How To Optimise MySQL & Apache On cPanel/WHM

On this optimization process we will go over the Apache core configuration and modules that are part of Apache core. We think that with the correct settings of Apache and MySQL you can get excellent results and the correct level of resource use without installing third-party proxy and cache modules. So let’s start,

 

Apache & PHP

In the first stage we run the Easy Apache and selected the following:

* Apache Version 2.4+

* PHP Version 5.4+

* In step 5 “Exhaustive Options List” select

– Deflate

– Expires

– MPM Prefork

– MPM Worker

After Easy Apache finished go to your WHM » Service Configuration » Apache Configuration » “Global Configuration” and set the values by the level of resources available on your server.

Apache Directive 	 	(From 2GB memory or less and up to 12GB memory) 	 	

StartServers 	 	 	4 	 	8 	 	16 	
MinSpareServers 	 	4 	 	8 	 	16 	
MaxSpareServers 	 	8 	 	16 	 	32 	
ServerLimit 	 	 	64 	 	128 	 	256 	
MaxRequestWorkers 	 	50 	 	120 	 	250 	
MaxConnectionsPerChild 	 	1000 	 	2500 	 	5000 
Keep-Alive			On		On		On
Keep-Alive Timeout	 	5	 	5	 	 5
Max Keep-Alive Requests		50	 	120	 	120
Timeout				30		60		60

 

Now go to WHM » Service Configuration » Apache Configuration » Include Editor » “Pre VirtualHost Include” and allow users minimal cache and data compression to allow the server to work less for the same things by pasting the code below into the text field.

 # Cache Control Settings for one hour cache
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=3600, public"
</FilesMatch>

<FilesMatch ".(xml|txt)$">
Header set Cache-Control "max-age=3600, public, must-revalidate"
</FilesMatch>

<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=3600, must-revalidate"
</FilesMatch>

# Mod Deflate performs data compression
<IfModule mod_deflate.c>
<FilesMatch ".(js|css|html|php|xml|jpg|png|gif)$">
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE no-gzip
</FilesMatch>
</IfModule>

 

Go to WHM » Service Configuration » “PHP Configuration Editor” and set the parameters according to your needs:

– memory_limit

– max_execution_time

– max_input_time

 

MySQL

For MySQL you need to update the configuration file that usually in /etc/my.cnf

Best config base on 1 core & 2GB memory MySQL 5.5:

[mysqld]
    local-infile = 0
    max_connections = 250
    key_buffer = 64M
    myisam_sort_buffer_size = 64M
    join_buffer_size = 1M
    read_buffer_size = 1M
    sort_buffer_size = 2M
    max_heap_table_size = 16M
    table_cache = 5000
    thread_cache_size = 286
    interactive_timeout = 25
    wait_timeout = 7000
    connect_timeout = 15
    max_allowed_packet = 16M
    max_connect_errors = 10
    query_cache_limit = 2M
    query_cache_size = 32M
    query_cache_type = 1
    tmp_table_size = 16M
    open_files_limit=2528

[mysqld_safe]

[mysqldump]
    quick
    max_allowed_packet = 16M
[myisamchk]
    key_buffer = 64M
    sort_buffer = 64M
    read_buffer = 16M
    write_buffer = 16M
[mysqlhotcopy]
    interactive-timeout

 

Best config base on 8 core & 12GB memory (Shared server) MySQL 5.5:

[mysqld]
local-infile=0
max_connections = 600
max_user_connections=1000
key_buffer_size = 512M
myisam_sort_buffer_size = 64M
read_buffer_size = 1M
table_open_cache = 5000
thread_cache_size = 384
wait_timeout = 20
connect_timeout = 10
tmp_table_size = 256M
max_heap_table_size = 128M
max_allowed_packet = 64M
net_buffer_length = 16384
max_connect_errors = 10
concurrent_insert = 2
read_rnd_buffer_size = 786432
bulk_insert_buffer_size = 8M
query_cache_limit = 5M
query_cache_size = 128M
query_cache_type = 1
query_prealloc_size = 262144
query_alloc_block_size = 65535
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
max_write_lock_count = 8
slow_query_log
log-error
external-locking=FALSE
open_files_limit=50000

