There are a lot of hosting providers out there, but when it comes to high performance webservers, most of them are just to basic. 
The main difference in website hosting is shared hosting or a dedicated server (virtual or hardware).

With shared hosting, all the tech stuf is done for you, but you share a server with others. The infrastructure is mainly a basic LAMP server (Linux, apache, MySQL and PHP). Nowadays this is just not fast enough.

When you gain more traffic on your websites and speed and stability is getting more important, it is time to set up your own dedicated webserver.

In this tutorial i will show you how to create a simple but super fast webserver based on the VespaCP control panel on CentOS 7 linux and additional features as OPcache and Varnish.

Server installation

I will not go in to detail on the installation of CentOS. This really depends on the server you use. Vultr is for example an excellent virtual server hosting company which will install a the OS for you.
 

  • When installing CentOS, select the minimal install option. No add-ons are needed.
  • Set your root password and create an user (no administrator rights). The root password is very important so remember it! Later on we will make sure that it is not to easy to hack the root account.
  • When the installation is complete, make sure all the packages are up to date bij running yum update
  • Next we will make sure that the root account is not accessible via SSH. Unfortunately this default the case and there are a lot of bad people out there trying to get in to the root account.
  • I will us nano in this tutorial as text editor. To install nano on centos use the yum install nano command.

Disable SSH access for root account

login as root and edit the ssh config file.

cd /etc/ssh
nano ssh_config

Look for the line PermitRootLogin (you can use ctrl+w in nano for searching), uncomment it and set the value to no.

PermitRootLogin no

Hit ctrl+x to save the file and restart ssh.

systemctl restart sshd.service

When you want to use the root account over SSH, you first need to login with your personal account and then use the su command to switch to root.

Installing VestaCP

The server setup will be based on VespaCP. This controle panel has all the features you need but is still very simple in use and configuration. This makes is easy to maintain and very reliable. De default features of VestaCP are excellent and make a robust en secure server.

login on your server over ssh and switch to the root account.

ssh [user]@[server ip or domain]
su

Go to the temporary directory and download the VestaCP installation script. Do not run the installation script yet. We will use the advanced settings to install only the features that we need.

cd /tmp
curl -O http://vestacp.com/pub/vst-install.sh

Where is my email?

A webserver should host websites, not email! In the past it was very common to host everything on the same server. But this can cause a lot of issues. What if you want to migrate the websites to a new, up to date server? You will have to migrate all your email to. What if you have a huge email box, there will be no space for the websites left.

Advanced settings

The website of VestaCP has an excellent feature: they generate the installation command for you. Go to the installation page and set the following settings:

  • Web: apache (it is common to use apache with nginx as reverse proxy. We will you Varnish instead for super fast caching).
  • FTP: proftp
  • Mail: no (serious, don't do it ;-))
  • DNS: no (the hosting provider of your server/domain probably has a nice redundant DNS service, it is recommended to use those).
  • Firewall: iptables + fail2ban (fail2ban will automatically block ip addresses when they try to login to any account. This is a very important feature against brute force attacks).
  • DB: MySQL (chose what you need).
  • Additional repository: remi (for the most up to date versions of PHP).
  • Set the server name, e-mail address and admin password.

Copy the command and run in in the temporary folder.

bash vst-install.sh --nginx no --apache yes --phpfpm no --vsftpd no --proftpd yes --exim no --dovecot no --spamassassin no --clamav no --named no --iptables yes --fail2ban yes --mysql yes --postgresql no --remi yes --quota no

Congratulations! Your webserver is up and running. The installation script will send you a e-mail and show a message with the server adres and username with password to acces your new webserver.

At this point, the server is fully functional with apache and a database server. VestaCP uses Nginx on its own. The advantage is that the the control panel and webserver use a different webserver and run independent from each other.

Adding more speed

To make the server really fast we have to add some additional features: OPcache and Varnish. OPcache is used to cache the compiled php files in ram. Varnish is a revers proxy server which is used to cache the output from apache when possible.

Installing OPcache

First we need to install the OPcache php library.

yum install php-pecl-zendopcache

When we installation is complete, we can update the configuration file. The ini files have a prefix *-. This makes it possible to load then in a specific order.
In my case the file is called 10-opcache.ini.

nano /etc/php.d/10.opcache.ini

Check the default settings an alter them when useful for you situation. The default value for max_accelerated_files is for example to low for most php frameworks. You can change this to 20000. Save te changes by using ctrl+x and restart the webserver.

systemctl restart httpd.service

Installing Varnish caching

A lot of PHP frameworks and CMS platforms have an excellent caching system build in. The problem is that this still generates load on the webserver (database calls to load the cache etc. One way to improve this is to use Memcache or Redis to save the cache in memory instead of the database. This will improve the speed of your website dramatically. 

An other solution is to skip the webserver completely and use Varnish to cache the pages in memory and serve the to the visitor. This is by far the fasted solution for anonymous traffic.

First install Varnish with the yum command (this will install version 4).

yum install varnish

When the installation is complete, we can enable, start and check Varnish.

systemctl enable varnish
systemctl start varnish
systemctl status varnish

Next you need to create a configuration. In this example i will use a Drupal specific setup. You can find the complete file in my public bitbucket repo. First make a copy of the default configuration file and edit the config path in the varnish.params file.

cd /etc/varnish
cp default.vcl drupal.vcl
nano varnish.params

Now look for the VARNISH_VCL_CONF variable and change the filename to your new created file.
De default port where varnish is listening on is 6081. Change this to 80 (the default http port).

VARNISH_VCL_CONF=/etc/varnish/drupal.vcl
VARNISH_LISTEN_PORT=80

Lets save the file and go further with the main configuration file.

Open the file and let varnish look at the local port 8080. Later on we will setup apache so that it will use this port.

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Next edit the apache server config file. The file will have a the server ip address followed by .conf

nano /etc/httpd/conf.d/[ipaddress].conf

You an also find the file by going to the folder first.

cd /etc/httpd/conf.d
ls
nano [ipaddress].conf

The file has two rows. The first is for http and the second for https. Change the http port to 8080 and save the file.

Listen 136.144.142.171:8080
Listen 136.144.142.171:443

Now restart apache and varnish and voila! 

systemctl restart httpd.service
systemctl restart varnish