LAMP + Nginx VPS steadily and without headaches

The challenge is to deploy VPS hosting minimum resources multiple non-loaded sites. Do this quickly and easily with minimal problems in the future and not fall for peak loads.

Basic principles:

1. OPERATING SYSTEM-Centos-6 86_x64 because a stable, convenient and easy to obnovlâemo.
2. No samosbornogo software. But as they say “command make & & make install any distro is Slackware.”

A little clarification, at the moment I’m using the tariff plan the v256 hosting provider (256 MB RAM) and not count on large load so that a large part is so much RAM, but in general the solution easily portable to virtually all tariff plans of various Web hosting providers.
And another update-hosting is done “for himself”. There is not enough describes points that you should consider if you give access to the administration of websites other people.

Let’s go.
1. check the updates.
Install image from the hosting provider can prove to be not especially fresh.
[root @ test ~] # yum update

Is that the update is update. No — rejoice.

2. connect the EPEL repository ( from which we will set missing software.
[root @ test ~] # rpm-ihv download fedora.

3. Put the desired soft
[root @ test ~] # yum install httpd mysql-server php phpMyAdmin php-mc vsftpd eaccelerator sysstat crontabs tmpwatch

Briefly about the software:
httpd — Apache native version to Centos-6-2.2.15
MySQL-server-5.1.52 Mysql
PHP — PHP 5.3.2.
vsftpd is a pretty handy FTP server vsftpd 2.2.2
MC-some things are easier to do in mc than from the command line.
phpMyAdmin — similarly with mc. manage mysql databases with phpMyAdmin it more convenient.
PHP-eaccelerator-PHP Accelerator. Significantly increases the speed of the scripts and reduces the load on the processor. Yes and for memory.
SYSSTAT — if we want to see how is the system.
crontabs is to perform tasks on a schedule.
tmpwatch-utility to remove obsolete files.

There is actually a few more packets to those packages that we asked to add all necessary for their functioning.
The result is:
Install the Package (s) 44
Upgrade 0 Package (s)

Total download size: 37 M
Installed size: 118 M

4. The free look, do we have a swap and if not, create it and connect. If there is rejoicing and skip this item.
The important point here is the active use of the swap is very bad. If you are an active swap means you need something optimized or cut back. If optimize and trim doesn’t work, you will have to move to a more expensive plan. Yet consider that the hosting provider can obidit′sâ too the active use of the swap.
But no swap is also not very good — the oom killer is terrible. Can accidentally kill mysqld and instead simply slow down your sites will be a lie.
Comment — do swap more available RAM does not need. Will not benefit from it, and the place he eats.

Create a swap as follows:
[root @ test/] # dd if =/dev/zero of =/swap bs = 1 m count = 256
[root @ test/] # mkswap/swap operations

Let’s connect
[root @ test/] # swapon/swap operations

well, if it is connected automatically write this command in/etc/rc.local
Check availability and employment you can swap the top teams or free

5. turn on and start the daemons
[root @ test/] # chkconfig httpd on
[root @ test/] # chkconfig mysqld on
[root @ test/] # chkconfig crond on

[root @ test/] # service httpd restart
[root @ test/] # service mysqld restart
[root @ test/] # service crond restart

6. Create users for the site. I prefer that the user name was similar to the site domain.
[root @ test/] # adduser
[root @ test/] # adduser
[root @ test/] # adduser

Next, create additional directories for users. HTML (which is the main content of the site) and the log will be written to the logs for this site and expose the right. Right place user-full access, group apache directory listing, reading and rest-Ficus.
You can set rights and hands, but you can use a small skriptikom:

for dir in ‘ ls -1 ‘; do
chown-R apache: $dir $dir
chmod ug + rX $dir

7. configure the Web server. Fixing the/etc/httpd/conf/httpd.conf
Really in need of change: set module prefork to originally eat less memory and limited their appetites.
The fact that Apache was originally set to run up to 256 of its workflows, while one worker process can easily take 20-40 MB (256 * 20 = 5 GB) it can easily lead to problems, especially at modest VPS where there is 256 MB of RAM.
Therefore, we limit the number of reasonable numbers izshodâ of RAM accessible to us. For example Apache processes 5 with an average size of 30 MB will take about 150 MB-what is tolerable.
It Was:
< IfModule prefork. c >
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000

It Became:
< IfModule prefork. c >
StartServers 2
MinSpareServers 2
MaxSpareServers 3
ServerLimit 5
MaxClients 5
MaxRequestsPerChild 1000

This configuration will not give apaču rasplodit′sâ beyond measure and eat all the operativku. Depending on the actual load settings, you might want to reconsider.
And uncomment the line
NameVirtualHost *: 80

To be on the same ip address to many sites.

Next, go to the folder/etc/httpd/conf.d/and adjust our sites.
There you can remove the welcome file that turns off the indexes and generates “page instead of the Apache 2 Test Page”.
Note that the virtual host config files in this directory are used in alphabetical order.
To a user by IP address on any of our sites does not fall on the totally different (which will be the first on the list) in the directory conf. d is put a file called for example 000000-default and this content:
< VirtualHost *: 80 >
Servername localhost, .local
DocumentRoot “/var/www/html”

and put in the directory/var/www/html/file index.html with the wishes.

