How To Stream MP4 Video Files From My VPS

This is a really good question and was actually the subject of a support ticket. I scratched my own head for a second and realized the solution was much easier than I thought.

What you need:

  • A virtual private server running Windows or Linux
  • A web server such as Apache, IIS, nginx, Lighttpd, etc.
  • Enough disk space for the operating system and video files
  • Enough bandwidth for your video files

Step One:
Install the operating system

This is relatively easy and I have to assume everyone has done this as there is nothing specific or special you need to install on your operating system except make sure it connects online.

Step Two:
Install the web server

For Apache, it’s relatively easy with most Linux operating systems.

Apache download pageApache for Windows
Continue Reading


WordPress Wednesdays: Basic WordPress Setup on a VPS Server

For this new addition to “WordPress Wednesdays”, I have created this basic WordPress setup tutorial where you take a basic OpenVZ or Xen virtual private server, setup the minimum requirements of WordPress and start your new blog. In today’s later article, I will explain how to restore a backup.


1. Virtual Private Server:
Your WordPress installation needs a Linux operating system to run a web server, MySQL and PHP. Most Linux distributions come with a web server, such as Apache, by default and through the package managers on the operating system we can install additional requirements that we need.

The minimum requirements, I would recommend, for a VPS to run WordPress is 512mb RAM, 1024mb burstable RAM or swap space, 20gb disk space and 250gb bandwidth minimum. If you plan on using a lot of graphics or a lot of traffic, you may want to use 500gb of network transfer. If you are going to be traffic or resource intensive, with lots of WordPress plugins, please go with a Xen VPS for a few dollars per month.
Continue Reading


What Kind Of VPS Do I Need For A vBulletin Forum?

I’m asked this question pretty regularly, because vBulletin forums are often setup with shared hosting and fly under the shared hosting radar until traffic, robots and memory consumption bring the forum to the hosting provider’s attention which usually end up with the vBulletin forum being asked to leave.

When that happens, the vBulletin forum owner is in a state of panic fearful of the downtime and reputation of the forum being associated with downtime and scrambling for so many hosting options.

First, we need to find a VPS based on your forum’s needs.

If you are a small or brand new forum, this is good. I would recommend an OpenVZ VPS with probably 1gb RAM minimum, 2gb of burstable RAM, 30gb of disk space and 500gb – 1000gb of network transfer on a 100Mbps connection or better (such as shared Gigabit). You would need 2 CPU cores minimum, but I would recommend anywhere between 4 – 8 CPU cores total with a high clock speed. 8 AMD processors running at 1Ghz would work also.

This setup can run you anywhere from $10 – $30.

The reason I recommend OpenVZ for this situation is if you need more RAM, such as you doubled your forum membership or more active users are online at once, you can submit a support ticket to your hosting company and purchase another 1gb of RAM and more burstable RAM without rebooting your vBulletin forum.

If you chose Xen, which I recommend and see my point below, you would have to reboot your Xen VPS on each downgrade and upgrade so it could take anywhere from less than 15 seconds of downtime to 5 minutes depending on the node.

If you are a medium sized forum or expecting large amounts of growth through advertising, link exchanges with other forums, or are just a successful forum operator you should really look into Xen VPS hosting.

The difference between the OpenVZ example above and a similar Xen configuration is only about $5 more per month with the same resources but the advantages are tremendous. KVM is very similar to Xen and if your provider does not offer Xen but KVM, KVM is perfectly acceptable and highly recommended.

  • You do not share resources with other clients, like with OpenVZ.
  • If you are guaranteed 1gb of RAM, nobody else can take that RAM.
  • If you are guaranteed 2 or 4 CPUs, it’s yours for the taking.
  • Xen allows you to install kernel modules, such as PPTP.
  • Xen HVM allows you to recompile your own kernels*

*Note: most “Xen VPS” providers are Xen PV. Ask if they are Xen HVM. A good rule of thumb is if the provider offers Windows, which is not supported on Xen PV but with Xen HVM, that they can probably set you up with a Xen HVM account.

Second, we need to determine what hosting location will work for your vBulletin forum

If your forum has a majority of US members, why would you move your forum overseas to somewhere like Turkey or Romania? With the way the Internet works, a connection goes to another piece of networking equipment and is routed to another piece of equipment to eventually be transferred to your hosting provider’s data center and servers. In networking speak, this is called “hops”.

A good example of how hops work is a public transit bus. This bus goes all over town but needs to make stops at various points on it’s route. Each stop could be thought of as a “hop”, after that stop the bus goes to it’s next “hop” on it’s route until it goes to your destination where you get off the bus. This is not a perfect example but it gives you an example because most people do not understand how the Internet works.

