Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Building a WordPress virtualization solution using LXD/LXC containers

by | May 19, 2016

WordPress hosting is hot, and if Google Trends is anything to go by, it’s only getting hotter with each passing day. Most web hosting providers now offer specialized WordPress hosting packages, and some even focus exclusively on WordPress hosting.

wordpress hosting trend server virtualization

Google Trend for “WordPress Hosting”

Perils of WordPress hosting using shared servers

Many companies such as online publishers, internet marketers and web hosts use shared hosting to host WordPress websites. It is the most cost effective way, but shared servers pose several challenges in ensuring security, performance and scalability.

Security issues

In a shared server, each website is like a window to the outside world. If the security of even one of these websites is weak, attackers can get into the server, and infect all other sites hosted in it.

There are even cases of hundreds of sites in a single server infected with malware, and blacklisted by Google.

Rai K Dhaman security specialist Shared server security can be tricky. Unlike a VPS, or a dedicated server, a website in a shared server uses the same Apache, MySQL and Network service as any other site in the server. So, if an attacker gets access to any of these services, all other sites are well within reach, and can be infected. To prevent such issues, our engineers enforce strict account isolation, malware filtering, and conduct daily security audits. If not, these sites would be hacked in no time.

Rai Dhaman
Sr. Systems Engineer, Bobcares

 

[ Get the best setup for your WordPress hosting services! Our hosting support specialists will setup the ideal server infrastructure for your business. ]

Performance bottlenecks

Security vulnerabilities are only a part of the story. Shared servers are known to be affected by frequent performance issues.

Performance issues are a major concern in shared servers. It is common for individual accounts to run resource intensive operations like backups during peak traffic hours. It can lead to high resource usage, and slow page load times. We prevent these issues in our client’s servers by using resource limits, blocking resource intensive plugins, and helping webmasters optimize their sites.

Sojish Krishnan
Member of Executive Team, Bobcares

 

Slow adoption of latest technologies

Another common issue faced by many shared hosting providers is the limitation in providing customized sever environments. What if one customer wants Percona as the database instead of MySQL, or a few customers want HSTS support in Nginx?

There’s no easy way to do it. These customers will have to be migrated to a VPS or dedicated server, and left to fend for themselves.

New technologies come out all the time” Sojish says. “It is important for a WordPress host to remain current, and support latest systems such as HHVM, or PHP7 or HTTP/2.

In shared servers, it is difficult to quickly switch to new technology because there might be many whose site functionalities depend on old technology.

See how we help WP hosting businesses!

An alternative to shared hosting

With proper server management, shared hosting is definitely a good platform for WordPress hosting. However, many companies want better customizability and isolation than what’s offered by shared hosting.

The alternatives are dedicated servers and VPSs, and many hosts find both to be too cost prohibitive. Here’s where light weight virtualization technologies can bridge the gap.

Traditional VPS hosting systems such as Xen or KVM create independent server images for each account, which is quite resource intensive.

In contrast, light weight virtualization systems such as Docker, OpenVZ or LXC uses a single server image to handle multiple clients, thereby maximizing customer density per server.

Today, let’s take a look at how LXD/LXC can be used to build a cost effective WordPress hosting system.

WordPress hosting using LXD/LXC light weight VPS

LXC or Linux Containers is an open source virtualization system which has been the foundation for popular commercial products such as Virtuozzo. In 2015, Canonical built a wrapper around LXC for easier management. This is called LXD.

LXD/LXC can be used to create high density VPS hosting systems [ Click here to know how ], that can accommodate up to 5 times the customer density as a KVM or Xen virtualization server.

So, for a WordPress host who wants better customizability and isolation than shared servers, LXC is a viable alternative. Let’s take a look at how LXC fares in various aspects of WordPress hosting:

[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]

1. Security isolation to prevent cross infection

Unlike in a shared server, each customer in an LXD/LXC server has their own independent server environment. There’s no sharing of Web, Database or Network services, and it is possible to iron clad each account into its own space to prevent cross infection. However, all of these do not work out of the box.

server security

It is important to understand that LXC shares the same Linux Kernel with all customers“, Rai says, “which means that if there’s a vulnerability in the kernel or LXC software in itself, there’s a chance that an attacker can get access to the full physical server. So, to keep the LXD/LXC servers under our care safe from exploits, we apply new patches immediately, and maintain additional resource isolation mechanisms such as AppArmor, file system controls, etc.

 

 

2. Resource isolation to avoid performance issues

In shared servers, there’s no readily available method to restrict server resources to each customer. Service level limits such as Apache RLimits, MySQL connection limits, and kernel limits are the popular ways.

