Rimuhosting May 2015 newsletter


A recap of recent improvements

We have been doing some major networking upgrades over in Dallas. Lots of 10G fiber being run. More uplink capacity. More capacity between servers.

We have expanded our global presence to Frankfurt. You can order a VM there. Or we can provide custom quotes for dedicated servers there.

Intel keeps on putting out newer, faster, better CPUs. And we keep offering them. You can now order Intel's Haswell v3 CPUs with DDR4 memory.

We are seeing SSDs move from a niche/high end option to the mainstream. Prices are dropping. And after trying a few different brands we have found the Intel SSDs we offer to perform really well and reliably.

Most of our new shared VM hosts are now using SSDs for storage. SSDs on VM host servers reduces disk I/O contention and lead to big performance gains. Newer CPUs and cheap/big memory sizes mean memory and CPU are rarely a performance bottleneck.

A few new features to be aware of in the RimuHosting control panel: host load, disk IO and CPU graphs for each VM. An option to reset your root user password (and add ssh keys). Tweaks to our websites to improve them on mobile devices.

There are a couple of new distro options for new server installs: Debian 8 (jessie) and CentOS 7. Both those distros let our customers use Docker, which leverage containerization features in our recent Linux kernels.

Speaking of Linux kernels we now offer a 4.0 Linux kernel. That is a big move forward from the 2.4 kernels that were available back when we started in 2004.

Security matters

Lots of security topics over the last couple of years.

ghost (glibc get host by name exploit) and shellshock (bash exploit) were two vulnerabilities that affected most servers and caught a lot of people by surprise.

We auto-patched many customers servers for both ghost and shellshock. We also wrote scripts to help customers upgrade from some older (unsupported) distros to newer ones.

We also needed to upgrade all our Xen-based virtual machine host servers after a hypervizor security issue. Some customers had their several hundred day uptimes disturbed, but it is also good to be running recent, stable versions of the Xen hosting stack and the underlying distro on all our VM hosts.

We still see the occasional customer server exploited. The two most common causes are exploitable webapps (e.g. wordpress) and poor passwords. Please use good strong passwords and keep your webapps up to date.

We installed some brute force ssh protection on each of our host servers that will automatically protect customer VMs. We have started installing fail2ban on new orders of recent distros.

On the RimuHosting website logins we have enabled two factor authentication. And we are switching over to https connections by default on RimuHosting websites.

A reminder about who we are.

We provide affordable, no-hassle, easy to order virtual machines. We love virtual machines. We think virtual machines offer more functionality and flexibility than running on bare metal servers. And we encourage anyone looking to 'get on the web' to use a virtual machine over a shared host. You get better security and servers nowadays are no longer the daunting task to manage they once were.

We provide dedicated hardware for customers that want to run lots of VMs or have the need for bare metal performance. We love quoting for custom setups. We have customers running databases on bare metal servers with hundreds of GB of memory and dozens of SSDs. We having customers using very affordable dedicated servers to run dozens of virtual machines providing their software-as-a-service offering. We have customers using a cluster of physical servers with us as the back end to their wildly popular mobile apps.

We have a team of super-talented sysadmins available to help take the hassle out of your hosting. Any time you need someone to troubleshoot an issue, configure software, install something or advise just let us know. We are constantly working with things like web hosting control panels, mysql servers, postgresql servers, apache configs, email setups, firewall scripts and node/tomcat/rails hosting stacks.

Keep informed

We would love to keep you posted with useful information about new features and services we offer.

Follow http://twitter.com/rimuhosting (to be the first to hear all our news and observations about the world)

Register at http://blog.rimuhosting.com (for all our main news)

Like us facebook or google plus.

Help us improve?

We have posted a 5 minute survey. Please tell us there what we are doing well and what we need to improve. The form will also help us better understand our customers needs. Oh, and you can add a $10 credit to your account by submitting the form.

Refer a friend or colleague?

We would love to help your friends and colleagues with some hassle free hosting.

Say something about @RimuHosting on your http://twitter.com account.

Email a friend or colleague who needs a Linux server and tell them about us. Say something like: email support@rimuhosting.com and tell them what you need and mention I'd referred you.

Photo credit: oinonio

Posted in Rimuhosting | Tagged | Comments Off on Rimuhosting May 2015 newsletter

Debian 8 (Jessie) available

openlogo-nd-100We now have a Debian 8 image available for new VM setups and reinstalls. Debian 8 is code named "Jessie".

There is only a 64 bit image.  Most customers are now ordering 64 bit distros.  And some distros only come in a 64 bit flavor now, e.g. Centos 7.

