cPanel/WHM – Optimizing your CentOS Virtual Servers

Today we’re going to look over some tips you can take in perfecting your web-management service in order to truly impress your clients. There are a few factors that are important for any virtual service, these are security, speed, and ease of use. Today we’re going to touch base on all three of these factors and I’ll be giving you a few tips that to improve your service for your clients.

web hosting management

In today’s day-in-age, security is no longer a premium perk you can use to bribe your standard paid users into a premium membership. With today’s technology, top security is expected and if your competition is offering top security from all standard users, then you’ll need to step up your game.

There are a few plugins you can install for WHM that can help with security management, one of which is CSF (ConfigServer Security & Firewall). After installing CFS, you can head to the plugins page located at the bottom of the WHM sidebar. There you can access the plugins control center and have the ability to control your security.

When you first install CFS, you’ll need to alter the default settings. The quickest way to get started is to head to the Firewall Configuration page from the CFS main menu. There, you will see some presets you can enable to bulk-change the server’s security. A standard option is to set the Firewall default security to ‘medium’.

Check server Security
Another thing you can do to further secure your server is access the “check server security” option in the main menu. There will show a list of tips generated by the plugin that you can take in order to improve security on your server. At the bottom of the page, you will be shown a scorecheck and be shown where your server sits between “insecure” and “maximum-security”.

This is a handy tool when you’re not sure exactly what needs to be done. Note that you will not need to make every change that is recommended by CFS, due to your unique setup, this might not be possible or feasible. It’s helpful to stay within the upper-yellow and green area.

web hosting management

Security Advisor
Another handy tool you can use for identifying security exploits is Security Advisor. A Lot like CFS, Security Advisor will run a scan on your server and return any potential issues and will colour-code all results Red, Yellow, and Green. After returning the results, it will also give some tips for correcting the threats and protecting yourself.

After installing the plugin, head to the plugins page and select “Security Advisor Tool”, there you’ll be able to select “scan” and you’ll be able to see the results populate the page as the plugin collects them. Unlike CFS, the tool isn’t as descriptive nor thorough, however, will provide peace of mind when running in accordance with CFS.

web hosting management

Speed is an all important factor for people to look at when deciding what service they want to choose, whether it’s your or your competitors. Having the ability to say your service runs faster and smoother than other companies is a huge step you’ll take in the race of leading the market.

Below, we’ll go over some handy tips and tricks that you can use when improving reliance and speed with your server. However, not all tips will work for you, and some will come at a cost, whether that be in money, security or the means of having to spend the time changing your existing setup.

We’re going to go over some tips that you can make with WHM straight out of the box, with WHM’s Tweak Settings page. You can search for this page in the search box.

We’ll be able to search for particular settings and control them right from the page. Below, you’ll see a list of options that you might be able to tweak to improve performance. Please note that some of these tweaks may contradict the previous settings you’ve made to improve security.

Turn off Mailman:
web hosting management


Email delivery retry time:
Update the email delivery retry time to 30 minutes from the default 15 minutes.
web hosting management


Boxtrapper and SpamAssassin:
Turn off boxtrapper Spam Trap and SpamAssassin Spam Box delivery to off.
web hosting management


Disable MySQL Disk Calculations:
If you just have your own website running on the VPS then you can reduce the resources used on the server by disabling MYSQL disk calculations .
web hosting management


Disable FTP anonymous uploads and log-ins:
If you don’t want people logging into your website via FTP or uploading files anonymously so you can turn this off.
web hosting management


Optimized Apache
A hand tip to improve overall performance on your site without updating hardware is to optimize Apache correctly. There are many things you can alter to improve your performance, however, WHM is quite limiting when wanting to do so. You can alter the following settings at the in the Apache Global configurations. Located at:

Home >> Service Configuration >> Apache Configuration >> Global Configuration

When set to “on”, Keep-Alive enables a persistent connection between your server and the user, providing long-lived HTTP sessions which allow multiple requests to be sent over the same TCP connection. In some cases, this has been shown to result in an almost 50% speedup in latency times for HTML documents with many images. To enable Keep-Alive connections in Apache 1.2 and later, set KeepAlive On.

