Browsed by
Month: November 2014

Making the Dreamhost Nginx Install More Standard

Making the Dreamhost Nginx Install More Standard

Dreamhost maintains a custom Nginx package that is installed on all of its VPS servers.  The package contains a number of modifications that make it easier for Dreamhost to configure Nginx from a central location.  In addition, the Dreamhost package contains a significantly more recent version of Nginx (1.4 at the moment) compared to what is available in Ubuntu 12 LTS (1.1.4 at the moment).

You can easily modify the Dreamhost configuration files to make Nginx act more like a standard Nginx install.

Find the following line in the /dh/nginx/servers/<<server>>/nginx.conf

include /dh/nginx/etc/config.d/*;

Replace it with the following:

include /etc/nginx/config.d/*;
include /etc/nginx/sites-enabled/*;

You can then create a /etc/nginx/sites-available and /etc/nginx/sites-enabled directories.  Place your vhosts file in the sites-available directory and symlink them to sites-enabled when you want to turn them on.

For reference, this is Dreamhosts default vhost file:

# Vhosts:
 
server {
 listen &lt;&lt;server_ip&gt;&gt;:80;
 
 server_name &lt;&lt;domains_to_host&gt;&gt;;
 
 access_log /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/access.log combined;
 error_log /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/error.log error;
 
 root /home/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;;
 
 # Mitigation for CVE-2013-4547
 if ($request_uri ~ " ") {
 return 444;
 }
 
 index index.html index.htm index.php index.php5;
 include /home/&lt;&lt;username&gt;&gt;/nginx/&lt;&lt;domain&gt;&gt;/*;
 
 # No mirrors - using strict redirects
 if ($http_host != &lt;&lt;domain&gt;&gt;) {
 rewrite ^(.*)$ http://&lt;&lt;domain&gt;&gt;$1 permanent;
 }
 
 autoindex on;
 
 # Disallow access to config / VCS data
 location ~* /\.(ht|svn) {
 deny all;
 }
 
 # Statistics
 location /stats/ {
 alias /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/html/;
 auth_basic "Statistics Area";
 auth_basic_user_file /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/html/.htpa$
 }
 
 location /doc/analog/ {
 alias /usr/share/analog/;
 }
 
 # PHPMyAdmin
 rewrite ^/dh_phpmyadmin/([^/]*)/(.*)$ /dh_phpmyadmin/$2;
 
 location /dh_phpmyadmin/ {
 alias /dh/web/phpmyadmin/;
 }
 
 location ~ /dh_phpmyadmin/(.+)\.php {
 alias /dh/web/phpmyadmin/;
 fastcgi_param SERVER_PORT 80;
 fastcgi_split_path_info ^(.+\.php)(/.*)$;
 include /dh/nginx/etc/fastcgi_params;
 set $relpath "index.php";
 if ($uri ~ ^/dh_phpmyadmin/(.+)$) {
 set $relpath $1;
 }
 fastcgi_param SCRIPT_FILENAME /dh/web/phpmyadmin/$relpath;
 fastcgi_pass unix:/home/&lt;&lt;username&gt;&gt;/.php.sock;
 }
 
 # PHP
 location ~* \.(php|php5|php4)($|/) {
 fastcgi_param SERVER_PORT 80;
 fastcgi_split_path_info ^(.+\.(?:php|php5|php4))(/.*)$;
 if (!-e $document_root$fastcgi_script_name) {
 return 404;
 }
 include /dh/nginx/etc/fastcgi_params;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_pass unix:/home/&lt;&lt;username&gt;&gt;/.php.sock;
 #pragma php_launch &lt;&lt;username&gt;&gt;
 }
 
}

 Starting PHP FastCGI

Dreamhost uses a custom script to instantiate the PHP-Fastcgi instances for each user.  If you do the above customizations, the Dreamhost method will no longer work.

To overcome this, you will need to install spawn-fcgi and follow the instructions here:

https://www.linode.com/docs/websites/nginx/nginx-and-phpfastcgi-on-ubuntu-12-04-lts-precise-pangolin

You will need to coordinate the PHP user and the Nginx web user so that they can read each other’s files.  Personally, I only want a single web server user www-data.  You will need to adjust the Nginx.conf accordingly.

Disable Dreamhost Panel Management on VPS

Disable Dreamhost Panel Management on VPS

A Dreamhost VPS is nearly indistinguishable from a dedicated server.  Dreamhost allows users full root access to the VPS servers, so you are free to manage them as you see fit.

However, certain configuration files related to users, and web servers, are completely overwritten whenever a Panel change is made.  Plus, there may be other instances in which Dreamhost will overwrite your changes.  As a result, if you want to manage these features on your server, you need to exclude Dreamhost from managing them.

Danger Lies Beyond This Point

It is self evident, but if you elect to exclude Dreamhost from managing your server, you are responsible for making sure things don’t break.

Get Root Access

To get root access find the following section in the panel:ssh menu

 

and add a new key.

Details on how to make or use SSH Keys are well covered on the internet.  If you don’t already know how to work with SSH Keys, you may want to consider if you are really prepared to handle the management of your server.

Once the SSH Key has been installed, log in as root to your VPS.  Once there run the following command:

mv /root/.ssh/authorized_keys2 /root/.ssh/authorized_keys2.disabled

Dreamhost will no longer be able to access your server.  You can still use the Dreamhost Panel to adjust the memory and disk space allotments for your VPS.  However, adding domains, user, one-click installs, and all other related items will no longer work.

Dreamhost VPS Disable Jabber

Dreamhost VPS Disable Jabber

Even with Jabber disabled in the VPS configuation, you will still see jabber processes running on your VPS.  They eat up about 30 MB of RAM, but very little processing power.

You can easily disable them by running the following either as root or through sudo:

/etc/init.d/ejabberd stop;
update-rc.d -f ejabberd remove;
Dreamhost Triples the Memory on VPS

Dreamhost Triples the Memory on VPS

So I missed the announcement somewhere, but somewhere in the past few days, Dreamhost significantly upgraded their VPS offering.  Previously you got 300 MB of RAM and unlimited disk space for $15/month.

A few Trade-offs

Now Dreamhost is advertising 1GB of RAM but only 30GB of storage.  It looks like they are continuing to move away from their “unlimited everything” from their younger days. Personally, I am will to sacrifice the unlimited storage as I am currently using about 3GB of storage.  The new machines also use Ubuntu 12, but that was a change almost a year ago.  This is a bigupgrade from my Debian 5 VPS.

You will lose your usernames

A bigger downside is that it looks like you will need to create a new VPS instance and move all of your stuff over and then delete your old instance.  The real bummer of this, is that Dreamhost doesn’t allow usernames to be reused again, EVER.    So you can’t move your username and you can’t delete and recreate them on the new machine.  (I do have a hack to get around this, but more on that another day)

A Long History

The other sad part is that I will be losing my comparatively low VPS number.  My original VPS had a 10,000 number, the new one is in the 380,000 range.

http://www.dreamhost.com/dreamscape/2014/11/13/managed-vps-now-all-ssd-and-more-awesome/