dso vs suphp vs fastcgi

[Usmeee]

Hi

I have a high end vps (1Core cpu and 2GB ram) and up till now, I have been running only my own sites. I run multiple wordpress blogs, and 2 Joomla sites. The traffic I am getting in total is currently on average 25K unique a day. (sometimes up to 40K unique)

I have decided to offer shared hosting on limited scale to few friends and few other people. Now, to make the server secure for shared hosting environment, I am stuck with the multiple options below.

dso vs suphp vs fastcgi
Up till now, I have been using php with dso (and eAccelerator). Even my vps is serving 25K unique a day, I haven't seen load going more than 2.0 (for normal operations)

I have read on many forums and online articles that for shared hosting one should always use suphp for security and better tracking. BUT at the same time, I have read that suphp should not be used for high traffic servers. And also eAccelerator will not anymore so that will also increase load.

I read that Fastcgi is faster than suphp but its very complex to configure. If not done correctly, it will create many problems.

Please ... help me decide what to do?
I want to make my VPS secure by every possible way but I do not want to risk much degraded performance. (I can accept a little difference)

What should I choose? And without eAccelerator, wouldn't my site load time will increase badly?

I am not an expert in linux (or whm/cpanel) but I try to learn and get things quickly. My hosting provider offers full management and they are doing everything for me. But they want me to decide what to do.

Please help.

[Spiral]

Quote:

Originally Posted by Usmeee

I have a high end vps (1Core cpu and 2GB ram) and up till now, I have been running only my own sites. I run multiple wordpress blogs, and 2 Joomla sites. The traffic I am getting in total is currently on average 25K unique a day. (sometimes up to 40K unique)

That is entirely the wrong machine for that traffic!

About the last thing I would consider running with that traffic pattern is any VPS server or a machine that is that lowball of a configuration.

That alone is asking for trouble and headaches!

Quote:

I have decided to offer shared hosting on limited scale to few friends and few other people. Now, to make the server secure for shared hosting environment, I am stuck with the multiple options below.

You want to add even more traffic to your server that is already inadequate for your existing traffic? There is irony.

Quote:

dso vs suphp vs fastcgi

Your situation would clearly ask for "fastcgi" which contrary to popular belief is actually the fastest of the 3 of them and with good reason and no is not difficult to configure and yes is these days just about equally secure as SuPHP so where performance is a concern, fastcgi would definitely be the way to go.

Also another misconception is that SuPHP is drastically slower than DSO which is true but the impact going to SuPHP is very minor if it is configured correctly. FastCGI however is just the opposite and you will actually get greater performance than running DSO with any accelerator especially on your extremely limited resources.

Quote:

Up till now, I have been using php with dso (and eAccelerator). Even my vps is serving 25K unique a day, I haven't seen load going more than 2.0 (for normal operations)

You might look at combining "fcgi" (the 3rd party flavor somewhat like fastcgi that Cpanel has available) along with "xcache" or similar.

Quote:

I have read on many forums and online articles that for shared hosting one should always use suphp for security and better tracking. BUT at the same time, I have read that suphp should not be used for high traffic servers. And also eAccelerator will not anymore so that will also increase load.

All 3 statements are false for different reasons. SuPHP is not your only option for security and in some ways is actually just as insecure as DSO or phpSuExec if you don't know what you are doing and sadly the vast majority of hosting administrators don't realize this. SuPHP can be made to actually really be as secure as people think but not without some custom modifications you don't get just flat installing it and most people don't know they need to do that.

eAccelerator will bloody increase loads itself and actually has a few other issues that go beyond the scope of this discussion. However, for the purposes of this reply, then 'yes' --- that particular accelerator only works with 'dso' mode PHP so you would need to look at another caching system or accelerator if you changed your PHP type.

(It should be noted that SuPHP without any accelerator typically outperforms dso **WITH** an accelerator --- common misconception that it doesn't but true never the less ironically)

Quote:

I read that Fastcgi is faster than suphp but its very complex to configure. If not done correctly, it will create many problems.

FastCGI or even FCGI is not very complicated and really is no more difficult in configuring that SuPHP. In some respect it's actually easier.

I think the word I would use rather than "complex" is "different".