[mysqld_safe]

[mysqldump]
quick
max_allowed_packet = 16M

[isamchk]
key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

[myisamchk]
key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

#### Per connection configuration ####
sort_buffer_size = 1M
join_buffer_size = 1M
thread_stack = 192K

 

Repair & optimize databases then restart MySQL:

mysqlcheck --check --auto-repair --all-databases
mysqlcheck --optimize --all-databases
/etc/init.d/mysql restart

 

Security & Limit Resources

 

Install CSF (ConfigServer Security & Firewall) at: http://configserver.com/free/csf/install.txt

1) Go to WHM » Plugins » ConfigServer Security & Firewall » “Check Server Security” And pass on what appears as required to repair:

2) Go to WHM » Plugins » ConfigServer Security & Firewall » “Firewall Configuration” and set the parameters according to your needs:

PT_USERMEM=180

PT_USERTIME=180

PT_USERKILL=1

PT_USERKILL_ALERT=1 (Optional)

 

Now enjoy your new fast and more effective server.

How To Change The Primary IP Address Of A WHM/cPanel Server

Steps in WHM:

  • Log into WHM and go to Basic cPanel & WHM Setup
  • Change the Primary IP here with the option that says “The IP address (only one address) that will be used for setting up shared IP virtual hosts
  • Note: This might not actually be necessary.

Log in to SSH, and do the following:

  1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip
  2. Edit /etc/sysconfig/network
    • Change the GATEWAY line here if it does not exist in the ifcfg-* file.
  3. Edit /etc/ips
    • Remove the new primary IP from this file if it is present
    • Add the old primary IP to this file with the format <IP address>:<Net Mask>:<Gateway>
  4. Edit /var/cpanel/mainip
    • Replace the old primary IP with the new primary IP
  5. Edit /etc/hosts
    • Replace the old primary IP with the new one if needed. The hostname’s dnswill need to be updated too
  6. Restart the network service to make the new IP the primary
    • service network restart
    • Note: You’re probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.
  7. Restart the ipaliases script to bring up the additional IPs
    • service ipaliases restart
  8. Run ifconfig and make sure all IPs show up correctly
  9. Update the cpanel license to the new primary IP
  10. Verify you can still log in to WHM and there is no license warning

How to Install ClamAV and Configure Daily Scanning on CentOS

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled.

The EPEL repo is enabled by simply installing an RPM. Please use the command below to install the EPEL repository on your CentOS server.

CentOS 6 – 32-bit

 CentOS 6 – 64-bit

 CentOS 5 – 32-bit

 CentOS 5 – 64-bit

After running the above commands for your relevant CentOS version, the following file is created:

/etc/yum.repos.d/epel.repo

The above file can be edited directly to enable or disable the EPEL repo.

2. Install required packages
yum install clamav clamd
3. Start the clamd service and set it to auto-start
chkconfig clamd on
/etc/init.d/clamd start
4. Update ClamAV’s signatures
/usr/bin/freshclam

Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:
vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:

 #!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"

/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

Internet Protocol (IPv4) Subnet Chart

Ths is an Internet Protocol (IPv4) Subnet Chart. You can use this to quickly look up how your might need to subnet your network. At the bottom there is a quick how-to on calculating subnets.

For more information on subnetting, see RFC 1817 and RFC 1812.

Class address ranges:

  • Class A = 1.0.0.0 to 126.0.0.0
  • Class B = 128.0.0.0 to 191.255.0.0
  • Class C = 192.0.1.0 to 223.255.255.0

 

Reserved address ranges for private (non-routed) use (see RFC 1918):

  • 10.0.0.0 -> 10.255.255.255
  • 172.16.0.0 -> 172.31.255.255
  • 192.168.0.0 -> 192.168.255.255

 

Other reserved addresses:

  • 127.0.0.0 is reserved for loopback and IPC on the local host
  • 224.0.0.0 -> 239.255.255.255 is reserved for multicast addresses

 

Chart notes:

  • Number of Subnets – “( )” Refers to the number of effective subnets, since the use of subnet numbers of all 0s or all 1s is highly frowned upon and RFC non-compliant.
  • Number of Hosts – Refers to the number of effective hosts, excluding the network and broadcast address.

