Ideal Home Webserver Setup
To my everlasting shame, my site has been "powered" so far by a 3-year-old notebook computer with a faulty I/O subsystem. Ugh. The technical depravity alone shocks the conscience, but worse is treating readers with such disregard. Enough of that. Another mistake I made was running nascent blogging software. One month in this setup was enough for me to find out that: 1) I enjoy writing online, and 2) a solid architecture is in order. I want to:
- Buy good hardware.
- Run Windows and Linux. This is essential for me since I work on both.
- Deploy the servers in virtual machines. Life without VMware is nasty, brutish, and short.
- For blogging, use WordPress. At first I evaluated the major .NET blogging engines and picked BlogEngine.NET. It's still in its early stages, but I thought "what the hell: blog a little, patch a little". A few problems and two patches later, I realize the error of mixing these things. BlogEngine.NET is a good piece of software with potential — but for production I need a robust engine with rich functionality that can run unnoticed.
- Run a tight front-end ready to spit out gzipped content with minimal latency. For a hobbyist on a budget, this means open source. I'm thinking about Apache + mod_proxy, maybe Squid, maybe wp_cache.
- Host images outside my network. I pay $60/month for Comcast business internet rated at 1.5 Mbps up, 8 Mbps down. It hardly ever goes below 2 Mbps up, 18 Mbps down. This is plenty of bandwidth for normal traffic and enough to handle spikes if a big site links here. Still, moving images off-site cuts down drastically on the bandwidth. Normal users have a snappier experience and peak handling is far better. With gzipped HTML and no images, the average HTTP response should be about 30K. Assuming 1.5 Mbps up, the setup should handle ~6 requests/second, ~360/minute. That's wildly beyond my traffic and enough to at least cope with a spike.
The sane reader is probably wondering why one would go through these troubles instead of renting shared or dedicated hosting. First, I like to run a lot of quirky things like an open SQL Server shell, Cruise Control for continuous integration, and an SVN repository. I have plans for similar stuff that requires server access. That completely rules out shared hosting. For dedicated hosting, the prices are such that I prefer to buy commodity hardware and pay for business Comcast, which is very reasonable and has been solid. Basically, I'm moving a "lab PC" that I would play with anyway from an internal LAN to the Internet, so my added cost is really the $60/month, which buys you nothing in a dedicated server. And most important, it's just fun 
Luckily between the free VMware Server and current hardware prices, you can buy an outstanding machine for less than $1,000 to run both Windows and Linux at fierce speeds. My plan is to run Ubuntu x64 server on the metal, 32-bit Windows Server 2003 in a VM, and 32-bit Ubuntu server in another VM. So far, I have only bought the hardware. I hope to get things running over the weekend. In the next entry I will post the detailed parts list (with links to Newegg). I'm planning two more entries: one on setting up the Ubuntu VM Server and another for the combined IIS + WP/Linux caching solution.
What do you think of this? Any obvious holes? Suggestions? I'm keen on hearing about the caching, since I'm ignorant of both mod_proxy and Squid.
March 13, 2008 at 10:36 pm | Filed Under Sysadmin
Subscribe to blog
Comments
6 Responses to “Ideal Home Webserver Setup”
Leave a Reply
Wny not VMware Workstation? I’m curious what Server buys you over Workstation for your needs. I’m using Workstation for my, ah, server, and it’s OK so far.
Actually, $60/month would get you quite a bit on a dedicated server on Slicehost.com. True, you can’t run your virtualizations, but that belongs on a dev machine anyway, not a web server.
I am curious how you have your network setup. The only thing holding me back from hosting at home is the fact that its just my little linksys protecting me from the outside world. Do you use two routers for a "dmz" type setup? Jesse
@Natch: You might be thinking of VMware ESX Server (which is expensive and used widely by corporations) as opposed to the “regular” VMware Server (which is free as in beer and the one I use).
The advantages of VMware Server over Workstation are that it’s free and it’s geared towards “continuous running” for the VMs, so they run within a background Windows Service (or Linux daemon) and are easily set up to boot up automatically when the host comes up. Workstation is more geared towards “desktop use”. With that said, Workstation has a number of nice features (multiple snapshots, kick-ass snapshot management, shared folders) which are lacking in VMware Server.
VMware ESX server on the other hand is the “enterprise product”. It basically has its own kernel, so the “host os” is VMware itself. It’ll only run on specific hardware (ie, Dell and HP servers), is extremely reliable and performant. It’s beautiful on the data center, but out of reach for most home users.
@Kenneth: Those prices are not for dedicated servers, those are for virtualized servers (VPSs). There’s a world of difference. You’re renting a virtual machine. It costs $70/month there to get a machine with 1 gig and limited CPU (since it’s shared). Also, I don’t understand why you say “virtualizations belong in dev machines” given that: 1) Slicehost itself is selling you _exactly that_ (virtualizations), and 2) _every_ Fortune 500 data center I see has tons of virtualized production servers (not dev stuff), and _all_ seem to be planning increases.
@Jesse: Hi there. In my setup, the Business Comcast is being used only for this website and some open source and experimental stuff (hobbyist research). There are no personal computers connected to this network in any way (ie, my IRS stuff, personal stuff, murder plots and all are completely severed from the network where this website is).
I do not run a DMZ setup because there would be nothing behind it. I have one box only (the server I wrote the article about) connected straight to the router Comcast sent me, and that’s all.
With that said, what kind of threat model/attack scenario are you thinking of? Are you afraid of somebody owning the Internet router and then penetrating further into your home stuff? Or owning the web server and then attacking the rest of the home network? Can you elaborate on the attack scenario?
When it comes to the router, there’s no difference between a router serving a public website and a regular dynamic IP router (especially since the likely attack is a broad scan for router vulnerabilities). But the website is a problem: it’s troublesome to think that any bug in your blog engine or web software could lead to an attacker feeding packets directly to your personal home computers.
If I had the home network on the same connection, I would stick a bare bones Linux box between the home computers and the DMZ (the webserver, really). That Linux box would then firewall off the internal LAN and hold the fort if the web server is compromised. Another option would be to use a router instead of Linux. That’s personal preference; for me Linux is much easier to manage and more trustworthy than some generic $80 router.
I cannot imagine running a VM-hosted website using GSX (aka “VMware Server”). Maybe the Linux version, if it was still available. VM’s running on ESX are just a hair slower than equivalent PM’s, and effectively more stable (if you’re talking about W2K3). Running layered, 82% iron-speed is the best you’ll see…before Windoze crappy page-swapping blows up your VM.
FYI, one should be able to obtain pre-3.x ESX licenses fairly cheaply, and ESX 2.1.2 or 2.5.1 has almost all the functionality that you’d want for non-large enterprise applications.
–Former VMware ESX hardcore internals dude (ESX “Triple Crown” shirt, VPX “Galaga” shirt, etc.)
…That should read, “VPX ‘Space Invaders’ shirt”. Can’t keep my retro vidgames straight no more.