Debian 8 is also an option for regular dedicated server setups.

The Jessie install is very minimal.  After setup most customers would want to install Apache and Mysql. That is easy enough, do something like "apt-get install apache2 postfix mysql-server"

Some highlights from the release notes:

  • Apache goes to version 2.4 (was 2.2 in Wheezy)
  • PHP from 5.4 to 5.6
  • uses systemd to mamaneg services, with the option to install sysvinit if you prefer.
  • Choice of MariaDB 10 or MySQL 5.5
  • New packages like php-horde, tomcat8

If you're wishing to dist-upgrade from Wheezy to Jessie see the upgrade notes.  Some tips:

  • Run a snapshot in our control panel before doing any work.  Then you can always revert back to that in the event of problems.
  • In some cases our upgrade script at https://github.com/pbkwee/deghost can do the work for you.  wget -O deghost.sh https://raw.githubusercontent.com/pbkwee/deghost/master/deghost.sh; bash deghost.sh --to-jessie  That script will update apt.sources and run a dist upgrade.
Posted in Rimuhosting | Tagged , | Comments Off on Debian 8 (Jessie) available

Linux 4.0 kernel available

On the http://rimuhosting.com/cp/vps/kernel.jsp page you can now select the 4.0 kernel for your VM.  Includes: OverlayFS, carries on with support required for Docker and SELinux, lots of new nf/eb table options, openvswitch, nfs4 support and too many other new kernel tweaks to mention.  Plus newer, fresher kernel code with lots of fixes to bugs (which likely are not affecting you).

We have only produced a 64 bit kernel this time around.  That should be fine even for 32 bit distros.

If you like being on the latest and greatest then this experimental kernel is for you.  If it doesn't work out, restart your VM with our very stable and tested 3.12 kernel.  (Also: let us know if you needed a kernel option we do not have enabled.  Also: we have a pv-grub option should you need to have full control over every module in the kernel.)

If your server is running well and you are happy with things, feel free to leave your kernel as-is.

Posted in Rimuhosting | Comments Off on Linux 4.0 kernel available

Dallas network upgrade

Our new networking cage (prior to being filled with Cisco gear)

Dallas is our busiest location.  We have many, many cabinets there filled with wonderfully shiny servers (all black, as befits our Kiwi origins).  That setup has grown somewhat organically since 2005.  Our core networking wiring was starting to be a little scary.  And network capacity (ports and bandwidth was staring to be an issue).

So for our 10th year in Dallas we opted to rebuild our network from scratch.  Get new, faster networking gear; tidily re-cable everything with fiber; simplify things as much as possible; and increase our uplink capacity.

Back in February we added a new core/distribution layer using Cisco Nexus 7 equipment.  This gear lets us use lots (and lots) of 10G and 40G connections.  And it does a pretty decent job at moving network packets around, too.  The switchover from the old core to the new core went smoothly (thank you to those networking guys involved there!)

The new core gear has allowed us to increase our data center uplink capacity.  (And we have plans to triple the capacity in the next few weeks).

We will also be switching from gigabit links between cabinets and our core networking to 10 gigabit fibre links.  We have already done this for most of our cabinets, and the remainder should be done in the next few weeks (as the switches and cabling we ordered arrive).  A number of cabinets have also had their switches upgraded (from non-fiber friendly models to newer models).

Since even 10G is not fast enough for everyone, in some cabinets we are installing 40G switches.  With 10G access ports to each server.  This gives us a few options for network attached storage and for some of our enterprise customers with particular private networking requirements.

The new Dallas networking setup should future proof us for a few more years.

Like all good network setups we hope you never have to pay it another thought!

Posted in Rimuhosting | Tagged , , , , | Comments Off on Dallas network upgrade

Brute force SSH protection

2231021824_6ce69c077d_zWe have implemented some brute force SSH attack protection on VMs.

Your servers should start to receive fewer connections from bots trying to bruteforce crack passwords on your server user accounts.

Behind the scenes we have setup honey trap servers.  Botnets with no good reason to connect to these servers attempt to connect to the servers and brute force passwords there.  We monitor these failed attempts.  And then block those IPs on our VM host firewalls.  You do not need to configure anything on your VM.

The upshot is should be fewer SSH brute force attacks on servers.  Improving your server security, and lowering load on hosts.

On a not unrelated note: please use good strong passwords.  Particularly on important accounts.  $commonword with a number on the end is no longer sufficient.

