Linode Setup Audit?

Hi All,

Having browsed the Linode Library and the forums here I've convinved myself that moving my website to Linode is a good idea. While I know my way around Linux (have been a non-admin user for years), I've never set up a web server before - my website currently using shared hosting.

I've currently got two nodes set up, one for my MySQL and one for an Apache web server. I've got a lot of it set up already and will no doubt get it serviceable without external assistance. My problem is that I don't have a great deal of confidence that what I've done/will do covers all the bases in terms of performance and security.

What I really need is someone to look over my setup and possibly help with configuration of some of the more tricky features I might need. This would be a once-off activity and I'd be willing to pay for the right know-how. Along the way I would hope to pick up the necessary skills to maintain the server myself.

I realise that I'd get most of the way there by using the forum here and Google, but neither of those will give me the confidence I need to deploy something live.

Any takers? Or does anyone have a better suggestion of how I might get to where I need to be?

Thanks,

Sparx.

Edit: Lots of views, no replies! :D Perhaps some additional information on what I'd like would help:

LinodeA:

  • Ubuntu 10.04, Apache, PHP

  • Munin & munin-node for monitoring (both this node and Linode B below)

  • Memcache for PHP sessions, possibly also for some commonly executed code

  • Sensible firewall setup

LinodeB:

  • Ubuntu 10.04, MySQL

  • munin-node (master is LinodeA above)

  • Sensible firewall setup

Would more info help?

4 Replies

The guides, the forums and google are your friends.

Here is what you could do though. Or rather, this is what I did… I'm not a web admin, just scratching my inner geek itch.

I have vmWare fusion on a MacBook Air. You can get virtual box for free if you need to go that way. vmWorkstation on Windows is stupid expensive.

Practice on that. Install the minimal image. Follow the guides, take notes (I scratch on paper and write the good notes into Evernote for future reference) on where things go weird, etc. Dive in without fear and expense.

Once you think you get to a point where you can replicate the process on a live server go for it.

When I thought I was ready, I did one final clean install config on my vmWare and then did it live on Linode. The other benefit is, I have a matched dev server ready to go. Take snapshots, try things out, and rollback as needed.

I think the main reasons to do it this way are to learn the ins and outs and gain confidence. I learn things the hard way better than if someone just shows me. I'm no server admin, but just this week I picked up so many good skills in vi, nmap, updating, checking versions, etc.

I just think it's hard to get with someone mentor style, and of course, not saying we are not all great people, but you really probably don't want to give someone acces to your server.

The biggest things I took notes on, is where the important config files are, and a few handy commands and lookups. Just the knowing where /etc/nginx/nginx.conf is saved a lot of stress.

I started out by killing root access, using ssh keys, testing for open ports, following other security guides on Linode. Then moved on to setting up the server the way I wanted it.

I'm not particularly skilled at this, and, it feels like I did an ok job at everything. Went from zero to everything set-up and DNS and rewrites, etc in about 3-4 hours.

Like you I know a bit but the more technical stuff escapes me. I had a linode with occasional Ooming and outgoing usage problems. After a couple of years of "tweaking" I decided to find some help.

Mario at VPS Buddy (vpsbuddy.com) did an audit of my system and made some changes, mainly to config files, RAM usage and security.

Now it works fine. Not had a problem since. Wouldn't hesitate to use him again.

> my website currently using shared hosting

> - Munin & munin-node for monitoring (both this node and Linode B below)

  • Memcache for PHP sessions, possibly also for some commonly executed code

If your website is currently managing on shared hosting I'm not sure if that the additional complexity of having memcache is warranted. Regarding munin, I've gotten away without using it over a year now; the graphs in the Linode Manager suffice for me.

After setting up Apache, PHP, and MySQL on the relevant Linodes you just have a few things to do:

  • Give Linode B a private IP address as per here and tell MySQL to listen ONLY on it.

  • Give Linode A a private IP address and perhaps tell MySQL on Linode B to respond to requests from Linode A's private IP address only.

  • Set you MaxClients settings on Apache to less than 15 or so.

  • Look at these best practices for SSH ~~[http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html" target="_blank">](http://www.cyberciti.biz/tips/linux-uni … tices.html">http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html](

  • Use iptables (if you want) to only allow incoming on port 80 on public IP for Linode A, and only allow incoming on private IP on Linode B.

  • I suggest you install APC before even thinking about memcache and those other high traffic stuff.

After that it's only test and modify. I doubt you could get much more specific with your Apache and MySQL settings without seeing it perform in the real-world.

If you've done all I've listed then give it a go!

Thanks for the replies…

As it turns out a forum member (obs) contacted me shortly after my original post and offered to set things up. I'd highly recommend the level of service and support I received and at rates that I found very reasonable.

Not that I want anyone else to use his services - that would leave less of his time available to support me an my continuous questions! :D

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct