Server security and hardening are the important aspects of any server. In this article let’s explore how to harden a webserver with Cpanel installed and Apache running on it. A web server is a well-versed computer and users save their website files and its databases on it. The server is always connected to high-speed internet facility, so that if someone requests for a webpage, the web server will receive the request and serve it.
Our server has the following
- PHP
- MySQL
- Apache
- and Linux Operating system installed(centos 6.9)
Apache Tweaking
The default Apache configuration of apache in a cPanel server is /usr/local/apache/conf/httpd.conf, we can optimize apache by editing the values in the above-mentioned file.
Mentioned below are the directives which we are going to tweak.
- Timeout
- KeepAlive
- MaxKeepAliveRequests
- KeepAliveTimeout
- MinSpareServers
- MaxSpareServers
- StartServers
- MaxClients
- MaxRequestsPerChild
All the values will differ for each server according to the server resources such as RAM, processor core, hardware(physical or virtual server )
Timeout
Timeout values define how long PHP scripts should run while a webpage is opened and by default. The default the value is 300. If we lower the timeout value, it results in the unexpected termination of a long script.
KeepAlive
The value in normal server falls between 4 to 32gb of RAM. If you possess high-end server, this directive can be turned off.
KeepAlive off
MaxKeepAliveRequests
This value defines how many connections allowed in a persistent connection. If the value is set 0, the unlimited connection is permitted.
KeepAliveTimeout
This value defines how many seconds the apache should wait for a new connection request before closing the persistent connection.
If your server has load issues, make this value as low as possible, else it will be end with idle processes or increased client waiting time. The ideal value should be 5 or less than 5.
MinSpareServers
This directive defines the minimum number of idle(not active ) child processes at a time, if the value is lesser, Apache will create new child processes.
MaxSpareServers
This value is same as MinSpareServers except for the maximum number of idle child processes which are allowed. If there are more child processes, then Apache will kill the idle ones to create new child processes.
We can set this value as double as MinSpareServers.
StartServers
StartServers defines how many child processes should be created on apache startup. This value can be set to the same as MinSpareServers.
Mysql optimization
Optimizing MySQL purely depends on the RAM left for MySQL and the processor value on a server. Mysql is a powerful database and all cPanel server is using MySQL as the DB server.
Mysql Engines
Mysql storage engines are defined by how the MySQL operations(create, edit tables and how its access the memory)
1. InnoDB
2.MyISAM
InnoDB is much faster as it saves data and table index on a buffer pool space and MyISAM is the default engine for all versions before 5.3.
mysql> SHOW ENGINES;
| Engine | Support | Comment | Transactions | XA | Savepoints |
+————+———+—————————————————————-+————–+——+————+
| InnoDB | YES | Supports transactions, row-level locking, and foreign keys | YES | YES | YES |
| MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO |
| BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO |
| CSV | YES | CSV storage engine | NO | NO | NO |
| MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO |
| FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL |
| ARCHIVE | YES | Archive storage engine | NO | NO | NO |
| MyISAM | DEFAULT | Default engine as of MySQL 3.23 with great performance | NO | NO | NO |
The default MySQL configuration file : /etc/my.cnf
We can adjust the values in this file to optimize MySQL.
max_connections
This directive defines the max number of concurrent connections in MySQL. It shows the maximum amount of users making requests concurrently.
max_allowed_packet
This value is the maximum size of the packet that can be sent to the users. A packet is a single SQL state, a single row being sent to a client, or a log is sent from a master to a slave, we need to set this value according to how high our MySQL server is sending packets, if need large value, we can set it accordingly.
innodb_buffer_pool_size
As we mentioned above, InnoDB is using a bugger pool space to store the cache of data and table structure. InnoDB will access the information from disk once and store the information as cache, so it needs less CPU but a higher memory.
Typical values are 5-6GB (8GB RAM), 20-25GB (32GB RAM), 100-120GB (128GB RAM).
innodb_file_per_table
This directive has 2 values
1. innodb_file_per_table = OFF
2. innodb_file_per_table= ON
This directive defines whether InnoDB stores the data and table structure on a shared tablespace or a separate tablespace is required, ie a separate .ibd file for each table in the MySQL DB. Although it does not give any performance benefits, it would be better if enabled when you have a large number of tables in DB.
query_cache_size
If we enable query cache in MySQL configuration, the same or subsequent query will be delivered by cache or not by executing it. It is a good practice if the sites have a large number of visitors.
query_cache_type = 1 —> It will cache all queries
SQL_NO_CACHE —-> No caching
query_cache_type = 2 —-> This directive is defined as MySQL will only cache if queries that specifically asked for it.
ServerAdminz is a server support company specialized in Outsourced 24/7 Web Hosting Support, Remote Infrastructure Management, NOC, Cloud and Enterprise Security Services. With over 10+ of years of experience in working with major Data Centers and ISPs with 130+ experienced technicians, we continue to manage more than 49,000 servers from 85+ countries and has bagged 5 international awards.
If you have any queries on how to harden a cPanel installed apache web server feel free to leave us a message and our representative will get back to you.[two_third last=”yes” spacing=”yes” center_content=”no” hide_on_mobile=”no” background_color=”” background_image=”” background_repeat=”no-repeat” background_position=”left top” border_position=”all” border_size=”0px” border_color=”” border_style=”” padding=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”” animation_speed=”0.1″ class=”” id=””]
Leave A Comment
You must be logged in to post a comment.