If you host your vBulletin forum overseas, such as in the UK or Germany which I would recommend if you wanted to host your vBulletin VPS in an EU location, it takes on average an additional 75 – 150ms to leave the United States, go through an underwater fiber optic cable in the Atlantic Ocean and show up in a UK data center. If you move your location to somewhere like Turkey or Romania, this could take additional “hops” (or stops like in our bus example), which could increase the lag of your forum.

Your forum could be hosted on a $10,000 piece of server hardware with access to 128gb of RAM but if you’re hosted in a bad location, your forum performance will always be slow to visitors trying to access it.

Germany is a well connected country, with bandwidth everywhere, so I feel that its a good choice for vBulletin forum hosting. However, the UK does not have the same capacity in my experience as Germany. I’ve noticed that bandwidth is more expensive and not as plentiful with VPS hosting packages as German VPS servers. There is an extra 20-50ms delay between UK and Germany, so please consider this to the 75 – 150ms delay from the US across the Atlantic and into the EU.

In conclusion, vBulletin hosting on a VPS has great rewards over shared web hosting. You have dedicated resources, your own SQL server and can install requirements on your server to meet vBulletin or a plugin’s needs whereas if you were with a shared web hosting provider, they may or may not enable such a PHP requirement for a plugin as it would cause some downtime with their webserver.

However, since you’re running the VPS you are now technically the system administrator and the responsibility is with you, the forum owner, to maintain and operate your VPS server unless you hire a server management company or arrange for managed support for your vBulletin forum. If you Google “vBulletin consultant”, there are numerous companies willing to assist you with migrating from shared web hosting to virtual private server hosting, setting up a vBulletin forum on virtual private servers and even maintaining your forum. The advantage of a vBulletin consultant over a server management company or with your hosting provider is that the consultant has more experience with vBulletin as the management company or hosting company support staff only have limited experience with operating, upgrading and maintaining vBulletin which can be tricky sometimes.

Note: Please keep checking in as I will create a tutorial about how to setup a basic vBulletin forum on a virtual private server. Thank you


cPanel: Enable IonCube Loaders

This is a very tricky thing even for the most experienced cPanel system administrators.

First, we run Easy Apache to enable IonCube support in PHP.

Choose “Previously Saved Config” and click “Start customizing based on profile”.

Apache Version:
Choose the latest which is not END OF LIFE. For this tutorial, Apache 2.2.23 is the latest and we want to choose this then click “Next step”.

Please choose which PHP version(s) to build:
We do not want END OF LIFE or EXPERIMENTAL. For this tutorial, 5.3.17 is the latest and most stable version so we choose this and click “Next step”.

Short Options List:
Here is our option for IonCube Loader for PHP. Now click “Exhaustive Options List”

Exhaustive Options List:
While we are here, you may want to consider enabling these options under PHP 5.3.17 such as Exif, GD, Mbstring, Mcrypt, PDO MySQL, and Zlib. These are common PHP requirements on most web applications and if you run a shared or reseller web hosting for individuals, they will require this one day!

Next, we click “Save and build” while we go grab a cup of coffee or take the dog for a walk around the block. Recompiling Apache and PHP takes about 10 minutes or so, depending on your system.

Step 2:
Most people forget this step!

We login to our cPanel server http://ip-address:2087 and go to Tweak Settings up at the very top.

Search for PHP and look for cPanel PHP loader. Here you enable ioncube, scroll down to the bottom and click Save. This is where most people forget to enable the PHP loader in this area but compile it in our PHP.

With this enabled, you can run your IonCube encoded PHP web applications and have it fully supported for your cPanel server for all your other domains, customers and resellers.


Debian: Install Flash Plugin For IceWeasel

This is another quickie tutorial for the sometime difficult task of installing Flash Player for Linux.

For those who do not know, “IceWeasel” is Debian’s version of Firefox due to licensing reasons. I forgot the whole story but Debian got in some dispute and “unbranded” Firefox to fit into Debian’s software philosophy but it’s very easy to fix.

First, we install IceWeasel:

apt-get install iceweasel

Next, we install the Flash Player installer:

apt-get install flashplugin-nonfree

Finally, we install it:

update-flashplugin-nonfree --install

If you are running IceWeasel, close the browser and open it back up. You should be able to see Flash advertisements, do a speed test on Flash based Speed Test websites, and enjoy what Flash has to offer.


Netselect-Apt, A Utility Some Debian Users Never Heard Of

I’ve been using Debian for quite a long time and most people just use the default mirrors that come with Debian’s /etc/apt/sources.list but if you live overseas, using the official Debian mirrors in the United States may be slow for you.

To resolve this, netselect-apt is an application that downloads the official Debian mirror lists and finds out which one is geographically closest to you and creates you a brand new sources.list for your /etc/apt directory.

