Website performance is one of the key factors when it comes to user retention and conversion. There are a lot of case studies explaining how website responsiveness can influence your customer experience, and more particularly your business as it would lead to fewer conversions. That’s why, Google made page speed a factor of importance when it comes to their ranking, so initial server response under 100ms is considered slow by today’s standards.
So due to this, many can assume that the shared hosting industry is going to meet the same fate as the dinosaurs right? Well not so fast, when it comes to running your website in the easiest and most affordable way, shared web hosting holds the throne. Second, thanks to these new “container” technologies, the shared web hosting industry improved by a factor of magnitude. You see in the early days of the internet managing a stable shared web hosting node was quite a challenge. Up until 2010 things like handling sudden resource spikes caused by abusive clients or bad Joomla plugins, or fighting off hacker attacks infesting all of the users on the node were daily tasks of the system administrators. Not all web hosting companies had the resources to handle such things, so it became widely accepted that your website could go down or be hacked if some other client on the same node installed some bad Joomla plugin. Exiting times…
Thankfully all of this changed with the announcement of CloudLinux.
In short, CloudLinux is an RHEL based OS with a heavily modified Linux kernel and additional tools that allows shared hosting providers to isolate the web hosting users (tenants) of a single shared node between them, and more importantly limit the usage of the hardware resources, a technology that revolutionized the shared hosting industry. Wondering how? Well, keep reading to find out.
CloudLinux LVE, Tame the Untamed
Lightweight Virtual Environment (LVE) is one of the core components of CloudLinux. With this, the shared hosting providers are able to create a separate “container” for each tenant, giving them full control over the hardware resource usage, such as CPU, IO, RAM, and network. To achieve this LVE relies heavily on Linux kernel control groups (cgroups), which is the exact technology that Docker and all Linux container technologies use for resource management. The goal of LVE is to make sure that a single tenant can’t bring down the whole shared hosting node or in more particular to make sure that the node hardware resources are fairly distributed among the tenants.
Thanks to this technology, the stability of the shared hosting improved dramatically over the years, and when configured properly the tenants won’t even notice that they have noisy neighbors.
Secure the Unsecured
When it comes to security in a shared hosting environment things can get even more complicated, and truth to be told no matter how much resources you allocate on protection, you can’t protect all of your tenants. Eventually, some websites will get compromised due to an outdated plugin that is outside of your control, or even worse, some zero-day vulnerability will be exploited. On top of this, not all threats will come from outside of your node. In fact, it is more likely that the shared hosting node will be compromised from an active tenant instead of a third party outside of the node. And if you consider the monthly fee for a shared hosting account, from an attacker’s point of view attack from within makes perfect sense.
Churchill was quite on point with his saying:
When there is no enemy within, the enemies outside cannot hurt you.Winston Churchill
And that’s exactly what Cloudlinux does with CageFS, it “eliminates” the enemies from within.
CageFS is a virtual filesystem with a set of tools with one purpose, containing each tenant into its own cage/container. Each tenant has its own filesystem, with its own set of tools that can be used, on top of this tenants do not have access outside of their filesystem, meaning the tenants cannot see each other or even worse see some confidential server configuration. In addition to this CageFS, virtualizes the /proc filesystem offering even better isolation between the shared node tenants, for e.g:
- limiting the tenants to viewing only their own running processes
- removing confidential host information such as system memory, mounted devices, hardware configuration, etc.
Outside of the security scope CageFS opened a room for running any binary in a safe mode and thanks to the LVE resource utilization is no longer an issue. So naturally, the shared hosting software stack was able to move away from the standard LAMP stack, and even the P (stands for PHP) from the LAMP got its improvement.
Govern the Ungoverned
While LVE and CageFS are solving many of the issues within the shared hosting nodes, one key component is left out of it. And that would be the M (which stands for MySQL) from the LAMP stack, which is responsible for storing and handling all of the tenant’s database data. From our experience, when it comes to over usage, MySQL is to blame, kinda has the same reputation as DNS.
And yet again, CloudLinux solves this bitter issue as well, and the solution for this is called MySQL Governor, a tool that monitors and restricts MySQL usage on a shared hosting node.
With MySQL Governor, the abusive tenants can be restricted to their LVE limits in order to minimize their impact on the overall system, when it comes to MySQL utilization. If necessary MySQL Governor can be configured to impose some additional limits on CPU usage, or disk read and writes. Thanks to it shared hosting nodes can be an even more stable and performable environment, which leads us to the main subject of this post.
How Do We Do It?
Well, if it’s not obvious by now, for starters, we use CloudLinux 🙂
Yep, CloudLinux is our OS of choice for all our shared hosting nodes. Given that it provides all of these security and stability features and perks out of the box, it is a no-brainer actually. It gave us the ability to evolve and grow our shared hosting platform to a level that we didn’t imagine. Shared hosting is not just for PHP projects now, you can run your Node.JS, Ruby on Rails, and even Python projects as well on cheap and affordable hosting. On top of that our PHP stack is always up to date with the latest PHP versions eg. PHP 8.1 and we do have support for legacy scripts as well who run on older versions of PHP eg. 5.6.
Thanks to the innovative technologies we’ve talked about above, we’re able to level up the playing field for all of our customers. Now everyone gets what they pay for and in times of need more than that. Yes, that is correct, we’re aware each website can have its own moments of fame, by becoming a trending topic on social media or elsewhere. In such situations, traffic bursts are expected, so instead of sticking to the hard limits and throttling down valuable traffic, our nodes are configured to handle such sudden changes in traffic bursts when resources are available. And in 99.99% of the cases, there is, as we keep our nodes utilized around 70%.
But our work does not end here as our goal is to serve responses in less than 100ms, and truth to be told, given the number of influencing factors in a shared hosting environment, this is quite a challenging task. Software solutions like CloudLinux are amazing, but as we all know:
Software comes from heaven when you have good hardware.Ken Olsen
So naturally, we are spending a lot of time and effort when designing and building the hardware of our nodes. At this moment we’re in a process of migration to the 4th iteration of our hardware, which brings amazing speeds and improvements over the previous hardware generation. But it is safe to say that almost 90% of fleer runs on AMD EPYC Rome and Milan processors, providing incredible performance and CPU density per node, which enables us to fully utilize our datacenter grade NVMe’s over PCIe 4.0 interface connected in RAID10 array, now this is what I call exciting times 🙂
In the end, I can say that all of this combined with our unmetered traffic policy is an ideal starting point for your small business or startup project. it’s cheap, stable, and yet high-performance shared web hosting. But don’t trust me blindly, feel free to try out our Unmetered Shared Hosting plans, and if you’re not happy with the results we will refund you right away, no questions asked!