On servers, software is installed that is required to run the site and other domain services, for maintenance and monitoring, as well as for protection against hacking and load resistance.
On virtual hosts, some of this is initially installed, but neither change the configuration nor add components there. On dedicated servers (including virtual ones) you can install any software you need.
On the servers used to host sites, the most popular secure and stable operating system family Linux (CentOS, RHEL, Debian, etc.) and BSD (FreeBSD). Microsoft Server also occurs, but much less frequently.
Popular server software packages
Web server. Software that can receive user requests, process them, and send the results of processing (html pages and other files) to users. The most popular web servers are Nginx and Apache, much less common is Microsoft IIS. Sometimes two web servers are installed to increase performance: a fast Nginx server which gives users “static” documents (physically existing on the server and not requiring processing before sending), and other requests are forwarded to an application server (Apache, for example) which generates dynamic documents. There are also other high-performance bundles (Nginx + FastCGI, for example), it is better to consult with application developers and server administrators on rationality of using this or that realization.
Programming language interpreter. Component needed to execute program code on the server. It has different versions and, as a rule, extension modules. The software used on the server requires both an interpreter version and a list of installed extensions. A list of application requirements can be obtained from both the developer and the management system vendor.
DBMS – database management system: MySQL, PostgreSQL, MS SQL, Oracle, Redis, MongoDB, etc.
Search engines – ElasticSearch / Sphinx – allow you to search and filter faster than is possible using relational DBMS.
FTP server. Allows access to files located on a server via FTP. Typically used for site administration (both for updating program code for an application, and to download large files that can not be downloaded through the admin panel). A safer alternative to FTP is SFTP, a protocol based on SSH and allowing encryption of transmitted and received data.
Caching servers – systems that “store” the result of requests processing and use this data in repeated requests to speed up pages generation. The most popular caching mechanisms are Memcached and Redis.
Security software ranging from common firewalls (a must) to automated intrusion detection and prevention systems.
Backup software – backups should be created regularly and automatically, and not stored on the same server as the “battle data”.
Load balancers – these are usually web servers that proxy client requests to different nodes involved in processing requests, ensuring that the load is distributed evenly across the cluster. Load balancers also handle incidents of hardware or software failure on data processing nodes – if a node stops processing data correctly, it is excluded from the load-balancing list.
Gas pedals of program code execution. Serves to improve performance, often used gas pedals for PHP: APC, eAccellerator, XCache.
Monitoring and alerting – systems that collect important system performance metrics and report problems.
E-mail services. They allow receiving and sending e-mails. It is not recommended on one machine to combine these services with the placement of the site, as on active mail domains receives a lot of mail (most of which is spam), and their receipt and processing require as server computing power, and load the communication channel – all of this can cause slowdown of the site. This recommendation does not apply to mail on shared hosting, where mail and sites are hosted on different servers.
Recommendations
- When choosing shared hosting, compare the technical requirements of the management system or web application you are using to the list of features of your hosting plan.
- When developing web applications, try to minimize the number of dependencies and do not expand the technology stack unnecessarily – the large number of technologies used increases risks and complicates maintenance processes.
- Use the tools that are best suited to the task, for example: for search – search engines, not relational DBMS; for caching – Redis / Memcached, not a file system; for loaded services – compiled, not interpreted programming languages.
- When setting up server software, configure services based on the power of the hardware you are using. Very often the default configurations either do not use the available computing resources properly, which reduces overall performance, or, on the contrary, may exceed the available capacity at peak times, potentially causing services to crash.
- “Everything that is not explicitly permitted is forbidden” – this information security principle significantly reduces threats. Close publicly unused ports, try to minimize the number of services located in the DMZ, and reduce account privileges to the level needed to perform assigned tasks.
- When using dedicated servers (including virtual ones) ensure timely software updates to ensure stability and security.
- Automate backups. Back up not only the data but also the configuration of services in use.
- Use configuration management systems, such as Ansible, to simplify configurations.
- Set up monitoring of both hardware and software services. This makes it easier to troubleshoot incidents, allows you to proactively solve some problems and speeds up the response to failures.
- Do not host mail services on the same server that hosts the site. The easiest solution for hosting mail is to use special services from Google ( google.com/apps ), these services are superior to many “mail” hosting plans and almost all “homemade” solutions.