Installation is easy:

apt-get install netselect-apt
(wait for it to finish)
mv sources.list /etc/apt/sources.list
apt-get update

Now, you would have mirrors to the closest Debian mirror near you which would have the best download speeds. So, for instance, you try to do a huge apt-get dist-upgrade – this would make the download much faster.


Ps_Mem – A Simple Python Memory Usage Script

I don’t know where I was looking but I came across ps_mem.py, a simple Python memory usage script. All you need for this is Python, the programming language, to run this on your VPS.

wget http://www.pixelbeat.org/scripts/ps_mem.py
chmod +x ps_mem.py
sudo ./ps_mem.py

Here is an example of some output of my VPS running nginx and CSF, the ConfigServer Firewall.

# ./ps_mem.py 
 Private  +   Shared  =  RAM used	Program 

296.0 KiB +  37.5 KiB = 333.5 KiB	udevd
680.0 KiB +  97.5 KiB = 777.5 KiB	crond
696.0 KiB + 124.5 KiB = 820.5 KiB	init
  1.1 MiB + 118.0 KiB =   1.2 MiB	bash
  1.2 MiB + 376.5 KiB =   1.6 MiB	syslog-ng (2)
  2.4 MiB + 887.5 KiB =   3.3 MiB	sshd (2)
  4.6 MiB +   1.0 MiB =   5.6 MiB	sendmail.sendmail (3)
 13.3 MiB + 911.5 KiB =  14.2 MiB	nginx (2)
  1.9 MiB +  24.2 MiB =  26.1 MiB	lfd (2)
                         53.9 MiB

This tells me that lfd, part of CSF, is using up the most memory with 26.1 MB and nginx uses 14.2 MB plus the combined programs running use 53.9 MB of my virtual private server’s 256mb of memory, which is not very much at all and very good!

You have to keep your eye on your virtual private server’s resource use and this ps_mem.py script is absolutely perfect for doing so when some folks find ps aux confusing. I would even go as far as putting it in your /usr/bin directory if memory consumption checking is something that you do often on your VPS.


How to Stop a DDoS Attack with iptables on a VPS

This seems to be a relatively common issue with VPS hosting customers. There are a variety of free ways but for attacks more than between 100,000 and 500,000 packets per second (PPS), which is about 100 -500Mbps, there is nothing you can do on your end but may require a DDoS mitigation specialist or action from your uplink/data center.

Step One: iptables
iptables is, according to Wikipedia, a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

iptables is provided by default with most Linux operating systems and with most virtual private servers, regardless of OpenVZ or Xen VPS.

Blocking SYN Flood Attacks:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

This command will drop all SYN packets that are not new, which will mitigate and decrease the attack on your VPS. I have personally ran this on clients’ servers who were having issues and the attack does go away but the attackers usually switch to another attack.

Blocking UDP Flood Attacks:
UDP flood attacks are common against individuals and companies hosting game servers as these game servers operate on UDP ports, rather than TCP. Unfortunately, due to the sophistication of UDP attacks, there is nothing simple you can add to iptables to prevent it other than rate limiting or blocking specific packets that are required by the game server and the attackers utilize that information to make the attack worse.

If you are not running a game server and are a victim of UDP attacks, request from your hosting provider that UDP traffic to your IP address or IP addresses are blocked. Most VPS or hosting providers will be more than glad to implement preventative measures to prevent problems to their network and customers.

Blocking Fragmented Packet Attacks:

iptables -A INPUT -f -j DROP

Step Two: Install CSF Firewall
ConfigServer Firewall, better known as CSF, is a script that provides an overwhelming amount of features in a free script to prevent common denial of service attacks, SSH bruteforcing, blocking of specific country codes, etc. County code blocking, such as .in for India and .cn for China, is a controversial technique.

On one hand, if you notice all your denial of service attacks come from China a great solution would be to block Chinese IP addresses and hosts from connecting to your server. If your website or community does not have Chinese visitors or markets itself to China, blocking all Chinese traffic is a good idea.

On the other hand, some folks believe blocking countries is immoral such as how China uses a Great Firewall of China to control the flow of information. China has billions of people on the Internet and blocking all of China may block visitors from your site, which could grow your website.

Installation of ConfigServer Firewall is very simple


rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

That’s it!

What I like so much about CSF is that it pulls offending IP addresses from DShield and SpamHaus, a spam blocking company, to put those IP addresses in iptables automatically. I run CSF on a personal website of mine and the results are wonderful. CSF has blocked numerous denial of service attempts against my server and my website did not go down for a second. However, this is because of additional measures I have done with the server and I will explain further in this ongoing series about blocking denial of service attacks.

iptables can prevent and block some attacks but if the attack is overwhelming, such as 100-500k PPS, there is little or nothing you can do without intervention from the network administrator at your hosting provider or hiring a DDoS mitigation company. Your hosting provider can put you behind a firewall, offer you a DDoS proxy service, or offer a network administrator to fight the attack off but these options will cost you money short and long-term.

