TOP

CloudFlare CDN Available Now on all cPanel Hosting Plans – Free

CloudFlare Railgun™

CloudFlare Optimized Partner

As a CloudFlare Optimized Partner, we are thrilled to offer the CloudFlare Railgun™ technology to all our customers free with any hosting package! Railgun is CloudFlare’s latest performance optimization technology that gives you significant improvements in site load times. To activate Railgun, log into your cPanel and select Railgun “On”. Read on for additional details and instructions:

Railgun ensures that the connection between our network and the CloudFlare network is as fast as possible. Railgun achieves a 99.6% compression ratio for previously uncacheable web objects by using techniques similar to those used in the compression of high-quality video. The average website can expect a 1.43x performance increase.

When a request is made to a CloudFlare server for a web page that is not in cache CloudFlare makes an HTTP connection to the origin server to request the page. It’s that HTTP connection that Railgun accelerates and secures.

cloudflare-network-map-24

Even highly dynamic websites change slowly

Railgun works by recognizing that uncacheable web pages do not change very rapidly. For example, during an experiment, the CNN.com homepage HTML was captured once, and then again after 5 minutes and then again after one hour. The page sizes were 92,516, five minutes still 92,516 and one hour later 93,727.

CNN sets the caching on this page to 60 seconds. After one minute, it is necessary to download the entire page again. However, loo

king inside the page, not much has changed. In fact, the change between versions is on the order of 100s of bytes out of almost 100k. Here’s a screenshot of one of the binary differences between the CNN home page at five minute intervals. The yellow bytes have changed, the rest have not.

Experiments at CloudFlare have revealed similar change values across the web. For example, reddit.com changes by about 2.15% over five minutes and 3.16% over an hour. The New York Times home page changes by about 0.6% over five minutes and 3% over an hour. BBC News changes by about 0.4% over five minutes and 2% over an hour.

Although the dynamic web is not cacheable, it is also not changing quickly. That means that from moment to moment there’s only a small c

hange between versions of a page. CloudFlare Railgun uses this fact to achieve very high rates of compression. This is very similar to how video compression looks for changes from frame to frame; Railgun looks for changes on a page from download to download.

Railgun Technology

Railgun consists of two components: the sender and the listener. The sender is installed at every CloudFlare data center around the w

orld. The listener is a software component that [Name of Hosting Provider] has installed on our network for customers.

The sender and listener establish a permanent TCP connection that’s secured by TLS. This TCP connection is used for the Railgun protocol. It’s an all binary multiplexing protocol that allows multiple HTTP requests to be run simultaneously and asynchronously across the link. Or in other words, a persistent connection is opened between CloudFlare’s network and ours and eliminates the overhead of TCP.

We have made it simple for our customers to get the benefits of Railgun with one click.For additional information or questions please open a support ticket.

Read More
TOP

ownCloud One-Click Install from SolusVM on OpenVZ VPS Accounts

ownCloud One Click InstallDue to popular demand, we have created an OpenVZ OS template based on Centos6 x86_64 that has ownCloud v 4.5 installed with a default version of Apache, PHP5 and SQLite.

Current, or new users can select this template from SolusVM under the “Re-Install” tab. Once completed, all you need to do is login via ssh, start Apache with “service httpd start” command and point your browser to the IP address of your VPS.

Some of the benefits of hosting your own cloud for files (like ownCloud) include:

  • Full control of your files
  • Secure server which you have root access to
  • Privacy
  • Eliminate DropBox
  • More professional
  • Keep your digital rights to photos

What does ownCloud allow me to do?

For starters, you can use it as a secure replacement for DropBox, and you can even password protect the URL’s you send to other users in-case the file is sensitive in nature.

You can upload any kind of file (up to 512MB per file) and access it from the web, through WebDAV, the ownCloud iPhone App, and the Mac OS X/Windows Desktop App.

It is a music player and video streamer (with supported addon enabled).

Bottom Line

You can have full control of your files, share them with your friends or collaborate with your clients if you are a small/medium business owner in a very simple tool.

The benefit of using it on an OpenVZ.ca based VPS, is that you can scale resources as you grow. Start out with the Small VPS package and go beyond the storage of ExtraLarge as you need it.

Read More
TOP

Simple Certificate Based SSH Authentication for your VPS

As a sequel to my first blog post (Simple Ways to Secure the SSH Port on your VPS) I am adding a simple tutorial on how you can setup Certificate based SSH authentication.

The reason someone would implement this method is to avoid using plain-text passwords. This way, anyone who does not have the client-side certificate installed in their SSH client will not be able to login to the VPS.

Overview

There are 3 things that we will need to do in order to get this to work:

  1. Create a Public/Private SSH Key on the Client Computer
  2. Create the Public Key file on the VPS (Server)
  3. Disable password based authentication on the Server

I need to stress at this point, do not do step number 3 before you test a login with the SSH key method or you will potentially loose access to the server entirely and will need to open a ticket with your host!

