to restrict access.

The downloaded archive can be deleted because... We won't need it anymore:

# rm phpMyAdmin-4.8.1-all-languages.tar.gz

This completes the PHPMyAdmin installation process. You can check its operation by going to the following address:

https://IP-address_of_your_VPS/phpmyadmin/

Along with the completion of the PHPMyAdmin installation, the basic setup of a VPS server managed by CentOS is completed.

In this article we will tell you step by step how to create a virtual server (VPS/VDS) in the site control panel and how to connect to the created server.

Serverspace provides Cloud Servers for rent - check out our VPS rates for Windows and Linux.

So, let's begin.

Creating a virtual server

1. in the site control panel, go to the “Servers” section and click the “Create server” button.

2. Then select a virtual server template - the operating system (OS) that will be installed on the server. The following operating systems are available for installation:

Windows Server 2008 R2 (RU/ENG);
Windows Server 2012 R2 (RU/ENG);
Windows Server 2016 R2 (RU/ENG);
FreeBSD 10, 11;
Debian 8.11, 9.5;
Ubuntu 16.4, 18.4;
CentOS 6.10, 7.5;
PfSense 2.4;
VyOS 11.8.

The cost of a Windows Server license when choosing the appropriate OS is already included in the subscription fee, regardless of whether you have a domain in the virtual infrastructure or not.

If you plan to install another OS on your VPS/VDS, simply create an ISO image of it and send it to our technical support.

Parameters of ready-made configurations:

In the future, you will be able to change the configuration directly in the control panel.

After selecting the OS, you need to select the data center (DPC) where your virtual server will be located. Our data centers are located in Belarus (beCloud), Russia (DataSpace) and the Netherlands (AM2), and each country has its own configuration:

4. For an additional fee, you can activate the automatic creation of backups of the virtual server, which are created once a day. To do this, you need to select a backup storage period - 7, 14, 21 or 28 days.

5. If at the operating system selection stage you selected Windows Server OS and you need to include it in an existing Microsoft Active Directory domain, simply check the “perform Windows system preparation” checkbox. In this case, the server creation time will increase by 15-20 minutes, since during the creation process a special sysprep utility will be launched.

If FreeBSD, Debian, Ubuntu or CentOS is selected as the operating system, you must additionally specify the connection method - via a login/password pair or via SSH. The login and password are generated automatically and appear on the screen after the server is created. An SSH key can be generated using the ssh-keygen program or by attaching an already generated key.

6. Then you need to specify the number of servers and assign names to them. You can create up to 5 servers at a time.

When creating a server, the network interface will be automatically assigned one free IPv4 address. In the future, you will be able to connect additional IPv4 and IPv6 addresses for an additional fee.

Connecting to a virtual server

After creating a virtual server, you can connect to it through the web console. To connect, you will need the administrator login and password specified in the “Status” tab.

The button to go to the web console is located in the upper right corner. If you are not comfortable using the web console, you can connect to the server in any other convenient way.

Connection to operating systems occurs using different protocols: the SSH protocol is used for FreeBSD, Debian, Ubuntu and CentOS, and the RDP protocol is used to connect to Windows servers.

