Performance and Security tweaking in CPanel
Introduction
cPanel is the most commonly used and most popular shared web hosting control panel in the market. It simplifies the tasks of system administrators. But, it can also slow down your server if it is not configured properly.
Let’s see some simple ways to improve performance your server by optimizing the use of resources.
Disable unused services
cPanel integrates many handy features and services but there are few servers that actually use all of them. Unused services can still consume a good amount of resources, so you should disable them. However, it is a good practice to disable any unnecessary services, even if they have a minimal impact. Don’t disable services if you’re not sure of their function.
Mailman:
Mailman is a feature or you can say attribute of cPanel control panel, or WHM, that allows you to create mailing lists so that you can send a large number of E-mails from your server. It uses system resources and can slow down the server if you cross the limitations
To disable mailman:
Go to WHM > Server Configuration > Tweak Settings > Disable Mailman
ClamAV:
ClamAV is an antivirus plugin available for cPanel servers. This is consuming huge resource usages on the cPanel servers
You can stop ClamAV in the WebHost Manager, in Main >> Service Configuration >> Service Manager. The service is labeled clamd ClamAV Virus Scanner.
You can completely uninstall ClamAV in Main >> cPanel >> Manage Plugins. In that area, it is labeled clamavconnector.
cPanelsolr:
It indexes all the emails received across the WHM accounts in order to improve email search services on IMAP clients such as iOS devices, Microsoft® Outlook™, SquirrelMail, Horde, Roundcube, and Mozilla™ Thunderbird. Unfortunately, this new feature has reported high usage of Memory, even on those servers that do not offer mail services, so unless this is a crucial feature that you would like to have, we strongly recommend disabling it.
To disable cpanelsolr:
Go to WHM > Server Configuration > Service Manager
Catch All:
This option can use up many resources and storage space, this feature should be disabled for spam security concerns.
Catch All handles all the emails that are not sent to an existing email account, by default they are stored in a default account that with time can get pretty big.
To disable Catch All:
Go to WHM > Server Configuration > Tweak Settings > Change to :fail:
Basic server initialization setups with best performance
Below is a list of the changes we make to each cPanel installation in order to improve security and performance for our customers:
Nameserver configuration
We configure working nameservers with accurate glue records that you can use right away. This can save countless hours from trying to get your nameservers configured correctly. If you’d prefer white-labeled or “vanity” nameservers, you can still configure and use your own custom nameservers.
CPHulkD optimizations
The default settings for CPHulkD make it very easy for the root account to get locked out, which can be very inconvenient. We reconfigure CPHulkD to lockout attacking IPs more aggressively, and lockout user accounts less aggressively. This way attackers will be blocked sooner, and legitimate users will still be able to get into their accounts.
PHP configuration
We configure PHP with FCGI and SuExec for maximum performance and security. A common mistake is to configure PHP in “DSO” mode, which has all PHP scripts on the server run with the same user privileges. DSO mode will, therefore, allow a malicious or poorly configured script full access to every user’s files and data, putting security at great risk. FCGI mode with SuExec is an essential security step to prevent these security exploits.
Apache configuration
The default apache configuration has settings that are inappropriate for modern servers with lots of ram and cpu. We optimize the apache settings for maximum clients, minimum spare clients, maximum spare clients, and keepalive timeouts to more appropriate settings. Some more information regarding keepalive timeouts on our Apache Keepalive blog post. Although no one configuration is appropriate for every server, our configuration is tuned to the amount of ram in the server and provides far better performance for a wide variety of workloads.
PHP and Apache modules
We recompile PHP and Apache with the most popularly used and requested modules such as GD, TTF, CURL, Ioncube, etc. This can save time and frustration from trying to get these commonly used modules up and running for your websites.
Email server optimizations
Use any better email protection solutions to prevent spamming issues with the server. Incoming/Outgoing emails should be filtered to improve the reputation of the server.
MySql configuration
By default, the MySql configuration /etc/my.cnf has very important performance features such as the query cache totally disabled! We install a basic MySql configuration that enables reasonable settings for the most important features such as query caching. Very busy MySql servers may need further tweaking, but our optimizations will provide a huge performance boost from the defaults and are appropriate for the majority of customers.
And countless smaller tweaks!
As you can tell from the list above, the time it takes to learn about all of the correct settings for cPanel can be a bit overwhelming. Luckily, we’ve done the hard work and trial and error to know which settings are best for the majority of customers. When you order a server with us, we put that experience to work to save you time, improve your website’s performance, and enhance your server’s security.
Optimizing Apache
In WHM, go to
Home >> Service Configuration >> Apache Configuration >> Global Configuration
Alter the following settings in Apache Global Configurations:
->set Keep-Alive “on”
->MaxKeepAliveRequests set to 0( unlimited requests will be allowed on the server. )
->KeepAliveTimeout set to 10
->MinSpareServers and MaxSpareServers–Set the minimum to 10 and the maximum to 150.
->HostnameLookups–off
Optimize MySQL
In a dynamic environment, it is very beneficial to correctly configure your SQL settings.
Find your my.cnf file, and replace it with the following:
[mysqld]
local-infile=0
max_allowed_packet = 1M
max_connections = 300
max_user_connections = 35
wait_timeout=40
connect_timeout=10
[mysqldump]
quick max_allowed_packet = 16M
PHP-FPM Performance Tuning
In order to make scripts run faster, go to Home -> Software -> MultiPHP Manager and turn on Php-FPM for all your accounts.
To improve the server performance below listed are some recommended PHP-FPM values
->Max_Value
…………
Set Max Children value according to
Total Max Processes = (Total Ram – (Used Ram + Buffer)) / (Memory per PHP process)
this formula
free -m gives the above values and apply it and set the given output value
root@server [~]# egrep max_children /opt/cpanel/ea-php56/root/etc/php-fpm.d/cptech1.local.conf
this will give max_children value
->Max Requests
…………
root@server [~]# egrep max_request /opt/cpanel/ea-php56/root/etc/php-fpm.d/cptech1.local.conf
And set to 20
Conclusion
Above all mentioned tweakings and optimizations are need a server administrator assistance to attain the best performance of the server. Also the configuration updates and settings changes requied necessary service restarts to take affect the changes.