Step 1

Create an SSH Key Pair (Public/Private) on the client. Type the following commands (do not use root as the user):

$ cd ~/.ssh
$ ssh-keygen -t rsa -b 2048

You will be asked: “Enter file in which to save the key (/home/testuser/.ssh/id_rsa):” Press Enter.

You will then be asked: “Enter passphrase (empty for no passphrase):” Type in a passphrase that you will remember. You will need to enter it every time you ssh to your server from now on.

Note: If you do not enter a passphrase in this step, you will not be asked to enter it when you login to the server. This can be good or bad… It’s good because you can just ssh to the server and login automatically without typing a password. It’s bad because anyone who has a copy of this Private Key will be able to login to your server without a passphrase. So make sure you keep this file in a very safe place if you choose not to use a passphrase.

In your .ssh directory you will see the following 2 new files: ‘id_rsa’ & ‘id_rsa.pub’.

Step 2

SSH to your VPS Server, and go to the .ssh directory in the home directory of the user you want to be able to access with the key. Ex: /home/user1/.ssh

Copy the contents of id_rsa.pub (That you generated in Step 1 on the Client Computer) And paste it in the “authorized_keys” file in your ~/.ssh directory on the Server. Ensure that everything is on one line.

Edit /etc/ssh/sshd_config (You need to be root to do this).

Find the following lines:

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

Remove the “#” symbols next to each of these three lines and save the file.

Restart sshd

Close the session and login to your server again with the user you created the key for.

This time you should be asked for a passphrase (if you entered one in step 1). If you didn’t enter one in step 1 then it should just login and you should have a console $ under the user you created the key for.

Step 3

Once you have confirmed that SSH Key Authentication is working, edit /etc/ssh/sshd_config and find the following line:

PasswordAuthentication yes

Change the ‘yes’ to ‘no’ and restart sshd.

You will now only be able to login with the user you created the Key for. From now on, whenever you want to SSH to the server you will need to make sure that there is a copy of the Private Key in the users Home Directory on the Client Machine.

Read More
TOP

Simple Ways to Secure the SSH Port on your VPS

One of the most important things to do once your VPS has been created is to secure the standard SSH port.

Since SSH is the main method to communicate with any VPS it is the first target for any non-authorized person trying to gain access.

There are a few different ways to add more security to this vulnerable port. You can choose to do one of the following or all of the following depending on your needs.

Change the common port 22

This is the easiest and quickest starting point. Since the default port is 22, most hackers will scan to see if this port is open to start an attack. Changing it to a non-standard port will make it harder to identify where the SSH service is running.

Steps: Login to your VPS through SSH and type the following as root:

vi /etc/ssh/sshd_config

Scroll until you see:

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Press “i” to enter insert mode in vi and then move to the line that says #port 22. Remove the “#” and specify a different port (example: 22122, 3355 etc…) Make it random but within the acceptible tcp range.

Once this is done, press “escape” then colon (:) and then “x”. Hit enter and this will save your changes.

At the command prompt type (On CentOS):

service sshd restart

On other OS’s you may need to type: /etc/init.d/sshd restart

At this point you may loose connectivity because you changed the port! If you didn’t you will need to exit the current session and reconnect to your server using the new port that you specified.

(Optional) at this point, if your VPS has more than one IP address assigned to it, you can specify only one by changing the “ListenAddress 0.0.0.0” to one of your IP addresses. This way, you can only access SSH through the one interface.

Disable root login through SSH

Using the same methods in step 1 edit /etc/ssh/sshd_config and scroll until you see

#PermitRootLogin yes

Remove the “#” symbol and change the “yes” to “no”, save the file and restart sshd service.

Next time you try to login as root it will deny you.

Note: SSH will still allow you to try and login as root if you specify “root” as the username. It will reject the login even though you specify the right password.

IP Restriction

This step may not appeal to the users who are on Dynamic IP addresses. But it is a very effective way to secure the SSH port even more.

IP restriction will reject a user trying to login from a non specified source IP address. This will allow you to control which hosts will have access and which do not.

If you have many users using your VPS who require SSH access, this is not a good idea as you will block their traffic when implementing this method.

In order to specify the incoming IP address you can use the “/etc/hosts.allow” and “/etc/hosts.deny” files.

Edit “/etc/hosts.deny” and add a line with the following:

sshd:*

This will deny all traffic. Once this is completed you will allow your IP address.

Edit “/etc/hosts.allow” and add a line with your ip address:

sshd: <your ip> (Example: sshd:192.168.1.1)

Note: The allow file will get processed first. So if an ip address matches in the allow file first, traffic will be allowed even if it is specified in the deny file.

Once this is completed the only host that will be able to SSH to your VPS will be the one specified in your hosts.allow file.

Read More