Author’s note: This is one part of a series of articles about how to stop, mitigate or prevent denial of service attacks


Xen or OpenVZ – Which is faster, and which is better?

The question is often asked whether OpenVZ or Xen, two of the most common hypervisors in VPS web hosting, provides a faster hosting environment.


The most common answer to this question is that “OpenVZ is faster,” even though this is not strictly true. OpenVZ’s virtualization is managed at the operating system (OS) level, compared to Xen’s paravirtualized or fully hardware-virtualized environments. Hence, OpenVZ requires slightly less resource overhead, and can be seen as a more resource-efficient hypervisor — but not necessarily a “faster” one.

Compared to performance that would be measured for an application running directly on the physical server, all virtualization techniques will result in at least a small loss in performance due to the hypervisor’s resource overhead. Since most VPS hosts power their host servers with high-quality hardware, this loss in performance is hardly perceptible.

However, the question remains as to whether the Xen or OpenVZ hypervisor achieves better performance. The simple answer is that there are a great number of factors which could determine an answer one way or another, but there are certain key factors which set the two system apart.


Resource Availability

It is important to note the methods Xen and OpenVZ use to assign resources to VEs. On an OpenVZ host server, where all of the server’s physical hardware resources “belong” to the host server and VEs differ only in the operating systems they are running, each VE will essentially have access to the entire server’s resources. Although there are “soft limits” placed for each VE to prevent over-usage of RAM, disk, and other resources, these limits can be (and are frequently) bypassed and abused. For this reason, the performance of an OpenVZ VPS can vary wildly depending on how many other VEs are on the same host, and what they are doing.

In contrast to OpenVZ’s OS-level virtualization, Xen virtualizes hardware and network resources at a deeper level, and provides near-total isolation for each individual VE. It is well-known that Xen VPS instances can run their own isolated kernels, but this more advanced hypervisor confers other benefits as well. A Xen VPS is guaranteed its resource allocations in such a way that it is impossible for neighboring VEs to “steal” them, which means that Xen environments are far more reliably stable than OpenVZ environments.


Resource Over-commitment (Overselling)

A side-effect of these virtualization techniques is that Xen host servers cannot be oversold, while OpenVZ host servers are frequently oversold (in fact, this is why OpenVZ hosting is typically less expensive than Xen). Overselling is the practice of over-committing the host server’s resources in such a way that the server could not actually sustain itself if each VE requested 100% of the resources it is “guaranteed.” Since Xen dedicates resources to each VE which are then no longer available to the host system or any neighboring VEs, it is not possible to over-commit a Xen host’s resources.


Security & Stability

For the same reasons mentioned above — namely, that OpenVZ containers take their resources freely from a “pool,” while Xen containers have their own dedicated resources — OpenVZ is also prone to flaws impacting system security and stability.

Since OpenVZ virtualizes at the OS level, all hosted VEs essentially share the same host-level kernel. Because of this, a kernel exception caused by one container can crash the entire host server, affecting all other co-hosted VEs. Similarly, OpenVZ hosts use a single iptables and single network interface to mediate incoming/outgoing connections, as well. The results are easy to imagine: if one VE pushes too hard (even accidentally), the others will suffer.

Each Xen environment is “locked in” to its container, which makes it comparatively impossible to abuse the host system in a way that would affect neighboring VEs. For this reason, Xen VPS are considered far more reliable and secure, and can be likened more to dedicated servers in terms of their structure and features.


With all of this in mind, it becomes clear why OpenVZ is often said to be faster than Xen, and sometimes even appears that way in benchmarks — the benchmarks compare [b]empty OpenVZ systems to empty Xen systems, as would be typical in an objective, testing environment.

In a real web hosting environment, however, host servers will be bustling with activity by the time you get there, which makes a Xen VPS is a much better guarantee to have — it means having the peace of mind knowing that the resources you need will be there when you need them.

Although it is true that OpenVZ is marginally “faster” due to the hypervisor’s decreased resource overhead, this difference is not tangible in actual usage, and will manifest only as a slightly smaller amount of available RAM on freshly installed Xen VEs.

So, here is the final answer:

In Theory, OpenVZ provides a faster virtualized environment due to the fact that the VE is directly supported by the host system, and therefore uses less of its own resources to maintain its OS.

In Practice, Xen reliably outperforms OpenVZ, especially among budget-oriented web hosts where practices like resource over-commitment are common.


This article is also available in the VPS6.NET Knowledgebase: https://vps6.net/my/knowledgebase/69/OpenVZ-or-Xen-VPS—Which-is-faster-and-which-is-better.html