Image Credit: Dino Giordano

Posted in Rimuhosting | 3 Comments

Tuning apache for production use

Apache http serverApache is probably the most common web service our customers use. It is an amazingly powerful and mature tool for serving all your website needs. And is very easy to get up and running with

Our team is often asked to tune apache to run more smoothly, more quickly, and more reliably. With a few simple server side tweaks you can easily polish your server till it is ready for 'production' use of your website. Continue reading

Posted in HOWTO, Rimuhosting | Tagged , , , , | Comments Off on Tuning apache for production use

deghost ridding the world of the ghost vulnerability one host at a time

deghostAs part of our mission to wipe the 'ghost' vulnerability (CVE-2015-0235) from our customers servers we have created 'deghost'.

Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where possible.


In most cases this is as simple as apt-get install libc6 or yum upgrade glibc.  But like most things there are a lot of corner cases.  This script tackles things like switch from squeeze to squeeze-lts repositories.  Changing to old-releases repositories for unsupported ubuntu distros.  And offers a (non-default) option to --break-eggs and do a dist-upgrade to the latest Debian/Ubuntu release.

Posted in Rimuhosting | Tagged , | Comments Off on deghost ridding the world of the ghost vulnerability one host at a time

RimuHosting adds a Frankfurt presence

We are excited to announce that we now offer servers in Frankfurt, Germany. This will be a great for users wanting a server central to the EU, and complements the plans we already offer in London.

You can see more information about the data center at http://rimuhosting.com/datacenters.jsp

We are using new generation Haswell-EP based servers there, with ECC registered DDR4 memory and large, fast Intel enterprise SSDs.

If you are interested in setting up a server, check out our plans.

If you are interested in dedicated server options there also pop in a query so we can talk through the options.

Image credit: melanie


Posted in Rimuhosting | Tagged , , , , , | Comments Off on RimuHosting adds a Frankfurt presence

Next gen Haswell-EP systems available

e52620v3Intel have just released their next generation dual proc Haswell-EP-based servers.  We ordered a batch from our trusty systems integrator.  And this morning the servers arrived at our Dallas data center loading dock!  Those same servers are now available now on our dedicated server ordering page.

Pricing is from USD 409/m with a base config of 32GB of memory and 2x1TB hard drives.

The Haswell-EP follows on from the older Nehalem-EP, Westmere-EP, and Sandy Bridge-EP systems.

We are currently offering two of the Haswell-EP CPUs.  The 6 core E5-2620v3 (2.4Ghz) and the 8 core E5-2630v3 (2.4Ghz).

Benchmarks show the Haswell-EP systems out performing similar clock speed previous gen CPUs by about 20% overall.

The new CPUs come with a new socket so there is a new main board with lots of important performance improvements:

  • RimuHosting are currently using the SuperMicro X10DRI mainboard.
  • This mainboard is based on Intel's C612 chipset.
  • All SATA ports are SSD-loving SataIII 6gbps.  Previously only 2 ports were Sata III and the remainder were SataII.
  • Memory slots are DDR4.  DDR4 runs at a faster speed than DDR3 (we are currently using DDR4-2133).  Throughput can be increased by up to 50%.  On these servers the memory is ECC registered.  DDR4 power consumption is a bit lower leading to cool, reliable systems.

As usual we have options with redundant power supplies on A+B power.  We also offer Intel SSD storage; hardware RAID; memory up to 256GB; and private networking.

If you wanted a Haswell-EP server in a location other than Dallas, just email us and we can quote for that in one of our other data centers.

Posted in Rimuhosting | Tagged | Comments Off on Next gen Haswell-EP systems available

Replace webmin self-signed certificate to avoid sec_error_invalid_key error

badcertRecent browser versions (e.g. Firefox 33) refuse to work with older Webmin installs.

They give a sec_error_invalid_key error, offer a 'Try again' button, but do not offer an option to add an exception.

Firefox 33 no longer supports certificates with private keys smaller than 1024 bits.

You can replace your webmin certificate with a new one by running this command:

openssl req -x509 -newkey rsa:2048 -keyout $file  -out $file \
 -days 3650 -nodes -subj \
openssl x509 -x509toreq -in $file -signkey $file >> $file
/etc/init.d/webmin restart

This command will create a 'pem' file with both the private key and self-signed certificate in the same file.  -nodes will let you create the file without a passphrase.  The -subj option saves you having to manually enter certificate details.

Or you can do it by setting ssl=0 in /etc/webmin/miniserv.conf; restarting webmin with "/etc/init.d/webmin restart" then using the web interface to make the certificate change at Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate

Posted in Rimuhosting | Tagged , | 1 Comment