On a Windows 2008 Server in IIS 7.5 we have about 60 websites.
A majority of those sites only have a couple of bindings...
example1.com
www.example1.com
But we have one website that has nearer 160 bindings for various domains.
In the past couple days all our sites have started to run slower; however when we turn off the site with the silly amount of bindings everything runs as normal.
How would that number of bindings affect the speed of the overall server? Is there a way we can limit the server resources that site may be using?
Related
I have a medium sized website called algebra.com. As of today, it is ranked 900th website in US in Quantcast ratings.
At the peak of its usage, during weekday evenings, it serves over 120-150 queries for objects per second. Almost all objects, INCLUDING IMAGES, are dynamically generated.
It has 7.5 million page views per month.
It is server by Apache2 on Ubuntu and is supplemented by Perlbal reverse proxy, which helps reduce the number of apache slots/child processes in use.
I spent an inordinate amount of time working on performance for HTTP and the result is a fairly well functioning website.
Now that the times call for transition to HTTPS (fully justified here, as I have logons and registered users), I want to make sure that I do not end up with a disaster.
I am afraid, however, that I may end up with a performance nightmare, as HTTPS sessions last longer and I am not sure whether a reverse proxy can help as much as it did with HTTP.
Secondly, I want to make sure that I will have enough CPU capacity to handle HTTPS traffic.
Again, this is not a small website with a few hits per second, we are talking 100+ hits per second.
Additionally, I run multiple sites on one server.
For example, can I have a reverse proxy, that supports several virtual domains on one IP (SNI), and translates HTTPS traffic into HTTP, so that I do not have to encrypt twice (once by apache for the proxy, and once by the proxy for the client browser)?
What is the "best practices approach" to have multiple websites, some large, served by a mix of HTTP and HTTPS?
Maybe I can continue running perlbal on port 80, and run nginx on port 443? Can nginx be configured as a reverse proxy for multiple HTTPS sites?
You really need to load test this, and no one can give a definitive answer other than that.
I would offer the following pieces of advice though:
First up Stack overflow is really for programming questions. This question probably belongs on the sister site www.serverfault.com.
Https processing is, IMHO, not an issue for modern hardware unless you are encrypting large volumes of traffic (e.g. video streaming). Especially with proper caching and other performance tuning that I presume you've already done from what you say in your question. However not dealt with a site of your traffic so it could become an issue there.
There will be a small hit to clients as the negotiate the https session on initial connection. This is in the order of a few hundred milliseconds, will only happen on initial connection for each session, is unlikely to be noticed by most people, but it is there.
There are several things you can do to optimise https including choosing fast ciphers, implementing session resumption (two methods for this - and this can get complicated on load balanced sites). Ssllabs runs an excellent https tester to check your set up, Mozilla has some great documentation and advice, or you could check out my own blog post on this.
As to whether you terminate https at your end point (proxy/load balanced) that's very much up to you. Yes there will be a performance hit if you re-encrypt to https again to connect to your actual server. Most proxy servers also allow you to just pass through the https traffic to your main server so you only decrypt once but then you lose the original IP address from your webserver logs which can be useful. It also depends on if you access your web server directly at all? For example at my company we don't go through the load balanced for internal traffic so we do enable https on the web server as well and make the LoadBalancer re-encrypt to connect to that so we can view the site over https.
Other things to be aware of:
You could see an SEO hit during migration. Make sure you redirect all traffic, tell Google Search Console your preferred site (http or https), update your sitemap and all links (or make them relative).
You need to be aware of insecure content issues. All resources (e.g. css, javascript and images) need to be served over https or you will get browsers warnings and refuse to use those resources. HSTS can help with links on your own domain for those browsers that support HSTS, and CSP can also help (either to report on them or to automatically upgrade them - for browsers that support upgrade insecure requests).
Moving to https-only does take a bit of effort but it's once off and after that it makes your site so much easier to manage than trying to maintain two versions of same site. The web is moving to https more and more - and if you have (or are planning to have) logged in areas then you have no choice as you should 100% not use http for this. Google gives a slight ranking boost to https sites (though it's apparently quite small so shouldn't be your main reason to move), and have even talked about actively showing http sites as insecure. Better to be ahead of the curve IMHO and make the move now.
Hope that's useful.
Title pretty much explains it. I've been told this is a bad idea before by a buddy, are they correct? It's one dedicated server with multiple domain names forwarding to different sites on said server. Is this something I should avoid doing, or are there going to be major security concerns?
It not inherently a bad idea but there are things to take into consideration.
How powerful is your server?
How much traffic do expect to serve?
Will your site be resource intensive?
If you have a minimal server hosting sites where you expect a large amount of traffic, then you may not want to host multiple sites on a single server, but if you have a decently powered server and expect a moderate amount of traffic; hosting multiple sites should be fine.