 

 

Class A

Network Bits Subnet Mask Number of Subnets Number of Hosts
/8 255.0.0.0 0 16777214
/9 255.128.0.0 2 (0) 8388606
/10 255.192.0.0 4 (2) 4194302
/11 255.224.0.0 8 (6) 2097150
/12 255.240.0.0 16 (14) 1048574
/13 255.248.0.0 32 (30) 524286
/14 255.252.0.0 64 (62) 262142
/15 255.254.0.0 128 (126) 131070
/16 255.255.0.0 256 (254) 65534
/17 255.255.128.0 512 (510) 32766
/18 255.255.192.0 1024 (1022) 16382
/19 255.255.224.0 2048 (2046) 8190
/20 255.255.240.0 4096 (4094) 4094
/21 255.255.248.0 8192 (8190) 2046
/22 255.255.252.0 16384 (16382) 1022
/23 255.255.254.0 32768 (32766) 510
/24 255.255.255.0 65536 (65534) 254
/25 255.255.255.128 131072 (131070) 126
/26 255.255.255.192 262144 (262142) 62
/27 255.255.255.224 524288 (524286) 30
/28 255.255.255.240 1048576 (1048574) 14
/29 255.255.255.248 2097152 (2097150) 6
/30 255.255.255.252 4194304 (4194302) 2

 

Class B

Network Bits Subnet Mask Number of Subnets Number of Hosts
/16 255.255.0.0 0 65534
/17 255.255.128.0 2 (0) 32766
/18 255.255.192.0 4 (2) 16382
/19 255.255.224.0 8 (6) 8190
/20 255.255.240.0 16 (14) 4094
/21 255.255.248.0 32 (30) 2046
/22 255.255.252.0 64 (62) 1022
/23 255.255.254.0 128 (126) 510
/24 255.255.255.0 256 (254) 254
/25 255.255.255.128 512 (510) 126
/26 255.255.255.192 1024 (1022) 62
/27 255.255.255.224 2048 (2046) 30
/28 255.255.255.240 4096 (4094) 14
/29 255.255.255.248 8192 (8190) 6
/30 255.255.255.252 16384 (16382) 2

 

Class C

Network Bits Subnet Mask Number of Subnets Number of Hosts
/24 255.255.255.0 0 254
/25 255.255.255.128 2 (0) 126
/26 255.255.255.192 4 (2) 62
/27 255.255.255.224 8 (6) 30
/28 255.255.255.240 16 (14) 14
/29 255.255.255.248 32 (30) 6
/30 255.255.255.252 64 (62) 2

Supernetting (CIDR) Chart

  • CIDR – Classless Inter-Domain Routing.
  • Note: The Number of Class C networks must be contiguous.
    For example, 192.169.1.0/22 represents the following block of addresses:
    192.169.1.0, 192.169.2.0, 192.169.3.0 and 192.169.4.0.

Class C

CIDR Block Supernet Mask Number of Class C Addresses Number of Hosts
/14 255.252.0.0 1024 262144
/15 255.254.0.0 512 131072
/16 255.255.0.0 256 65536
/17 255.255.128.0 128 32768
/18 255.255.192.0 64 16384
/19 255.255.224.0 32 8192
/20 255.255.240.0 16 4096
/21 255.255.248.0 8 2048
/22 255.255.252.0 4 1024
/23 255.255.254.0 2 512

Stopping or Preventing Email Spam

The following is a list of ways Ameravant Web Hosting helps clients from the ongoing battle against Email Spam.

The items below only apply if you are an Ameravant client with the C-Panel web hosting Control Panel.

1) MAKE YOUR EMAIL ADDRESS INVISIBLE:
If you have your Email address posted on your web site, Internet spammers can crawl your site and copy your Email address into their system.
HOW: To prevent this Ameravant can encrypt your Email address on your web site so visitors can view and click the link but spammers cannot see the link.