[The article is relevant! Last modified date 03/12/2015!]
So, let's get started, first of all, what is VPS/VDS? In theory, this is the same thing, VPS is a Virtual Private Server or Virtual Private Server, VDS is a Virtual Dedicated Server or Virtual Dedicated Server.
1. How to choose a quality VPS/VDS? This question torments everyone. I’ll answer you this way: it’s better to buy from foreign sites, of course I won’t list which ones, but they are cheaper and of better quality.
Have you come across some: OpenVZ and KVM? KVM will cost more, but it is better than OpenVZ, I will not describe the advantages in detail, but I will just write one thing. Let's say there is a dedicated server, it was divided into 4 parts, one part was given to you, and to the others one each. But! Allegedly, everyone is allocated about 5 GB of RAM on the server, but there are only 16 on the server. That is, in fact, you can only allocate 4 GB to each person. And when you have 3 GB occupied, and others have 5, then you will not be able to occupy 4 GB of memory, but only 3. On KVM, this will not happen. What you bought is what they will give you.
2. Preparing VPS/VDS for server installation Before installing the MineCraft server, you need to install Linux OS, it is best to work with Debian/Ubuntu, but I prefer Debian 7.3 (when ordering a server, you can have Debian 7.0 and 6.0 - there are almost no differences between them!) Then you need to download any SSH client, the simplest and most convenient PuTTy, then we need to open this client, and we see in front of us the line: “Host name (or IP address) ((Host name (or IP address))” and enter the IP address of your VPS there/ VDS server, where the inscription “Port” is written there, we do not touch anything, we need port 22, namely SFTP (SSH File Transport Protocol) and not FTP (File Transport Protocol) and click “Open (Connect)” at the bottom. If desired, you you can save this data by entering the session name in "Saved Sessions",
Now you need to confirm the key, click “yes”. After this, we are prompted to enter a login: login as: here we write (standard, (super-user)) root Further, he writes to us: root@IP which_specified"s password: here we write the password, when you write the password, it is not shown!!! You can also insert a password by holding RMB, but not CTRL + V (CMD + V)
Then the console appears, in the console we write:
apt-get update//Update all packages installed on the server
When updating, you are offered to continue the installation, or cancel: N or Y, write “y” and press Enter, i.e. continue.
apt-get upgrade//Now we "improve" the packages
Again write "y" and Enter.
ATTENTION! Starting from Debian 7.3, we are asked to confirm SSL certificates; when they write to us about this, just press Enter many times, or just hold down. When the list ends and we are asked to exit, just press "q"
apt-get install htop//Package for showing active programs, very useful if you need to see, let’s say, that some of the java applications are active, and not just write “kill java”
apt-get install screen//A package that creates “several” consoles if you need to run 2+ servers at once. And generally a useful thing
apt-get install openjdk-7-jre //install Java. I advise you to install open-jdk.
(You can already install 8)
Add. plastic bag
apt-get install nano //Good editor for Linux"a, if you don’t want to go into the FTP client and edit something through the console, use Nano. To use, write: nano path to the file (For example: nano /root/srv/minecraft/server.proporties )
The server is now ready to go!
Now you need to upload files to the server using any FTP client, I suggest - FileZilla
When we opened FileZilla, in the upper left corner, there is a button “Open site manager”, click there, and enter the server’s IP address into the host; set the port to 22 (Or select SFTP); user root; and your VPS/VDS/DS password. We will be automatically transferred to the "root" folder; transfer the folder with your server to the "root" folder. Now we need to somehow start our server. To do this, let's create a launch script, create a file start.sh(Any other one is possible, but .sh!) Now we copy this there:
Java -Xmx2048M -Xms512M -jar coreserver.jar
Xmx - the maximum amount of RAM allocated for the server.
Xms - the minimum amount of RAM allocated for the server.
The advantages of VDS/VPS/DS are that you can enter absolutely any port for the server if it is not busy.
3. Starting the server
screen//Create a "console"
You can also use screen -S (namely -S and not -s) to set the session name, for example:
screen -S server
cd /root/your_server_folder///go to the folder where the server is located
sh start.sh//start the server
And we have a console like a regular MineCraft server
You can just close the PuTTY console and everything will work, you can try this (to return to the mine server console, you need to log into patty and write: Screen -r)
If you have 2 or more servers running at the same time, to log into the console you need:
1. Find out what sessions the screens have, write:
screen -ls// find out the session
Now there are sessions, let's say:
hub
survival
And now we enter:
screen -r session//enter the session
And we are in the console of some server.
This concludes the tutorial.

On the Internet today you can not only have fun, but also study, work and earn money. The number of websites is growing every second, hosting services are also becoming attractive and multiplying like mushrooms after rain. It happens that the hoster meets all expectations, but sometimes you have to move. You can hire a freelancer, but it's better to learn how to do it yourself. Today you will find a short instruction for just this case.

Formulation of the problem

The situation is most vital. The online store, hosted on shared hosting, began to receive customers after its launch, but there were requests for functionality, and the developers were actively working on refining the site. It turned out that when several people are involved in this, constantly copying files via FTP for testing, and also to the working site, is very problematic. You lost control of who did what when, and you had to worry about saving the original files so that it would be easy to roll back. The owner had to either coordinate the edits or copy everything himself. The developer could not immediately see the result and waited. The process was greatly slowed down. As a result, we came to the conclusion that we needed to use the capabilities of Git and create a new mirror site where we could test everything. With this scheme, the developer could immediately test the code, and if approved, the code was transferred to master and posted on the production site. You can also easily track commits.

Second problem: hosting kept crashing. The reason was eventually found: Entry processes limit - a parameter that determines the number of CGI/PHP processes included inside a virtual container, and which hoster marketers do not like to talk about. It is also not visible on the graphs, only a small column in the table. As a result, with low CPU and RAM loads (no more than 20%), the server did not work at all, even with a minimum number of visitors. As a result, the decision was made to move.

Initial server settings

OC in VDS is installed automatically. Just select the version and option with or without a web panel and wait a little until you receive an email with your login details. Hosting sites also offer various web panels. When this material was created, Vesta did not support Ubuntu 16.04 and there was no need for it, so they chose a clean system. All further actions are carried out as root. First of all, we check the locale, time zone and time. In general, web applications usually do not pay attention to some system settings, but sometimes this is exactly the case, so it is better to get everything right right away.

# locale

If the response we receive is different from ru_RU.UTF, we reconfigure it.

# locale-gen ru_RU ru_RU.UTF-8 ru_RU ru_RU.UTF-8 # localedef -c -i ru_RU -f UTF-8 ru_RU.UTF-8 # dpkg-reconfigure locales # update-locale LANG=ru_RU.UTF-8

Checking the time:

If the time zone does not match, we will reconfigure.