If you site is going be running resource intensive processes you should certainly consider the power of your server.
Apache is actually designed to host multiple sites using virtual hosts. Here's some guides on setting up virtual hosts on Apache.
http://httpd.apache.org/docs/2.2/vhosts/examples.html
http://www.rackspace.com/knowledge_center/article/how-to-serve-multiple-domains-using-virtual-hosts
I've run single server configurations that host approximate 20 sites without issue. If you're concerned with server scalability, a better option is two identical servers behind a load balancer so you can simply add additional servers to handle increases in traffic.
For well over a year and a half I have been running Apache (using HTTPD, naturally) through WAMP without issue, or at least no issues like this. On this system, we host around 8 or so different web sites and a few applications that use the MySQL database.
Recently I had a full system crash and when I rebuilt the system on the same operating system with the same versions of Apache, MySQL, and PHP and near-identical configuration files.
The issue I am having is this: On startup our web services initially seem to work fine, and this can hold over for an hour or so, sometimes less, sometimes more. However after some period of time, all web sites suddenly become entirely unavailable, to include the localhost landing on the web server itself or any local browsing for that matter. Apache identifies as still running, remains listening on port 80, and has no abnormal access or error logs (to include in debug mode).
I've gone over this quite a few times, reinstalled WAMP and have interchanged different versions of Apache. Additionally I've vetted the configuration files compared to the old system and have ensured that the modules, extensions, and so on are the same as our previous version.
I would really appreciate any insight as I continue to rack my head over what might be causing this erroneous issue.
--
Some additional details and notes that might prove insightful.
I've ensured the firewall isn't an issue, plus that wouldn't explain the sudden downtime or downtime at the localhost.
A restart of just the Apache service tends to fix the issue, but only for a little while.
Because we host multiple web sites, we do use virtual hosts. They work fine when the system is up and I don't believe they are of issue.
The issue tends to result in indefinite "Waiting for host (site.com, localhost, etc.)".
When I reset Apache during that indefinite error, it then errors out with "The connection to site.com was interrupted.", so something is still running.
During these downtimes, httpd -d DUMP_VHOSTS is able to return the active virtual hosts.
Using ab -n 1000 site.com when the site is 'down', the following result occurs:
Benchmarking site.com (be patient)
Completed 100 requests
Completed 200 requests
apr_pollset_poll: The timeout specified has expired (70007)
Total of 216 requests completed
Add this into httpd.conf
EnableMMAP off
EnableSendfile off
AcceptFilter http none
AcceptFilter https none
This will disable Apache from using some of the more advanced functions for networking that the OS provides.
These functions can get broken with 3rd-party software installs.
Sometimes reinstalling TCP/IP (winsock) can remove the 3rd-party filters/drivers attached to the network layer.
netsh winsock reset
I'm migrating a lot of websites from Resin 3 to Tomcat 7 (centos 4/apache 2.20) and I'm struggling to determine what type of configuration matches my requirements. In particular:
proxy_ajp vs mod_jk vs mod_proxy for passing requests to Tomcat/Railo
automating deployment of new sites
putting WEB-INF outside the site roots (to simplify cloning sites)
using apache itk with tomcat so each vhost runs as a different user and process
having a single shared railo server administrator config
support for SES URLs with no extension (ie: /path/to/page)
SSL support required
I've read a lot of howtos already but most are out of date or provide conflicting advice. I would like to see some examples from people who run many railo vhosts and deploy them automatically or programmatically. In general I'd prefer efficiency/speed over simplicity as I want to get the most out of limited resources.
I could have asked these questions separately but I want to be sure any answers take into account all the above factors (assuming the requirements are actually compatible).
firstly, check out the vivotech installers - they are a hosting company, so use their installers as your base, they are flawless. (it uses tomcat)
railo 3.3 makes it a lot easier to deploy contexts from admin, so scripting this shouldn't be that hard.
web-inf should be automatically put into a site when it is defined in tomcat
if you give each user a new context-root, then they will have their own admin
every webserver (apache/iis2k8/even tomcat) supports url-rewrite
everything supports ssl
you might also want to look at how you're going to tune your jvm's for this senario, then do some load testing to see how they fare.
drop an email to sean corfield, google railo and his name and you'll get his email.
I have list of websites (around 50 +) on my nearer hosting provider hosting package. recently many of the sites being said the below "note that your account has been suspended due to higher resource usage which causes load spikes in the server and lets the other sites gets down"
All these sites build with Joomla and regular PHP coding. Not sure What I have to do as per the hosting side? any thoughts.,
I think you should change your hosting provider, consult the problems with your current provider, or, if you have a lot of traffic comming to your site, change to better hosting solution