VPS Optimization for High Traffic Sites

I have a VPS with 384MB RAM available as standard, and the option to burst up to 1GB.

This is enough to run some fairly high traffic sites if you’re careful with the setup, but with the default setups and fancy control panels, you’ll exceed the memory limit quite quickly.

I use Citadel as the email client, but I’ve disabled Webcit.  I also removed Spam Assassin, and just use the Realtime Blackhole List to prevent spam.  Those simple changes have shaved over 100MB off my normal usage, but there’s still a lot to go.

top shows that memory usage is leaking up into the burst limit over time – even with some basic optimizations of httpd.conf and MySQL.  I’m considering trying lighttpd instead of Apache2 – I really don’t NEED Apache2, and it seems to be quiet a hog.

The other possible optimization would be to use something lightweight in place of named – which is currently sat at 180m memory usage!

If anyone has any favourite lightweight alternatives to named, I’d love to hear about them.

Using VSFTPD With PAM

If you’re using VSFTP as your FTP server, and would like to have Virtual Users who are restricted to using their ‘home’ directory when they log in, then probably the easiest way to achieve that is with PAM.

I’ve just set up something similar on my VPS – working through this very useful VSFTPD and PAM tutorial.  I’m using CentoOS on the VPS, but it should work for most other distros too, although you may need to change some of the paths to work with your installation.

I ran into a couple of issues with the tutorial.  First, I was getting 530 Login-Errors.  A look at the log file from:

tail -f /var/log/secure

Brought up this error:

vsftpd: PAM [error: /lib/security/pam_userdb.so: wrong ELF class: ELFCLASS32]

This is a simple fix – there’s a 64 bit version of pam_userdb.so, which you need to point to in your /etc/pam.d/vsftpd file.  Change the part that says /lib/security/pam_userdb.so to reference /lib64/security/pam_userdb.so instead – there should be two instances to change.

Restarting VSFTP with:

service vsftp restart

Showed that there were still more problems.  I was still getting 530 errors, and tailing the logs again I found a whole catalogue of errors:

vsftpd: PAM (vsftpd) no module name supplied
vsftpd: PAM (vsftpd) illegal module type: file=/etc/vsftpd/vsftpd_users
vsftpd: PAM pam_parse: expecting return value; […onerr=succeed]
vsftpd: PAM (vsftpd) no module name supplied
vsftpd: pam_userdb(vsftpd:auth): can not get the database name
vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory
vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory

Desperate, I double checked every step, everything had been done correctly.

So, I re-created my user file and DB, thinking that it may have been corrupted somehow (I’m using db4, not db3, by the way) – and it worked fine.

The difference, the second time I made the file?  The second time, I used vi to make my users.txt file, which was then converted into the DB.   The first time, I had used nano.

So, if you’re running into problems with VSFTPD, and you’re convinced you’ve done everything correctly, try using a different text editor.  Vi may not be the prettiest editor in the world, but it gets the job done 🙂

vsftpd: PAM (vsftpd) no module name supplied
Jun 10 17:38:58 mythgames vsftpd: PAM (vsftpd) illegal module type: file=/etc/vsftpd/vsftpd_users
Jun 10 17:38:58 mythgames vsftpd: PAM pam_parse: expecting return value; […onerr=succeed]
Jun 10 17:38:58 mythgames vsftpd: PAM (vsftpd) no module name supplied
Jun 10 17:38:58 mythgames vsftpd: pam_userdb(vsftpd:auth): can not get the database name
Jun 10 17:40:29 mythgames vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory
Jun 10 17:44:10 mythgames sshd[7470]: pam_unix(sshd:session): session closed for user root
Jun 10 17:44:31 mythgames sshd[24274]: Accepted password for root from 86.167.187.254 port 52023 ssh2
Jun 10 17:44:31 mythgames sshd[24274]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 10 17:46:06 mythgames vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory

Testing Citadel server

I’ve had a VPS for a couple of months now, and I hate to admit it, but I’ve only moved over three of my domains.  My main business domain is still on a shared hosting account, because I want to make sure that the VPS is running smoothly, and can cope with the bandwidth and load demands that the business domain will create.

One of the last things I wanted to set up was a good groupware server.  After a little research, I decided to try out Citadel.

The VPS was originally running Ubuntu 6.06, which is LTS, so is still getting security updates, but is otherwise pretty out of date, and I ended up in dependency hell trying to install Citadel.  I upgraded to Intrepid.   To Ubuntu’s credit, the upgrade was fast and easy.  Citadel installed, but wouldn’t start as a service.

After a few support requests on the Citadel and Ubuntu community boards – which recieved some helpful suggestions, but in the end didn’t resolve the problem, I ended up trying Citadel in a CentOS VM.  It proved to be exactly what I was looking for.  So, I asked my host to re-image the VPS to CentOS.  That’s not a reflection on Ubuntu as a sever, just that there was something about the VPS’s configuration that Citadel didn’t like, and at such an early stage, with a deadline looming, it was easier to start from scratch with something that was known to work.

So far, CentOS is running well.  It’s taking a while to get used to where it puts all the config files, but Apache and PHP are up and running, as is an FTP server.  I still need to sort out phpMyAdmin though.

Citadel is up and running, accepting mail for two domains.  I’m liking the Jabber feature, and looking in to setting up Funambol for push email.  The only thing I need now is to find a good email client for Windows that can understand GroupDAV.