# dpkg-reconfigure tzdata

Updating the server:

# apt update && apt upgrade

Now we can install services.

Installing a web server

Despite their variety, the choice of installation usually comes down to three options: Apache, nginx, or nginx as the reverse of Apache. Apache is very flexible and uses modules to handle dynamic requests, so it handles dynamics well. Nginx is good at delivering static data and consumes fewer resources, but it uses a third-party module to process dynamics, which reduces speed and makes settings a little more complicated. Depending on the specific application, each of them may have its pros and cons and show different speeds. Therefore, the final choice of a web server always has to be confirmed by practice, selecting the best option. The problem with nginx is that in some specific engines you have to manually tinker with redirects, while on Apache everything will work literally out of the box, just enable mod_rewrite.

Load testing can be done using ab (Apache Benchmark, included in apache2-utils) or siege. Moreover, it is better to check from localhost and a remote node to see how the network works.

# ab -c 10 -n 6000 http://example.org/

Although ab is more for yourself, to evaluate the effectiveness of the installations. An outsider is usually only interested in what Google PageSpeed shows, so you should focus on that as well.

In the latter case, the site on the old hosting showed 60, after transferring to VDS (with the same parameters) it showed 72 in Apache in the default installation, nginx with a bare config - 62, after adding compression - 78. We stopped there and chose nginx . There are several packages in the repository; for most situations, a basic core containing all the main modules is sufficient; for PHP we need FPM.

# apt nginx install nginx php7.0-fpm

The file is generally standard, but for speed we will add caching and compression. The exact parameters in each case must be selected experimentally, but for small and medium-sized projects such settings are usually sufficient. In nginx.conf we add or, if we’re lucky, remove comments in the http section:

# nano /etc/nginx/nginx.conf http ( .... open_file_cache max=200000 inactive=60s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; server_tokens off; server_names_hash_bucket_size 64; reset_timedout_connection on; client_body_timeout 10; gzip on; gzip_disable " msie6"; gzip_static on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/ javascript application/javascript text/x-js; )

Create settings for the domain:

# nano /etc/nginx/sites-available/example.org server ( listen 80; server_name example.org default; root /var/www/example.org; access_log /var/log/nginx/access.log; error_log /var /log/nginx/error.log; rewrite_log on; # Useful setting for debugging index index.php; try_files $uri $uri/ /index.php?$query_string; location ~ \.php$ ( include /etc/nginx/fastcgi_params ; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/run/php/php7.0-fpm.sock; ) # Cache images and txt/XML/JS/CSS. You can remove unnecessary things or add something location ~* ^ .+\.(jpg|jpeg|gif|png|js|css|txt|xml)$ ( access_log off; expires 30d; ) # Block access to the .git directory (more on that later), by analogy we add our own rules location ~ /\.git ( deny all; ) )

This is a general example for a standard engine. Some engines like OpenCart or WebAsyst require specific settings, and even what is offered on the Internet does not always work.

Let's check if compression works. This can be done by looking at the Content-Encoding header in Firebug (it should show gzip), or using a special service.

We turn on the site:

# ln -s /etc/nginx/sites-available/example.org /etc/nginx/sites-enabled/example.org

Restart nginx:

# service nginx restart

But it won't work yet. You need to configure PHP. For FPM, all settings are located in /etc/php/7.0/fpm. We check that the account in pool.d/www.conf matches the one used by nginx and the socket is enabled.

# nano /etc/php/7.0/fpm/pool.d/www.conf user = www-data group = www-data listen = /run/php/php7.0-fpm.sock

In addition, you can pay attention to the parameters that determine the number of processes that will serve PHP requests.

Pm = dynamic pm.max_children = 15 pm.start_servers = 6 pm.min_spare_servers = 2 pm.max_spare_servers = 6

On slightly loaded servers there may not be enough processes. The logs will tell you about this right away.

# cat /var/log/php7.0-fpm.log WARNING: server reached pm.max_children setting (5), consider raising it

Another important file is php.ini. There are a lot of parameters there, and I could go on for a long time. But initially you should enable compression, set the maximum file size for upload, connect mail(), sessions, and it is very advisable to enable the OPcache accelerator.

# nano /etc/php/7.0/fpm/php.ini zlib.output_compression = On upload_max_filesize = 2M sendmail_path = sendmail -t -i session.save_path = "/var/lib/php/sessions" opcache.enable=1 opcache. memory_consumption=128 pcache.max_accelerated_files=2000

Be sure to check the access rights to /var/lib/php/sessions so that nginx can write there, otherwise sessions will not be formed. We restart.

# service php7.0-fpm restart

Now the site is being transferred. If we transfer from another hosting, then we create a backup there. If you have a hosting web panel, you can use its capabilities. Or manually:

# tar -zcvf backup.tar.gz /var/www

And in a new place we unpack:

# tar -zxvf backup.tar.gz /var/www

But for the site we need a DBMS.

Install MySQL

With MySQL everything is very simple. Enter

Continuation is available only to members

Option 1. Join the “site” community to read all materials on the site

Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!