Avatar of peps03
 asked on

Best configuration for VPS with DirectAdmin on CentOS 6.5


I'm setting up a VPS with DirectAdmin on CentOS 6.5 for the hosting of WordPress sites and handmade websites.
I was wondering, what do you think is the "best" configuration? What tools/plugins would you use?

Would you use any of these suggestions?
- nginx
- custombuild 2.0 (or 1.2?)
- CSF firewall
- suPHP
- LiteSpeed Web Server
- mod_evasive
- ClamAV Antivirus
- Rootkit Hunter
- Malware Detect (Maldet)
- Mod-ruid2

Or do you use others? Like?
And what would work "best" with WordPress?

I'm curious!
Web ServersLinux DistributionsApache Web Server

Avatar of undefined
Last Comment

8/22/2022 - Mon

Since it is CentOS look no further than fedora EPEL. It even has maintained wordpress distribution with all the upgrades

Please calm down on your loooong checklist:
What would you do with 2 web servers and 2 modules for yet another webserver?
Apache + mod_fcgid is much more straightforward

Directadmin will not gain from extra cpanel components.
Why would you install anything that will never work?

You would only use: Apache + mod_fcgid?
Nothing for security?

Are there any others with an opinion over a good vps setup?

ha ha ha
You did not mention apache either. Just two other webserver which have no gain from apache modules.
if you call php with fcgi it is very unlikely those modules will protect you a lot.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

i'm using apache.
What do you mean exactly?

You want to install 2 other web servers according to your list.
EPEL has all the missing pieces that centos does not have. Use care to not install 3 webservers on your server. It will be hard to guess which one is failing.

I'm asking what would be a good configuration/combination based on the list.

What do you think of this:
- custombuild 2.0 + custombuild 2.0 plugin
- nginx + apache (via custombuild 2)
- CSF firewall
- cloudlinux
- lsphp
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

and would .htaccess still work with this setup?

CentOS & EPEL is more mainstream than custombuild

Why do you use apache+nginx?
I'd suggest using worker apache 2.2 or event 2.4, calling php-cgi via mod_fcgid (xor nginx with php-fpm)

For htaccess you need apache

CSF is much more functional than default system-config-firewall(-tui) - here I agree with you
You might want to dig deeper in SELinux (easier with CentOS packaging)

Was it cloudlinux or CentOS?

apache equivalent of LSPHP is mod_fcgid (and you require apache for .htaccess)

Sorry, im not yet that familiar with all these terms. More questions arise :/
Even though i've searched a lot on the internet.

I'm not familiar with EPEL, that would come instead of....?

The vps is mainly for Wordpress websites and some 'normal' websites.
WordPress uses htaccess, so i think i must stick with apache then right?

Why do you use apache+nginx?
Because directadmin custombuild 2.0 has an option to enable nginx, to use Nginx as a Reverse Proxy for Apache

Why would you rather use:
I'd suggest using worker apache 2.2 or event 2.4, calling php-cgi via mod_fcgid (xor nginx with php-fpm)

Is cloudlinux a replacement for centOS? Can't it be used icw apache / nginx / directadmin ?

Thanks :/
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

EPEL is a repository with heap of additional software for CentOS/RHEL, all backported from more recent Fedora releases
That you use in place of or in addition to custombuild.

You can even get wordpress with multiuser regularily updated from there

I am telling that modern apache is as efficient as nginx, there is no need for nginx reverse proxy
Why apache - for .htaccess
Why NGINX - a bit more efficient still
My suggestion is to choose one - if you insist on htaccess - OK apache event or worker (CentOS 6 has later, Centos 7 former)
If you dont - gain 1% of efficiency with nginx and php-fpm (You can get nginx build for centos from nginx directly)

Cloudlinux is "host" operating system where they can run tenant guest operating systems like CentOS, Windows 2003 and anything imaginable.

Thanks for your reply!

Think i can install Cloudlinux from Custombuild 2.0, i saw it as an option.. Is it the same?
Then i think i'll go for apache 2.4 + custombuild 2.0 and Cloudlinux.

CentOS7 is more mainstream, like with 1000x more users than cloudlinux and/or custombuild
And it leaves you space to change hosting provider at any time.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

so you advice centOS 7 over 6.5?
With apache 2.4? and?