In contrast, virtualization systems like LXD come pre-loaded with resource limiting features. However, to avoid resource starvation on individual accounts, it is important to keep a tab on actual account usage.

proactive server management

Sojish explains – “The whole purpose of setting resource limits is to avoid un-planned downtime, but setting it too tightly can lead to many sites failing to load, and a lot of unhappy customers. So, our engineers always monitor how many times a resource (like I/O, Memory or CPU) was denied to a customer by the resource limits. If it hits many times per day, we help the customer upgrade their account or optimize their site to reduce resource usage.

 

 

3. Customized WordPress environments (eg. WordPress + Percona)

LXC containers are initiated using what are called “server templates”. It is possible to create custom server templates with different technology stacks. So, if a new technology such as HHVM is becoming popular, it is possible to create a new server template with HHVM, so that if an order comes in, a container can be quickly deployed.

However, it is important to keep the templates updated, and security profiles updated to make sure the templates are fully secure and stable.

template lxd lxc wordpress hosting

New software updates, bug fixes and security patches come out all the time,” says Rai Dhaman, “which makes it very important that all server templates are kept up-to-date at all times. Also, it is possible that new versions will have different file locations, and that can mess up AppArmor security profiles. So, while server templates make it easy to deploy the latest technology in a few mins, its timely updates are highly critical to deliver reliable LXC containers.

 

 

In all, LXD/LXC is an option worth considering for WordPress hosting providers and server infrastructure owners. It offers many benefits not present in shared hosting, but just like any other server system, LXD/LXC needs close monitoring and maintenance to ensure server stability and security.

[Don’t lose your customers over slow servers! Bobcares’ server experts will assist you in building a stable server infrastructure for your WordPress hosting. ]

Building the LXD server virtualization solution

We’ve used LXD/LXC  as the hosting system for a few of our WordPress hosting customers. Here’s a quick over view of how it was done.

LXD is included in Ubuntu 15.04. So, it was installed on an Ubuntu system by using “apt-get install lxd" to get the hypervisor running.

Note: In older Ubuntu systems, the “ppa:ubuntu-lxc/lxd-stable” needs to be added to install LXD.

Putting the container on a public IP

Now, we had an LXD server, but its default configuration is to assign private IPs to containers that is not visible from the internet. To be able to assign public IPs, the default network interface of the host server should be bridged to the containers.

For that, we converted the server ethernet (eth0) to a bridge (br0), disabled USE_LXC_BRIDGE in /etc/default/lxc-net, and set the lxc.network.link as br0 in the default LXC profile.

A server visible on the internet need to be secure. As is standard with all our VPS deployments, a set of security rules were then added to the network and firewall settings so that the VPS customer would be immune to a slew of common attacks prevalent in the internet.

Customizing the container and creating images (templates)

Now we had a container running a stable server image. What we now needed was images customized for high performance, security, and SEO optimization. For this, a base server was created with the following configuration:

  1. Nginx was chosen as the default web server, and a high performance PHP compiler was setup (PHP-FPM or HHVM).
  2. Caching systems were configured based on the level of optimization needed. We found Memcached and APC to be very effective.
  3. Varnish was configured with Nginx SSL termination to take care of both SSL and non-SSL traffic.
  4. Percona database was chosen over MySQL as it delivered better performance.
  5. SEO boosting settings such as HSTS, Etags, Expires, Gzip, etc., was enabled.
  6. Malware scanners and web application firewalls such as Maldet, ClamAV + Sanesecurity, and NAXSI modules were enabled.
  7. A WordPress site with recommended minimum collection of plugins were installed, and tested to make sure the site loads within 2 seconds.

Once this base image was ready, it was saved  as a template using the “lxc publish” command.

Configuring resource limits

Based on different VPS plans, the resources available need to be limited. The CPU and memory limits were changed for containers using the commands:

# lxc config set server01 limits.cpus 1
# lxc config set server01 limits.memory 500

The above command set the number of cores available to the container server01 to 1, and the memory to 500 MB. We saw that some container images had issues in booting up with a low memory setting.

This was fixed by adjusting the swap space in the LXC container profiles. For new containers, the resource settings were defined in profiles under /etc/lxc/ and those profiles were referred to, while creating new containers.

To limit the disk space, LXC containers were created on an LVM volume (which merits an entire article on its own), and the create command looked like this:

# lxc-create -t ubuntu1403-LNMP -n server03 -B lvm --fssize=5G

The above command created a container with disk space 5 GB.

Conclusion

Shared hosting is the most popular way to host WordPress websites. However, it has several limitations in terms of security, performance and latest technology adoption.

Today we’ve seen how LXD/LXC can be used as a viable alternative for shared hosting. If you’d like to know how LXD can be deployed in your infrastructure, we’d be happy to talk to you.

 

ENSURE ZERO DOWNTIME SERVICES

Guaranteed 100% uptime for your servers & 24/7 support for your customers!

GET IN TOUCH WITH THE 'BEST IN INDUSTRY' SUPPORT

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Categories

Tags

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF