ubuntu server

The Server Edition – built on the solid foundation of Debian which is known for its robust server installations — has a strong heritage for reliable performance and predictable evolution.

Ubuntu Server edition was chosen over Debian due in large part to it’s incredibly stable update cycle; full system upgrades every six months. During the six month release cycle minor updates are provided as often as necessary to apply the latest bug fixes and security patches. This steady, predictable update cycle allows you to develop equally predictable methods for testing and deploying updates.

In addition to the real server a “virtual”¹ staging server, also running Ubuntu Server, though generally the bleeding edge version of all software, is maintained locally where system upgrades, new software or different configurations can be tested without risk to the live server. Using a staging server like this let’s you ensure that your setup is ready for the future and if not it gives time to prepare and test fixes well in advance of the update to the real server.

openssh

OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Utilizing OpenSSH, via public/private key authentication, for all communications you effectively eliminate the risk of anyone gaining unauthorized access to you server. Of course, you still need to have a strong password protecting your keys. With good passwords protecting access to your keys someone could gain physical access to your computer and still be denied access to your server.

While it might require slightly more effort up front, removing user account passwords from the equation is one of the most important aspects of keeping your server safe and secure.

monit

monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

Monit is nearly invaluable in maintaining a stable server setup. By allowing you to regularly check the condition of any file or process you can keep a close watch on your server without actually having to watch. Often it’s easiest to understand something by looking at a real world example.

So you have your site online and it’s humming along nicely, then one day some kid in Nebraska decides to stage a denial of service attack on your server. Typically, the attack will continue until the server is brought to a grinding halt.

However, through the use of monit you can spoil the attackers fun, automatically. Let’s have a look at the same scenario but with monit running this time.

So the kid from Nebraska’s attack will start, monit will recognize the misbehavior and kill off the process being attacked, then start it fresh and send you an email letting you know what action it had to take on which process. Then, if the attack continues the process will be restarted again and again until it reaches a pre-determined threshold for how often it will allow a process to be restarted in a specific time period (sending a new email after each restart). Once that threshold has been reached monit will permanently stop the process and send another email, thus ending the attack. At which point you'll have sufficient information on the cause and culprit of the attack to take proper action to ensure that it won’t happen again when you restart the process.

mongrel

Mongrel is a fast HTTP library and server for Ruby that is intended for hosting Ruby web applications of any kind using plain HTTP rather than FastCGI or SCGI.

Mongrel has become the back-end server of choice for Ruby on Rails web applications due to it’s performance and versatility. For our web application, Radiant CMS, it makes a great back-end for processing dynamic Rails requests.

Since we're not using Mongrel as a standalone server and we'd really like to have really fast Rails requests we use a cluster of Mongrels instead. The clustered Mongrels provide the same benefits as the standalone version but with the added ability to rapidly scale to more or less Mongrels as you need; adding or removing any number of Mongrels from a cluster takes less than five minutes.

nginx

Nginx (“engine x”) is a high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.

Nginx is rapidly gaining popularity as an alternate front-end web server; particularly as front-end proxy for a Mongrel cluster. Nginx is both lightweight, less than 10MB under average load, and powerful enough to completely eliminate the need for Apache in all but the most specialized cases.

As a front-end for Radiant CMS it handles all incoming requests, then depending on the type of request decides what to do next. If the request is for a static asset, such as an image, then nginx serves the file directly and sets a far future expiration date for the file; or if it’s a dynamic Rails request it hands it off to the Mongrel cluster which proceeds to process the request; this way we also get to inherit Radiant’s extremely good dynamic page caching mechanism. The result is a server that blazes through both static and dynamic requests while leaving plenty of resources free for when they're really needed.

radiant cms

Radiant is a no-fluff, open source content management system designed for small teams. Features include: an elegant user interface, flexible templating, extension/plugin system and simple user management.

Choosing a content management system (CMS)² was certainly the most difficult part of the software choices. There are, at most, roughly a dozen products competing with each of the other software components; there are a thousand and one competing CMSs. I doubt I really tested more than a handful of options, although I did give dozens of less obvious open source CMSs the initial impression test via Open Source CMS and I gave the obvious choices the install and setup a basic site test; these included Drupal, Expression Engine, Joomla!, Movable Type, TextPattern and Typo.

Most of them failed at first site, and mostly from an administration area that was overwhelming and/or intimidatingly complex. For something like a content management system you want as low a learning curve as possible, otherwise a new user will spend countless wasted hours just trying out how the thing works.

And then there was Radiant, you login, click the green + button and you have your first page online (how’s that for learning curve?). The administrative interface is by far the best/most streamlined I encountered in any CMS, yet hidden just below all that simplicity is immense potential for modification. It’s the perfect blend of “here it is, use as is” and “here it is, modify it.” If you want you can install, login and start clicking the green button and never look beyond that one page in the administration interface or you can alter the interface in nearly any conceivable fashion to meet almost any requirement.

For an overview of the hardware used in the servers please refer to Part 1 of this entry; for a run through of the process to make this all work together refer to How to setup an Ubuntu 7.10 server