When you visit from web hosting provider website you will probably notice that almost everyone of them is promoting and talking about “CloudLinux”, it’s all over the place and it is related to security, stability and performance. On this guide we will show you what is CloudLinux, its main features and how to install most of its core components on your cPanel shared hosting server.
CloudLinux is one of the most popular technologies for web hosting and specially for shared servers. Created by Igor Seletsky and backed up by the CloudLinux Team, CloudLinux provides a secure and stable hosting environment allowing sysadmins and web hosting companies to work on a secure environments, knowing their users are safe and controlled inside the jailed cage they create for each one.
CloudLinux is an operating system, and the leading platform to improve server security, stability and performance. It works by isolating each user with certain amount of pre-allocated server resources.
This leads to a stable web hosting platform, with almost zero downtime, huge security between cPanel acccounts, and incredible performance. CloudLinux OS helps you to reduce operation costs, technical support tickets and increases profitability of your company.
What is CloudLinux exactly?
We said that it is an operating system. But in fact, it is a group of kernel tweakings that after applied to the Linux distribution, allow Sysadmins and DevOps to better control their server resources and network usage.
This is done by virtualizing / caging each user inside their own virtual enviroment, this is called LVE (LightWeight Virtual Environment). Each LVE inside the shared hosting server have their own pre-defined amount of system resources to use. Altough, you can also set this to unlimited for all users.
The problem with traditional shared hosting environments
Shared hosting servers often host hundred of websites, each one with their own files, emails, databases. Most of them are hosting CMS applications that are vulnerable to attacks (like outdated WordPress, Joomla, Drupal installations).
In a normal shared hosting environment, no limits are set for the shared hosting accounts, and in case something gets screwed up on a website, it can start using a huge amount of resources of the entire server, this causes slow speeds for the rest of the websites, all users get affected because one single account problems.
In traditional hosting servers, you can not set real limits for system resources like CPU, I/O, network and RAM memory for example. And when problems are in front of you, finding the cause of the high load average between hundred of users can take some time if your system administration skills are not the best ones.
How can CloudLinux help shared hosting providers?
After setting your system resource usage limits, all your users are 100% isolated from each other. This means that if a particular user account gets a large DOS / flood (or even legitimate traffic) and it starts using tons of RAM, I/O and CPU, CloudLinux limits will prevent your server from going down due to high load average.
CL controls the stability of your server by isolating this attacked user for example. In this case, the only one affected will be this user in particular, and not the entire server, as it happens on unlimited shared hosting servers that do not establish any limits on the system resources.
As you see, Cloud Linux uses limits to protect system users against abusers, attackers and poorly written scripts.
CloudLinux provides a few interesting modules that you can install into your server:
CageFS is a virtualized technology that isolates each user into its own file system, this helps to prevent users from seeing each other, and see their information. CageFS can help to prevent a really big number of attacks, including information disclosure attacks, cross server defacing, and privilege escalation attacks.
CageFS is 100% compatible with cPanel, and totally transparent to the end customers, who will not notice any difference between a normal CentOS – cPanel server, and one powered by CloudLinux.
Check out our full guide on how to Install CageFS on CloudLinux.
SecureLinks is a kernel-level based solution that helps to prevent the famous symlink attack. Symbolic link attacks are one of the worst nighmares of server administrators, and even there are a few popular solutions, CloudLinux SecureLinks technology is one of the best to patch this vulnerability.
This is a built-in core protection that will prevent attackers from creating symbolic link files for alter try to read PHP user config files, infect other accounts with malware, etc.
LVE Manager is the one in charge of controlling your server resource usage, it can help you to keep your server stable at all times by giving you full control over RAM memory, IO usage, CPU, system processes, network usage and concurrent users.
LVE comes enabled by default on most CL installations, but if not, you can install it by running.
yum install lvemanager
MySQL is often one of the main causes of high load average on shared hosting enviroments. Poorly written scripts can launch massive slow SQL queries against your MySQL server, and even if you have low timeouts set, this can become a real performance issue for your server.
