View Single Post
  #1  
Old 1st April 2013, 11:10
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 57
Thanks: 6
Thanked 9 Times in 9 Posts
Default Small DNS server

I have a small 220 Mb VPS and thought I could put it to use as a slave DNS server using Debian wheezy. It was an interesting exercise seeing what could or could not run in such a small VPS and this is a bit of a brain dump FWIW. I tried using nginx with just fcgiwrap but it would mean adding "#!/usr/bin/php5-cgi" to a couple of dozen first run PHP scripts. There is no way php-fpm would run along with MySQL and Bind so I ended up installing lighttpd just to run the ISPConfig CP and I only had to alter one file...

Code:
chmod 640 /usr/local/ispconfig/interface/lib/config.inc.php
so that lighttpd running as www-data could access it (the ispconfig user belongs to the www-data group on Debian/Ubuntu systems). Yes, pure CGI (not FastCGI) is pretty slow but it works. I also added just postfix on it's own so the system could send out any email notices. Here is a list of running services...

Code:
~ free
             total       used       free     shared    buffers     cached
Mem:        225280     111036     114244          0          0          0
-/+ buffers/cache:     111036     114244
Swap:       524288          0     524288

~ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.3  10608   824 ?        Ss   Mar31   0:00 init [2]      
root      3245  0.0  0.7  58808  1640 ?        Sl   Mar31   0:00 /usr/sbin/rsyslogd -c5
bind      3269  0.0  5.2  86940 11760 ?        Ssl  Mar31   0:00 /usr/sbin/named -u bind
root      3294  0.0  0.4  18836   952 ?        Ss   Mar31   0:00 /usr/sbin/cron
www-data  3315  0.0  1.1  80444  2512 ?        S    Mar31   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
root      3345  0.0  0.2   4132   652 ?        S    Mar31   0:00 /bin/sh /usr/bin/mysqld_safe
mysql     3657  0.0  4.2  63528  9472 ?        Sl   Mar31   0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=m
root      3865  0.0  1.0  37744  2428 ?        Ss   Mar31   0:00 /usr/lib/postfix/master
postfix   3866  0.0  1.0  39864  2376 ?        S    Mar31   0:00 qmgr -l -t fifo -u
root      3882  0.0  0.4  40936   928 ?        Ss   Mar31   0:00 pure-ftpd (SERVER)                                                                                  
root      3945  0.0  0.5  41640  1212 ?        Ss   Mar31   0:00 /usr/sbin/sshd
postfix   5925  0.0  1.0  39812  2336 ?        S    Mar31   0:00 pickup -l -t fifo -u -c
root      5969  0.0  1.6  69432  3812 ?        Ss   00:55   0:00 sshd: root@pts/0 
root      5971  0.0  0.8  17900  2024 pts/0    Ss   00:55   0:00 -bash
root      5984  0.0  0.4  15260  1092 pts/0    R+   00:59   0:00 ps aux
I had to disable InnoDB for Mysql so here is it's my.cnf...

Code:
[client]
user                    = MYSQL_USERNAME
password                = MYSQL_PASSWORD
port                    = 3306
socket                  = /var/run/mysqld/mysqld.sock

[mysqld]
default-storage-engine  = myisam
port                    = 3306
socket                  = /var/run/mysqld/mysqld.sock
key_buffer_size         = 16K
max_allowed_packet      = 1M
table_open_cache        = 4
sort_buffer_size        = 64K
read_buffer_size        = 256K
read_rnd_buffer_size    = 256K
net_buffer_length       = 2K
thread_stack            = 128K
server-id               = 1
general_log             = 1
general_log_file        = /var/log/mysql/mysql.log
log_error               = /var/log/mysql/error.log
log_slow_queries        = /var/log/mysql/mysql-slow.log
long_query_time         = 2
log-queries-not-using-indexes
ignore_builtin-innodb
skip-external-locking

[mysqldump]
quick
max_allowed_packet      = 16M

[mysql]
no-auto-rehash

[myisamchk]
key_buffer_size         = 8M
sort_buffer_size        = 8M

[mysqlhotcopy]
interactive-timeout
and the lighttpd conf...

Code:
server.modules = (
  "mod_access",
  "mod_alias",
  "mod_compress",
  "mod_redirect",
#  "mod_rewrite",
)

server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc", ".ht" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
cgi.assign                  = ( ".php" => "/usr/bin/php5-cgi" )
compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

$HTTP["url"] =~ "\.(js|css|gif|jpg|png|ico|txt|swf|html|htm)$" {
  expire.url = ( "" => "access 3 days" )
}

$HTTP["url"] =~ "\.(gif|jpe?g|png|htc|css|js|ico)$" {
  accesslog.filename = "/dev/null"
}

$SERVER["socket"] == "0.0.0.0:443" {
  ssl.engine                = "enable"
  ssl.pemfile               = "/etc/ssl/private/lighttpd.pem"
  ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
  ssl.honor-cipher-order = "enable"
  server.document-root      = "/usr/local/ispconfig/interface/web"
}

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
plus these lighttpd modules enabled...

Code:
~ ls /etc/lighttpd/conf-enabled/* -1
/etc/lighttpd/conf-enabled/05-auth.conf@
/etc/lighttpd/conf-enabled/10-accesslog.conf@
/etc/lighttpd/conf-enabled/10-cgi.conf@
/etc/lighttpd/conf-enabled/10-expire.conf@
/etc/lighttpd/conf-enabled/50-phpmyadmin.conf@
And slightly related is I had an emergency where our main mailserver leaked spam via a compromised user account so to help some clients avoid the blacklisting I wanted to set up an alternate outgoing-only SMTP server. I got another even smaller 128Mb VPS (from RamNode with 3Gb SSD) and tried to install postfix but I am more familiar with courier-mta. I ended up using a SSH tunnel back to our main server 10,000 Km away for MySQL access, to avoid running MySQL with a lot of data locally, and to my surprise it came together after a couple of hours work and is currently using only 15Mb of ram!

I think my point is that if ISPConfig could work with SQLite then by using lighttpd+CGI and courier-mta/imap with perhaps MaraDNS then it would be possible to run a few dozen clients out of a $20/yr VPS. And the neat point about these ultra cheap VPS is that they obviously come with an IP and most hosting providers charge more than $20 per year (and up to double that) for just one extra IP!

Last edited by markc; 1st April 2013 at 12:35.
Reply With Quote
Sponsored Links