darrin's musings on software, linux, and anything else.

CloudFlare and a Virtual Private Server

It wasn't that long ago that people paid fairly hefty monthly rates to host web sites, with pitifully small storage quotas.

Then along came companies like DreamHost that promised massive amounts of storage at much lower cost. But even small personal sites would still be up for hundreds of dollars per year in hosting fees.

By this time, we all had 24/7 broadband internet. And (depending on your ISP's policy) it was quite feasible to serve your own site from your home, for free, and with as much storage as you would like. For personal sites this worked fine, but there was always the risk of the Slashdot effect, which would render your home internet connection unusable and probably get you kicked off your ISP.

CloudFlare is basically a CDN that acts as a front-end to your site. Objects are cached in their data centers, reducing the load to your own server quite dramatically. And should your server go offline for a while, the CloudFlare servers can continue to serve your site. This should, in theory, stop problems due to unexpected popularity of your content.

Leaving your PC on 24/7 just in case someone wants to see the photos of your last vacation is a pretty good way to waste energy. So the next idea is to get one of those low-powered ARM devices, set it up with Linux, and serve your site from there. It also gives you a nice little SSH machine that you can use for transferring files to/from your home.

My Pogoplug was great for a while, but perhaps once a week it would freeze and need a power-cycle to bring it back. And it was another little gadget to add to the pile of routers, access points and other junk cluttering up the home office. The final straw for me was when it died and appeared to take the USB stick filesystem with it, leaving me to set up from scratch.

So the Pogoplug is out, because now there are ridiculously cheap virtual private servers on the market. The one I use has been very reliable, serving up this site and being a general handy-to-access SSH server for me to use wherever I happen to be.

These low-end servers are extremely cheap - so do not expect the to be problem-free. Never, ever leave data on a VPS that you don't have backed up somewhere else. Should my VPS company vanish off the internet on day, all I have to do is sign up for another one, set up Linux, thttpd, rsync my site, and tell CloudFlare about the new origin server. VPS servers are so cheap it would even make sense to deploy a second one with another company, just for redundancy.

I would also not really trust a low-end VPS to be that private either. Your data is at the mercy of companies running on razor-thin margins.

Because a VPS is a working host on the internet, you are responsible for its security. So a good iptables setup is paramount, along with careful deployment of public facing services. Keep it minimal - a SSH deployment that requires public-key authentication, sshguard or fail2ban, and a chroot'ed http server. Everything else you add means another potential security hole.