MySQL Governor helps to monitor and terminate those never ending SQL queries who take forever to execute, this prevents high load average, downtime and helps to improve server stability and performance.
We’ve written a cool quick guide on how to install MYSQL Governor, check it out.
HardenedPHP is one of the best things CL uses to provide support for old / deprecated PHP versions.
Old PHP versions are deprecated, and they don’t receive any new security updates from the PHP.net developers. However, not everybody can update their old PHP scripts in time.
CloudLinux fixes this by using HardenedPHP, they take old unused PHP versions and patch them against all the vulnerabilities. HardenedPHP takes care of all this, you can still run your old PHP scripts and sleep safe, you are protected by Hardened PHP.
PHP Selector is one the coolest things about using CloudLinux. It allows end users to select the specific version of PHP they need. php selector will bring you popular old-unused PHP versions, along with the latest PHP releases.
You can select between PHP 4.4, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, and PHP 7.0. But this isn’t all, you can also enable/disable per-user basis more than 120 popular PHP extensions, and also configure custom php.ini settings for each user.
Check out our full guide on how to install PHP Selector.
Same as happens with PHP Selector, Ruby selectors allows you to select the custom version of Ruby that your projects require.
The Ruby Selector allows cPanel end users to choose between Ruby versions, and also let them install additional gems (ruby modules) into their app enviroment.
With Ruby selector you will be able to:
- Use Ruby versions: 1.8, 1.9, 2.0, and 2.1
- Per user ruby gems installations.
CloudLinux’s Python Selector allows you to choose the Python version you need for your development and production applications. Python Selector uses mod_passenger to bring you full speed / performance for your Python based apps.
Python selector offers the following versions to choose from:
- alt-python27 2.7.9, supported by CloudLinux 5, CloudLinux 6, CloudLinux 7
- alt-python33 3.3.2, supported by CloudLinux 6, CloudLinux 7
- alt-python34 3.4.1, supported by CloudLinux 6, CloudLinux 7
We’ve written a full guide on how to install Python and Ruby selectors, check it out.
Joomla, Magento, WordPress, Drupal, Prestashop… this are probably the most popular one click apps that are hosted inside shared hosting servers.
Imagine you have 100 wordpress, 30 drupal, 25 prestashop and 15 magento installations. Each one of them inside a single server, accessed thousand of times a week by visitors.
On a typical server, each user that visits your website will cause your PHP to execute all the applications files from each app. This is the way it works on normal servers that do not use OptimumCache.
Because WordPress is a generic type of application, those 100 WordPress installation share the same PHP files. There is no sense on loading all of them each time a user makes a visit into each website. Instead of that, OptimumCache caches this duplicate files into its own disk. This prevents multiple-duplicated PHP loadings, making your PHP response super fast, as all the duplicate files will be served from the OptimumCache memory cache.
Reduce IO, increase speed, decrease memory usage and improve overall server stability. This is what OptimumCache does for your CL server.
If you want to install this cool cache system, you can read our guide: Install OptimumCache on CloudLinux OS.
Mod_lsapi is an alternative way to serve PHP pages fast. It is a drop in replacement for the common SuPHP, FCGID, RUID2, and ITK PHP-handlers. According to its authors, it has really low memory footprint and is 100% fully compatible with .htaccess directives.
It is also more stable than php-fpm and mod_fcgid, offers compatibility with MPM worker and Event, does not require any additional performance tunning, and it is compatible with cPanel and PHP Selector.
If you are thinking about improving your server php performance, then you should give mod_lsapi a try. Check out our full guide on how to install Mod_lsapi on CloudLinux
As you see, CloudLinux provides a really robust solution for shared hosting enviroments, or dedicated servers with lot of accounts inside. It includes a very large number of solutions, for both OS and app performance / security.
And the best thing is that is 100% compatible with cPanel, in fact it is backed up and recommended by cPanel officially.
After installing CL and all its components, your web hosting servers will become more stable, secure and fast, reducing costs and support tickets.
CloudLinux is not free, but it really worths it, as it will prevent you from downtime, high load averages, and this will result into happy customers.
Wow excellent article! Better than CloudLinux’s description!