Using OpenShift for WordPress hosting – Why it’s an idea worth exploring
WordPress now powers 26.4% of the web, and continues to add 52,000 new sites to its account every day. This huge popularity has given rise to a thriving industry that includes website designing, custom development, and specialized WordPress hosting.
As per a Google trends report, Managed WordPress Hosting has seen a meteoric rise in popularity since early 2013. It points to a seismic shift in the way web hosting is changing – People no longer want to worry about managing an application or its hosting complexities. They just want to focus on their business, and their website content.
Many web hosting companies have rushed in to capitalize on this demand, but only a handful have achieved success. This is because many of these companies use age old shared hosting technology, that cannot deliver the same level of security or performance as the market leaders.
Why shared hosting isn’t ideal for managed WP hosting
In a shared server, all customers share the same resources, network services, web server, mail server and database server. While this helps reduce hosting costs, it does lead to serious security and performance issues.
1. Security issues
Webmasters often maintain multiple websites, some rarely used, and some actively used. Updates are usually applied on the actively used sites, while others are left un-patched. This opens a window for attackers to upload malware into the server.
Malware infection in a shared server can affect all the sites hosted in it. Malware in one site can send out thousands of spam mail, or initiate outbound DDoS attacks, or even cross-infect websites. This can lead to IP black lists and SEO penalties, that can disrupt normal business functioning of every site hosted in the server.
2. Performance issues
Many WordPress sites use resource intensive plugins like broken link checkers, related posts plugins, or backup plugins. These put a heavy load on the database and disk I/O that slows the server down to a crawl.
Resource intensive WordPress plugins are a real threat to server stability. As part of our server management services, we’ve seen several instances where poorly coded plugins led to server load spikes. We prevent such issues from recurring by using resource limits, much like how it is done in virtualized systems.
Member of Executive Group, Bobcares
3. Lack of customization
Another common issue faced by many shared hosting providers is the limitation in providing customized sever environments. What if one customer wants HHVM as the PHP compiler, or a few customers want HSTS support in Nginx? There’s no easy way to do it. These customers will have to be migrated to a VPS or dedicated server, and left to fend for themselves.
The solution – Light weight virtualization
With proper server management, shared hosting is definitely a good platform for WordPress hosting. However, to compete with the top players in Managed WordPress hosting, one needs better customizability and isolation than what’s offered by shared hosting. The traditional alternatives are dedicated servers and VPSs, which can be cost-prohibitive for many web hosts.
Here’s where light weight virtualization technologies can bridge the gap. VPS hosting systems such as Xen or KVM create independent server images for each account, which is quite resource intensive. In contrast, light weight virtualization systems such as Docker, OpenVZ or LXC uses a single server image to handle multiple clients, thereby delivering 5 times the server density than Xen, KVM, or VMWare.
OpenShift Origin is one such light weight virtualization platform that is a good candidate for WordPress hosting.
OpenShift for WordPress Hosting
OpenShift Origin is an open source PaaS (Platform as a Service) solution from RedHat. It is built on Docker virtualization platform, and uses several layers of resource limits to fully separate one user from another. This shields each user from security or performance issues of another website that shares the system.
Here are the top 4 benefits of this solution:
1. Security through SELinux based isolation
Container virtualization systems such as Docker share a common operating system among all system users. Theoretically, this poses a security vulnerability where a kernel bug can be used to get access to the whole system. Mandatory Access Control systems such as SELinux gives a way to implement iron clad security on Docker containers.
OpenShift Origin is secured with SELinux to completely isolate one each website from others. However, the security settings in the default installation is not setup to accommodate every possible use case. The authorization configuration and package security still need to be taken care of, to keep the system safe.
WordPress hosting can include many hosting scenarios. There could be designers who must give access to different customers on multiple projects. A hosting provider should be able to accommodate this need. In our server management services, we setup special cluster policy rules, and local policy rules to prevent one user accessing another’s data.
Sr. Systems Engineer, Bobcares
2. Resource restriction through Cgroups and Filesystem limits
OpenShift uses Linux kernel features such as Cgroups, PAM limits and Filesystem limits to implement strict restrictions on resource allocation. Resources limits can be placed on CPU, Memory, Disk quota, Bandwidth and number of processes. These settings can be kept as hard limits, which will kill any abusive process that exceeds its allocated quota – thereby protecting the server from load spikes.
It is important to note that OpenShift uses a system of resource templates to limit resources. It is possible that templates aka gears, with inadequate resource limits, can lead to resource starvation of legitimate accounts. So, several data points (such as avg. traffic, avg. mem usage, etc.) must be analyzed, and limits constantly adjusted to make sure normal accounts are not affected.
3. Scalability through Kubernetes
OpenShift is built for scalability across multiple servers. It uses distributed file systems like Ceph to scale up storage, and uses multiple containers to serve just one account. For eg. if an application cannot handle the traffic coming in, it can be scaled up to add more “gears” that runs off a different physical server, to handle the load. There’s no need for any migrations.
The most critical component affecting scalability is the storage system. It is important to build the file systems and storage devices in such a way that new servers can be added to seamlessly extend the storage space of all accounts.
4. Customized hosting environments
There’s always a group of webmasters who want greater freedom to manage their web environment. For eg. they’d want shell access, or install a custom version of their software, etc.
OpenShift gives a way to accommodate such customers. Essentially each account is a light weight VPS, well insulated from others. So, you can give your customers full access to do whatever they want, without fear of affecting others. Yes, it is possible that a spammer can use this freedom to send out millions of spam mails with a basic account. So, this freedom comes with a caveat that strong network level firewalls and/or gateways should be setup to protect IP reputation.
The demand for Managed WordPress Hosting has seen a meteoric rise in the past 3 years. Many web hosts have launched dedicated WordPress hosting plans, but are unable to compete with industry leaders because of using inferior technology. Today we’ve covered how the open source solution OpenShift Origin can be used as a viable alternative to shared hosting, while delivering features are on par with top WordPress Hosting providers.
Bobcares helps web hosting companies deliver industry leading hosting features using tried and tested server architectures. If you’d like to know how to make your server infrastructure and technical support more efficient, we’d be happy to talk to you.