Right … thus far things seem to work rather stable. Time for a little update how exactly I solved the WordPress Internal Server Error“-issue on my own self-hosted blog, as I dare to write a blogpost about it without the platform crashing Long answer very short: set up my own Linux webserver to bypass RAM limits of IC hosting. As running a WordPress site with 90+ plugins requires a different strategy

My Best Practices Server Configuration

And this is *not* a step-by-step guide, but rather a Best Practices log for personal purposes. Although other people might benefit from it too. As it took me 3 weeks to compile and get to the bottom of certain interesting issues.

WordPress

https://www.digitalocean.com/community/tutorials/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu

correct file permissions:

• https://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress/18352747#18352747

File System Tweaks

• swap file tweak: vm.swapiness=10 /etc/sysctl.conf
• SSD tweaks: noatime in /etc/fstab
  tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Webmin installation

vi /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
apt-get update
wget -q http://www.webmin.com/jcameron-key.asc -O-  | sudo apt-key add -
apt-get update
apt-get install webmin
service apache2 restart

Firewall configuration

Simple iptables script

apt-get install iptables-persistent

Create firewall configuration script

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport http -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport https -j ACCEPT; done
iptables -A INPUT -p tcp --dport http -j DROP
iptables -A INPUT -p tcp --dport https -j DROP
iptables -I INPUT 1 -p tcp --dport 22  -j ACCEPT
iptables -I INPUT 2  -p tcp --dport 10000 -j ACCEPT
iptables -P INPUT ACCEPT
iptables -A  INPUT -j DROP
invoke-rc.d iptables-persistent save

Additional notes:

• Don’t bother to hack into port 22 of 10000. Obviously changed those to custom ports that I’m not going to disclose.
• when you’re not using CloudFlare? You might want to add in these:

  iptables -I INPUT 3 -p tcp --dport 443 -j ACCEPT
  iptables -I INPUT 4 -p tcp --dport 80 -j ACCEPT

• don’t forget to save your iptables, otherwise at a server reboot you will lose all settings.

Sources:

• https://rietta.com/blog/2012/09/10/using-iptables-to-require-cloudflare/

Double check:

iptables -L --line-numbers
iptables -S

References:

• http://serverfault.com/questions/129086/how-to-start-stop-iptables-on-ubuntu
• https://help.ubuntu.com/14.04/serverguide/firewall.html
• https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
• https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04

Enable Curl

Required by many Apps & WP Plugins

apt-get install php5-curl

EWWW image optimizer required apps:

apt-get install imagemagick php5-imagick
apt-get install libjpeg-progs
apt-get install graphicsmagick
apt-get install gifsicle
wget http://static.jonof.id.au/dl/kenutils/pngout-20150319-linux.tar.gz &&\
tar -xf pngout-20150319-linux.tar.gz &&\
rm pngout-20150319-linux.tar.gz &&\
cp pngout-20150319-linux/x86_64/pngout /bin/pngout &&\
rm -rf pngout-20150319-linux

also checkout: https://www.causingeffect.com/software/expressionengine/ce-lossless/user-guide/installation

Monitoring apps

apt-get install htop
apt-get install iotop

Install PHP cache

(might cause conflicts with W3 WP cache)

edit /etc/php5/apache2/php.ini

and change: “;opcache.enable=0” to “opcache.enable=1”

php5enmod opcache
service apache2 restart

Install PECL / Pear

Required for WordPress SSH FTP:

apt-get install php-pear
apt-get install php5-dev
apt-get install libcurl3-openssl-dev
apt-get install libpcre3-dev
apt-get install zlib1g-dev
apt-get libcurl4-openssl-dev
apt-get libevent-dev
pecl install pecl_http
vi /etc/php5/cli/php.ini

mind you! not /etc/php5/apache2/php.ini … or do both when in doubt. I know phpinfo uses apache2 but for this to work properly it has to be /etc/php5/cli/php.ini at first.

add “extension=raphf.so"
add "extension=propro.so"
add "extension=http.so"

Restart apach again to make php5 loads properly. Then add the same lines to /etc/php5/apache2/php.ini

edit:

• “upload_max_filesize=2MB” to 32MB … affects other uploads
• “post_max_size=8M” to 32MB .. affects wordpress xml uploads
• “zlib.output_compression = off” to on
• “zlib.output_compression_level = -1” to 9
• upload_tmp_dir = /tmp

apt-get purge php5-apcu

Tune MySQLd

apt-get install mysqltuner

Troubleshooting commands

• htop
• top
• oistat mhx 2 # apt-get install sysstat
• ltrace -p PID # trace library calls
• strace -p PID # trace system calls
• vmstat 2
• tail /var/log/apache2/error.log # http://wiki.apache.org/httpd/ListOfErrors

mod_cloudflare for apache:

• https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-
• http://serverfault.com/questions/470407/how-to-get-a-core-dump-from-apache-when-segfaulting

NTP: Synchronize system clock

apt-get install ntp ntpdate ntp-doc
sudo ntpdate pool.ntp.org
sudo service ntp start

Leap second bug: http://stackoverflow.com/questions/1282232/mysql-high-cpu-usage

Security Hardening Best Practices

• http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
• http://www.cyberciti.biz/faq/rhel-linux-install-suhosin-php-protection/
• http://serverfault.com/questions/684424/how-to-tune-apache-on-ubuntu-14-04-server

• https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics

• https://www.rosehosting.com/blog/how-to-install-mod_security-and-mod_evasive-on-an-ubuntu-14-04-vps/

Speed up static resources:

http://www.oxhow.com/host-images-wordpress-blog-subdomain-better-speed/

Troubleshooting Bibliography

PhpMyAdmin 404

• https://help.ubuntu.com/community/phpMyAdmin

Server load / Browser Socket issues

• http://stackoverflow.com/questions/23679968/chrome-hangs-after-certain-amount-of-data-transfered-waiting-for-available-soc

W3TC issues

• https://wordpress.org/support/topic/plugin-w3-total-cache-external-images-from-subdomain

and might add upon this article later …

• About the Author
• Latest Posts

About Earnie Rhyker

tech pioneer | intellectual BadAss | ethical lifehacker | WordPress Developer & Polyglot | information activist | blogger | added value services provider | multimedia enthusiast | senior linux server administrator | geek | bitcoin investor | laptop entrepreneur | open source contributor | hackintosh fanatic | charity donator | accredited top MLM networker & internet marketer 2014-2016 @ BFH | digital expat

Visit My Website

• My Dutch / NL WordPress Translation contributions: October 2022 - October 9, 2022
• My Dutch / NL WordPress Translation contributions: August 2022 - August 23, 2022
• [NL] Ultra Light digital nomad Europe travel with Ryanair / Wizz Air - August 20, 2022
• My Dutch / NL WordPress Translation contributions: July 2022 - July 27, 2022
• My Dutch / NL WordPress Translation contributions: April 2022 - April 2, 2022
• My Dutch / NL WordPress Translation contributions: March 2022 - March 10, 2022
• What is the best global travel community for 2022 ? - February 20, 2022
• My Dutch / NL WordPress Translation contributions: February 2022 - February 3, 2022
• My Dutch / NL WordPress Translation contributions: January 2022 - January 4, 2022
• My Dutch / NL WordPress Translation contributions: October 2021 - October 7, 2021

View All Posts