This directive is used to define the number of requests allowed per connection when KeepAlive is enabled. When the value of this option is set to “0”, unlimited requests will be allowed on the server. For server performance, it’s recommended to allow unlimited requests.

This directive is used to define how much time, in seconds, Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the “Timeout” directive applies. The value of “10” seconds is a good average for server performance. This value should be kept low as the socket will be idle for extended periods otherwise.

This directive is used to define the limit on the number of child processes that will be created to serve requests. The default means that up to 512 HTTP requests can be handled concurrently. This is an important tuning parameter regarding the performance of the Apache web server. For a high load operation, a value of “512” is recommended. For standard use, you can set the value to “256”.

This directive is used to define the minimum number of idle child server processes that should be created. An idle process is one which is not handling a request. If there are fewer than “MinSpareServers” idle, then the parent process creates new children at a maximum rate of 1 per second. The idle value is 10 MaxSpareServer: This directive is used to define the maximum number of idle child server processes that should be created. If there are more than “MaxSpareServers” idle child processes, then the parent process will kill off the excess processes and these extra processes will be terminated.The idle value is 15.

This option is used to define the number of requests that an individual child server process will handle. Set this directive to “0” to get the maximum performance and scalability for the server.

When set to “Off”, this directive will disable DNS lookups. It’s recommended to set this option to “Off” in order to avoid latency with every request. This will also save the network traffic time and improve the performance of your Apache web server.

For security, it is also a good idea to disable directory listings. You can do this by scrolling to the Directory options on the Global configuration page. There you will be able to disable indexing.

Optimize MySQL
When using a dynamic environment, it can be very beneficial to correctly configure your SQL settings. Replace your existing my.cnf file to the following.

max_allowed_packet = 1M
max_connections = 300
max_user_connections = 35
quick max_allowed_packet = 16M

To reduce RAM usage, you should also convert your InnoDB tables to MyISAM. RAM is a very important factor to worry about when running in a virtual environment. InnoDB uses a high amount of RAM and is recommended you avert using it. This might impact load times slightly, but it also allows the converted database tables to be accessed with a much lower memory footprint. You can change these formats with any SQL UI such as PHPMyAdmin.

Performance Schema
For MySQL 5.6.6+, disable performance_schema. This is turned on by default and tends to use a lot of RAM!
To disable performance_schema:

  1. Open my.cnf (typically @ /etc/my.cnf) via SSH or VPS admin panel >> add the following line just under [mysqld] >> performance_schema=0
  2. Save/close my.cnf and restart mysql service.

Backup Type
Instead of using compress backups, use incremental backups. You can configure this in WHM directly at:
WHM >> Home >> Backup >> Backup Configuration

Optimize PHP
Main advice here would be to reduce memory_limit in php.ini file. To reduce memory_limit, head to:
WHM >> Service Configuration >> PHP Configuration Editor >> Core >> memory_limit

When providing a virtual service, ease-of-use is a key area to focus on when wanting to develop a popular service. In order for your business to grow, you mustn’t only offer a reliable service, you must also offer a service that isn’t sole dependent on your IT department. This means providing your clients and users with access to secure tools and settings where they’re able to use to take control of their own site. Providing that functionality isn’t only about making it user-friendly, it’s also about providing a service that users can not take advantage of and use for malicious behavior. Thankfully, when using WHM, all that is taken care of and all you need to worry about is how to enable the features.

There are several web hosting tools that you can use to help sell your service including enabling SSH access to your users. This can all be done through the WHM UI.

When allowing SSH access you have to be careful with the amount of access you give your users. There are three types of access; open, jailed and closed. Open and Closed are self-explanatory, either the user has access or they don’t, however, jailed is a bit different. Jailed access means the user will only have access to their home directory, meaning they won’t be able to fiddle with configuration files etc. If SSH is a must, then I strongly suggest setting access to jailed – at the most.

Written by:
Reade is a passionate developer, designer, and researcher who's passion lies with all things, technology and development. Reade is currently a part of the research and development team here at CodeClouds and works full time while studying design at University.