2) BOX TRAPPER:
There is a feature called Box Trapper that comes with Ameravant Web Hosting. When Box Trapper is activated, anyone sending an Email to your Email address would get a reply Email asking them to click a link and verify they are a real person. Once they click that link they get put on your White List and you receive their Email, and all future Emails from them. Because spammers are automated systems & don’t reply to Emails, they are never added to your White List. The following link offers more information on this feature, http://www.cpanel.net/support/docs/11/cpanel/mail_boxtrapper.html
HOW: Here is a link showing you how to set up Box Trapper, http://www.cpanel.net/media/tutorials/boxtrapper.htm
3) TURN ON SPAMASSASSIN:
SpamAssassin is widely used by Email Service Providers, like Ameravant. SpamAssassin will allow you to filter your Email and remove spam before you check your email.
HOW: From the home page of your Control Panel, click the “SpamAssassin” icon. Then click the “Enable” button next to SpamAssassin. Once SpamAssassin is turned on, you can tighten the default settings. The average Score setting is 5. You can reduce this to 4 or 3. This number represents how many tests an Email fails before it is considered spam. If you are concerned that reducing the Score will delete legitimate Email, you can enable “Spam Box” from this same page. This will direct all spam into a separate folder in your Webmail system. You can occasionally visits that folder to see if any legitimate Email is there.

4) BLACKLIST DOMAINS OR EMAIL ADDRESSES:
Blacklisting domains or individual Email accounts will prevent spam Email from getting into any Email account at your domain. Here is a tip. If you are getting spam Email that indicates it is From your Email account and To your Email account, you can blacklist your own Email address to prevent the spammers from sending this type of Email spam to you.
HOW: You can set blacklist domains or Email addresses from your Control Panel. Click the Spam

5) SET YOUR DOMAIN SPAM FILTER FOR Words or Phrases:
Words or Phrases: Any filters(word or phrases) you create in this area will effect all Email accounts for your domain. If you see Words in your spam Email that clearly identify them as spam, you can put these words in your Spam Filter. For example if I put the word “penis” in my spam filter, all future Emails with the word penis will be automatically deleted, redirected to another Email account or moved to a spam folder. You get to choose the action for each word you put in your Spam Filter.
HOW: In your Control Panel, click the “Account Level Filtering” icon. Then click the “Create a new Filter” button

6) SET YOUR PERSONAL EMAIL SPAM FILTER FOR Words or Phrases:
Any filters(word or phrases) you create in this area will affect only your individual Email account. If you see Words in your spam Email that clearly identify them as spam, you can put these words in your Spam Filter. For example if I put the word “penis” in my spam filter, all future Emails with the word penis will be automatically deleted, redirected to another Email account or moved to a spam folder. You get to choose the action for each word you put in your Spam Filter.
HOW: In your Control Panel, click the “User Level Filtering” icon. Then click the “Manage Filters” text next to the Email account you want to apply filters.

7) ENABLE DOMAIN KEYS
DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.
HOW: From the home page of your Control Panel, click the “Email Authentication” icon. Then click the “Enable” button next to DomainKeys.

8) ENABLE SPF AUTHENTICATION:
SPF will specify which Email Servers are authorized to send email from your domain(s). This means that only mail sent through your Email server will appear as valid mail from your domain(s) when the SPF records are checked. This prevents what is known as “Spoofing”, where spam Email appears to be coming from your domain.
HOW: From the home page of your Control Panel, click the “Email Authentication” icon. Then click the “Enable” button next to SPF.

9) SET YOUR LOCAL SPAM FILTER:
If you are using an antivirus/antispam program on your local computer, most of them have spam filters that work with your local Email application. Check with your vendor to see how to filter out spam locally.

10) SPAM PROTECTION FROM EMAIL IMAGES:
The most difficult type of spam to prevent is the Email that has an image in the body of the Email. When that image becomes visible it is reporting back to the spammer that your Email address is valid. After validation you can be sure more spam is on the way.
HOW: To prevent this type of image validation, many Email program have a feature where you are not able to view images in your Email unless you identify that Email/Email Address as a Friend. Outlook 2007 offers this feature. Check with your Email application provider to see if they offer this feature and how to activate it.

11) CANNOT STOP ALL SPAM:
Unless you use the Box Trapper feature described above, it is impossible to prevent all spam from coming into your Email account. Sadly, it’s part of our new online culture.