Quote:

Please ... help me decide what to do?
I want to make my VPS secure by every possible way but I do not want to risk much degraded performance. (I can accept a little difference)

Yes you can very much have your cake and eat it too! Heavily securing servers with minimal performance impact (actually increasing performance most of the time) is precisely what I specialize in doing specifically and deal with myself each and every day.

Quote:

What should I choose? And without eAccelerator, wouldn't my site load time will increase badly?

Based on the information you provided in your post and knowing that you are running a Cpanel server, I would go with "fastcgi" support enabled with the "fcgi" option and then **IF** you need to further push the performance threshhold consider looking at xcache or similar but first looking at running with an MPM and stripping off excess functions and features you don't actually use or need which adds code overhead that also impacts performance.

Quote:

I am not an expert in linux (or whm/cpanel) but I try to learn and get things quickly. My hosting provider offers full management and they are doing everything for me. But they want me to decide what to do.

Well lucky for you I am --- an expert that is. Unix / Linux systems administrator for more than 3 decades, programmer, and security specialist for more than 20 years. Been dealing with Cpanel systems specifically all the way since the very first earliest cpanel releases.

Personally, I have very little faith in most "full management" services but then I have an unusual perspective and vantage point on that being able to look at a lot of these guys from the position and background of extremely a whole lot more experience and covering a lot more knowledge than most "think they know" out there but with that said and assuming your host can really in fact indeed handle helping you with your security and performance issues and also to the degree that you are asking about, I would advise having them do the following or some similar variation with these basic items as your guideline:

On the performance side look at switching to FCGI w/minimal modules but still including all the modules that you need but leaving out extraneous addons that you don't use at all. Some modules that are an educated "as needed" decision would be things such as "mod_bandwidth" that don't really help as much as hinder. Look at doubling the stats for your request handling, consider adding xcache or something similar but make sure what you add supports fastcgi or fcti (eAccelerator does not). If you upgrade your server memory, this will be to your largest advantage more than anything.

You might also look at putting on a 3rd party handler to handle port 80 requests such as an http accelerator, squid, or perhaps a faster web server such as nginx with a cache layer in between but I would only consider these types of modifications **IF** and only **IF** you can substantially increase your limited memory resources else it is not worth either your time nor effort to even consider.

On the security side, you of course should look at APF or even better, Chirpy's CSF firewall which is probably the best and easiest to configure solution alongside Cpanel systems, mod_security (though I would get a better ruleset than the standard default rules), SuHosin (the number of code injection attacks has risen exponentially lately), mod_evasive, set "PCI recommended" options in your Apache, turn off external PHP exposure, and all the other various tidbits out there that should probably be considered as "standard" things to do for all hosting servers.

Quote:

Please help.

You got it. Hopefully this information was helpful.

If you need more assistance beyond these comments, feel free to contact me anytime.

[Infopro]

Quote:

...
My hosting provider offers full management and they are doing everything for me. But they want me to decide what to do.

Ask them to set you up with SuPHP.

[Usmeee]

Thank you so much for you reply.
It helped me a lot.

Quote:

Originally Posted by Spiral

That is entirely the wrong machine for that traffic!

About the last thing I would consider running with that traffic pattern is any VPS server or a machine that is that lowball of a configuration.

Well ... Only one of myblog is getting some serious traffic. I am running "WP_Super_Cache" and never had any problem with server performance.
May be I have fewer neighbors on VPS there.

Quote:

Originally Posted by Spiral

That alone is asking for trouble and headaches!

Now I am considering myself lucky
Seriously, I didn't have a downtime in last 27 days or so.

Again thanks for such a detailed response.
Much appreciated.

[Spiral]

Quote:

Originally Posted by Usmeee

Well ... Only one of myblog is getting some serious traffic. I am running "WP_Super_Cache" and never had any problem with server performance.

Are you actually running a VPS or a Cloud server?

Clouds are often marketed as "VPS" servers but very much quite different.

Quote:

Now I am considering myself lucky
Seriously, I didn't have a downtime in last 27 days or so.

The issue I am referring to specifically there is your mention of 25,000 to 40,000 unique hits daily running against only a 2 GB single cpu core and it being a VPS server on top of that which is a bit mismatched to say the least.

Quote:

Again thanks for such a detailed response.
Much appreciated.

You're Welcome.