You are undecided. NGINX+PHP-FPM from EPEL will be almost identical
EL7 has apache 2.4 which means you get event mpm out of the box (that 1% performance boost nginx gives)
It has creepy systemd, on the other hand it defaults to very speedy XFS filesystem.

If I was to choose today i'd get over .htaccess requirement and set on
CentOS 6U6 (it is out for month or so, once you install 6.5) + NGINX + PHP-FPM

Then add nginx from home base
repo file with gpg checking:
name=nginx repo
Alternatively you can get a bit older nginx from epel

PHP-FPM from fedora EPEL:
Then install epel-release from their page, and follow the guides on internet to link that backend with nginx

Thanks for your reply!

If I was to choose today i'd get over .htaccess requirement
How would you do the .htaccess stuff, like rewrites, redirects, etc without .htaccess on a per user basis?

Will WordPress still work? It uses htaccess...
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

NGINX provides equivalent functionality with own rewrite rules.

worker mpm uses 20MB per 100 connections while nginx 10MB per 1000.
normal prefork apache will eat 20MB+PHP memory per connection

I think with worker MPM you are already in warm spot and have better idea if you want to take on changing rewrite rules into nginx conf or no.

what would you use in combination with mod_php, worker or prefork? can i just change that without unwanted consequences?

i'm also going to try CentOS 6U6 + nginx + PHP-FPM. Btw, what is the difference between CentOS 6U6  and 6.5?

mod_php works only with prefork (it loads in worker, but no php modules like mysql can be loaded)
for others you have to invoke php-cgi via mod_fcgid like here.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

version number is part of package centos-release.
since you will be anyway udating software sometimes your 6.4 installation will become 6U6 roght on first "yum upgrade"

php-fpm is available after you install "epel-release" package, no need to go long leaps to install epel repository definitions.

would you switch from mod_php with prefork to php-cgi with worker?
is it safe to switch?
would it have benefits?
(for a operation vps with mainly wordpress sites?)
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

I switched long ago.
Safe: yes
1) threaded apache uses single 20MB process for 64 connections
2) off-process PHP 1) does not use apache memory while that serves static content 2) is completely isolated from apache - e.g. on attack similar to heartbleed one sweeping through PHP memory will not get SSL keys, or other way - one sweeping Apache memory stand no chance to get to DB passwords.
Wordpress - yes, PHP is same as in prefork, compatible with any module out there.

1NGINX) 10MB 1024
2PHP-FPM) same as (2)

For the record, in this setting i would be switching on apache 2.4 from mod_php + prefork to php-cgi + worker

Is what php-cgi+worker uses?
1) threaded apache uses single 20MB process for 64 connections

What does mod_php +prefork use?
What is the benefit of switching except security?

>thanks for your replies btw, really appreciate it!

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Ok! Many thanks!
I'll try to change my existing configuration from mod_php + prefork to php-cgi + worker.

On my next vps i'll try nginx + php-fpm.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Thank you!

enable worker -> /etc/sysconfig/httpd
install php_fcgid -> epel (yum install epel-release)
configure php_fcgid -> replace part containing php-zts with example from official php_fcgid documentation in /etc/httpd/conf.d/php.conf (php-zts is the multi-threaded crippled php that loads not even standard modules) patching php.conf will ensure fcgid configuration survives php upgrades.

Make it 1024->
apache - nofile 4096
Around worker set enormous value for each parameter and check the log for maximum permissible.

epel wordpress is also valid option (more or less "yum upgrade" to upgrade), but feel free to do your way

in the two php-cgi + worker and nginx + php-fpm configurations, would i leave mod_ruid2 installed or not?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

mod_ruid2 is more or less same as mod_fcgid with exception that PHP is ran as a different user.

So i should choose between the 2. Which would you do?

mod_ruid2 is not very popular nor maintained.
it sounds cool to have php and apache running as different users
but no normal application is prepared for that (or more accurately - neither should be able to rewrite website content)
so you will actually end up adding "other" php-cgi user to apache group and well end up with mod_fcgid.

Same applies to php-fpm which can be tricked to run as different user but...

I would not take extra complexity now. I'd leave re-evaluating situation for NGINX+FPM stage
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.