Next, for each of our virtual hosts creating the config file for this template:
< VirtualHost *: 80 >

/Home/ CustomLog/log/access.log combined

< Directory/home/ ">
Order allow, deny
Allow from all

In these same files to taste, you can add any custom settings or modules.

Restart apache and check if everything works.
[root @ test/] # service httpd restart

Apache should start normally. In the log directories must be created on site 2 log file.
When accessing the server by IP address must be the file that you put in/var/www/html/, and when you call the names of the sites you should see the contents of the html directory (probably empty) and write the appropriate site access.log file.

8. setting up mysql. First, remove the test and set the root password on mysql
[root @ test/] # mysql

MySQL USE mysql >;
MySQL > UPDATE user SET Password = PASSWORD (‘ MyMysqlPassword ‘) WHERE user = ‘ root ‘;
MySQL > quit

MySql problem is about the same as with Apache — insistence to RAM VPS which is very expensive.
To reduce the amount of memory that sql server rule/etc/my.cnf as follows:
in the [mysqld] section, add the following:
in the [mysqld] section, add the following:
key_buffer = 16 m
max_allowed_packet = 10 m
table_cache = 400
sort_buffer_size = 1 m
read_buffer_size = 4 m
read_rnd_buffer_size = 2 m
net_buffer_length = 20 k
thread_stack = 640 k
tmp_table_size = 10 m
query_cache_limit = 1 m
query_cache_size = 32 m

and at the end of the file, add these lines:
max_allowed_packet = 16 m


key_buffer = 8 m
sort_buffer_size = 8 m

key_buffer = 8 m
sort_buffer_size = 8 m


restart mysqld to ensure that everything is OK:
[root @ test] # service mysqld restart

Just need to replace the option “skip-networking” could only call to the server from the local machine through a socket. If you want to network access — this option should not be included.
These settings will minimize memory used by mysql and no work on the site. But of course you need to look at statistics of work of mysql and, depending on the needs to increase the data limits here.

Further administration is done through the mysql phpMyAdmin.
Now a caveat — default phpMyAdmin is available on/phpMyAdmin at all our sites.
This was not to create a specialized site for management (for example and configure it the way the rest.
Then transfer the entire contents of the file/etc/httpd/conf.d/phpMyAdmin.conf in the config of this site, and the file or delete the .conf phpMyAdmin move somewhere out diriktorii conf. d.
After that the phpMyAdmin will be available on/phpMyAdmin/only on a dedicated website.
Well, in order to enter in the site configuration file change
< Directory/usr/share/phpMyAdmin/>
Order Deny, Allow
Deny from All
Allow from
From: allow: 1

< Directory/usr/share/phpMyAdmin/setup/>
Order Deny, Allow
Deny from All
Allow from
From: allow: 1

< Directory/usr/share/phpMyAdmin/>
Order Deny, Allow
Deny from All
Allow from
Allow from your IP address.
From: allow: 1

< Directory/usr/share/phpMyAdmin/setup/>
Order Deny, Allow
Deny from All
Allow from
Allow from your IP address.
From: allow: 1

After that phpMyAdmin will be available from your ip address.

Avtorizuemsâ it as root in order to set the password.
To create a user, go to the “Privileges”, “add new user”
the user name is arbitrary, I prefer to use the name of the site to reduce confusion.
The host is a local (we do it for the site which will spin here?)
The password is generated. (do not forget to copy the password)
Put a tick, “create a database with a user name in the title and give it full privileges»
As a result, we obtain the user name you selected, password, and database with the same name.

9. Often pile files on hosting more conveniently via FTP. to do this, we have established vsftpd
Edit the/etc/vsftpd/vsftpd.conf config
turn off anonymous login, change the
anonymous_enable = YES

anonymous_enable = NO

and raskomentiruem
chroot_local_user = YES

Now that you can go to the FTP site you want to appropriate user-specific password
[root @ test/] # passwd

And let us not forget that, by default, the user with the password can log in via SSH. To disable this feature is the easiest way to change a user’s shell
[root @ test etc] # chsh-s/sbin/nologin

Turn on and start the vsftpd
[root @ test/] # chkconfig vsftpd on
[root @ test/] # service vsftpd start

Check if everything works.

And lastly just a simple “online backup”. The repository is never too much “.
Better would be to use something more correct, but a bad backup is still better than no.
This backup can be a good complement to the full bekapu virtual machine from the hosting provider. But, in any case not its replacement.
Bekapim the content of the website and databases, as well as the settings in the directory/etc/.
Create a directory and put/backup/permissions on the “700”

[root @ test/] # mkdir/backup/
[root @ test/] # chmod 700/backup/

In/etc/cron.daily/create a file and just put it right “700”.
[root @ test/] # touch/etc/cron.daily/
[root @ test/] # chmod 700

The file has the following contents: