1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best practice for securely hosting multiple websites?

Discussion in 'Server Configuration and Hosting' started by Joe Link, Jul 8, 2015.

  1. Joe Link

    Joe Link Well-Known Member

    We have one large site, and many smaller ones with little traffic. All are currently hosted on a dedicated system which is complete overkill. My goal is to reduce our costs while maintaining or improving security. My extensive research into various options has me over thinking the switch, and quite nervous about leaving the excellent support of Liquid Web. I've narrowed my choices for independent server management, and I believe I'll be going with Linode for hosting.

    Basically I'm not sure if I should put all of the sites on the same Linode node, possibly using VM's or CloudLinux to separate them, or if I should separate the sites into separate nodes (giving the large site it's own). Using the same Linode would be cheaper, as I'd only need one license for cPanel and LiteSpeed (if I don't switch to NGINX). My main concern here is security, I don't want the compromise of one site to leave the others vulnerable (within reason). If I get separate nodes it'll double my licensing and management costs, but it might be worth it.

    So, what do you guys do?

    Right now I'm paying $401/month for this, including the LiteSpeed and CloudLinux licenses, and it's simply overkill for what I'm doing. I haven't done anything to optimize the installation, and I don't believe the load has ever been above .35 o_O

  2. Solidus

    Solidus Well-Known Member

    You run run every site in its own chrooted directory, just like a web host would do. For example,

    site1.com owned by user1:user1
    site2.net owned by user2:user2

    Neither one can access anything below their respective public_html.
    That's overkill though, imo. I've ran all my sites under the same user for years and rely on 1: software being patched quickly and 2: my own security setup (firewall and etc).
  3. Mike Edge

    Mike Edge Formerly Da Bookie Mon

    We run several few million post clients on the same server and over 150 communities across all our servers. All via shared hosting and in the 2 years we been in business, no one has ever been hacked.
    Motobaka likes this.
  4. Joe Link

    Joe Link Well-Known Member

    There is a very good possibility I'm being paranoid here o_O
    Mike Edge likes this.
  5. Solidus

    Solidus Well-Known Member

    Mhmm. :)
  6. accyroy

    accyroy Member

    I was in the exact same situation a year or so ago... The large site is now on it's own VPS. The other much smaller sites get experimented on a bit more and I feel a lot more confident on that server knowing it cannot take out the main site if I or someone else does something wrong. You shouldn't need a cPanel license on the server with just the one site.
    I'd definitely go the multi node route if I where to make that decision again today.
  7. Tracy Perry

    Tracy Perry Well-Known Member

    No, they ARE out to get you! :p
  8. RoldanLT

    RoldanLT Well-Known Member

    SneakyDave likes this.
  9. Tracy Perry

    Tracy Perry Well-Known Member

    Why not grab SolusVM or ProxMox and - if the server is large enough - just roll out VPS's for each site. Set them up with KVM VPS type and they should be pretty insulated from each other.
  10. Joe Link

    Joe Link Well-Known Member

    I really appreciate everyone's replies so far!

    Good to hear, thanks for the feedback @accyroy.

    These two replies pretty much sum up my dilemma. I could provision a larger node that would handle everything and setup my own KVM. If I'm thinking about this correctly it'd be similar to having separate nodes, with the exception of whatever the host has done to further harden the hypervisor (something I know nothing about).

    This is also an option. The reason I was thinking of cPanel is because I'm familiar with it, so I wouldn't have to bother whoever I have doing the admin work as often. It does seem like a waste for only one site though. Another factor is that I usually have @MattW do my server work. When I told him I was considering not going with cPanel he said that would be fine, so long as I didn't need email (which I do, currently dovecot/exim). I really don't think I need LiteSpeed, it's just (again) what I'm familiar with.

    MattW likes this.
  11. RoldanLT

    RoldanLT Well-Known Member

    For email server, you can have a separate VPS with: Mail-in-a-Box
  12. Joe Link

    Joe Link Well-Known Member

    I think it'd be worth the $15/month to not have to setup another box :D
    MattW likes this.
  13. Puntocom

    Puntocom Well-Known Member

    If you want security run independent servers and OpenBSD. I have saved ~50% billing after some tweaking getting much better performance. OpenBSD rocks! it also has LibreSSL and very good secyrity features enabled by default.

    OpenBSD Security

    Install only the mininum neccesary software.
    Last edited: Jul 11, 2015

Share This Page