CloudLinux Overview: Why use CloudLinux on your Server?

At Kualo, our fully managed services are designed to ensure you can focus on what matters most—your business and websites.

One of the tools we utilise to provide a robust, reliable environment is CloudLinux OS. We typically recommend clients on their own servers run CloudLinux as their OS.

Specialised for web hosting, CloudLinux offers features that particularly improve server stability and resource allocation, tackling common issues like 'noisy neighbours'. This article will explore how CloudLinux, especially its CageFS, LVE, and PHP Manager features, can greatly enhance your hosting experience on a Kualo server.

What is CloudLinux?

CloudLinux is an operating system developed to offer superior stability and security in multi-tenanted hosting scenarios. Unlike standard Linux, CloudLinux isolates each user, thereby improving server performance and security.

Key Features

1. CageFS: A virtualised file system that isolates each user to improve security.
2. LVE (Lightweight Virtual Environment): Allows customised resource allocation to each user, improving server stability and eliminating the 'noisy neighbour' issue.
3. PHP Manager: Provides flexibility in selecting PHP versions for individual websites, along with hardened security for older versions.

Benefits of CloudLinux

CageFS: Advanced User Isolation and Security

Unlike standard Linux distributions, CloudLinux's CageFS offers a unique, isolated environment for each user by creating a virtualised file system. It essentially locks each user in their own 'cage', complete with a fully functional file system and essential system files.

Superior to Traditional Security Measures

While some may attempt to secure their hosting environment using php.ini file restrictions, these can be relatively easy to bypass and are ineffective for CGI scripts. CageFS, by contrast, offers a more robust and comprehensive approach to server security.

Added Security

In a standard Linux environment without CageFS, users could potentially access each other’s sensitive information, thereby increasing the risk of data breaches. CageFS eliminates this risk by ensuring users cannot see or detect each other on the server, nor can they access server configuration files, like Apache config files.

Additional Benefits

• Restricted Access to Binaries: CageFS ensures that only safe binaries are available to the user.
• Limited Server Visibility: Users cannot view server configuration files or detect the presence of other users and their usernames.
• Controlled View of Processes: The user's view of the /proc filesystem is limited, preventing them from seeing processes related to other users.

User Experience

Despite these security measures, the user experience within CageFS remains fully functional and unrestricted. There's no need to modify user scripts or compromise on features, offering the best of both worlds: security and functionality.

This advanced feature set makes CageFS an indispensable tool for enhancing security and stability on your Kualo server.

Lightweight Virtual Environment (LVE): Tailored Resource Management and Stability

LVE technology allows you to set specific limits on physical server resources like CPU, IO, memory, the number of processes, and concurrent connections for each user account. This kernel-level technology is developed by CloudLinux and operates at the server, PAM (Pluggable Authentication Modules), and database levels. The core advantage of this granular resource allocation is to maintain overall system stability and prevent any single account from exhausting all available server resources.

Avoiding the 'Noisy Neighbour' Issue

Standard Linux doesn't offer resource isolation at the user level, which can lead to a single account using up all resources and disrupting the functionality of others. LVE ensures that such 'noisy neighbours' are curtailed, allowing each user to operate within their allocated resources without affecting others on the same server.

Safe Development Environments

LVE's flexibility is particularly beneficial when running multiple types of sites on the same server, such as production and development sites. By setting distinct resource limits for each account, you can run experimental code on a development site without risking the stability of live production sites.

Diverse Offerings for Agencies and Web Designers

Agencies and web designers can set limits on a per-user or per-package basis, offering customised hosting packages with resource ceilings tailored for specific end-user requirements. This adds another layer to differentiate their services beyond standard package offerings like disk space or the number of email accounts.

Increase Revenue with LVE Manager

LVE Manager is more than just a resource management tool; it’s also a potent sales instrument. You can create diverse hosting packages with varying levels of CPU and memory, offering these as upsell opportunities to clients who require more resources. The transparency of LVE Manager enables end-users to see their resource usage, making the upsell process much smoother.

Enhance Customer Retention

Limiting resources for each tenant ensures server stability, thus reducing the number of inquiries about performance issues, a leading cause of customer dissatisfaction and churn.

Fine-Tuned Control with LVE Manager

LVE Manager provides a detailed dashboard to control your resource allocation. It enables you to:

• Limit resources per individual account, whether for end-users or resellers.
• Allow resellers to set limits for their own end-users.
• Create and apply default packages.
• View usage history for each account.
• Identify resource abusers and take corrective actions.
• Recognise top users and offer them upsell opportunities to higher-end plans.

By incorporating LVE into your server management strategy, you ensure a more stable, secure, and scalable hosting environment for all users.

For more details on setting limits, please see this article.

Comprehensive PHP Solutions for Performance and Security

PHP Manager 

CloudLinux's PHP Manager delivers enhanced performance and security:

1. Version Flexibility: Allows end-users to choose from multiple PHP versions and over 120 PHP extensions, offering unparalleled flexibility.
2. Support for Older PHP Versions: Hardened PHP ensures security for old and unsupported PHP versions, so you don't have to force your customers to update their PHP scripts.
3. Risk Mitigation: Reduces security risks associated with using outdated PHP versions by providing a hardened environment.
4. Customer Retention: About 64.5% of all PHP websites still use unsupported PHP 7 versions. CloudLinux lets you offer these versions safely, reducing the churn rate.

Faster PHP Performance with LSAPI

CloudLinux's PHP implementation uses LSAPI, which has been specifically engineered for maximum PHP performance:

1. Performance: LSAPI offers up to 20% better performance than FastCGI and is 50% to 75% faster than Apache with mod_PHP and nginx with PHP-FPM.
2. Security: Full support for suEXEC mode and chroot capabilities ensures greater security.
3. Flexibility: LSAPI allows you to change PHP configurations via web server or .htaccess files, run multiple versions of PHP at once, and even customise which files or folders use which PHP version.

For more details on using PHP Manager, please see this article.

Conclusion

CloudLinux offers an array of features designed to maximise server stability and security, making it a wise choice for any Kualo server. Whether you are a small business owner, an agency, or a web designer, CloudLinux's features like CageFS, LVE, and PHP Manager provide an added layer of security, stability, and flexibility.

Should you have further questions or require additional clarification, our support team is always available to assist you.