Optimizing cPanel-WHM by ciccone85


									                       Optimizing cPanel/WHM

With the upcoming "VPS Optimized" version of cPanel/WHM making it's
way out (it's recently moved from the EDGE to CURRENT tree), Doug has
asked me to post some of the ways I tweak a cPanel/WHM VPS to reduce the
background memory and CPU usage and leave more resources for actual
hosting. I'm also going to post some how-tos on securing VPSs over the next
few days and weeks. I should also mention that this is by no means my own
work - I have learned much from other forums, and by experimenting on a
test VPS I have specifically to "break things".

So, here goes - Whenever I get a new cPanel/WHM VPS (or server) here's the
first things I adjust or tweak to cut down on resource usage:

1) Mailman - Mailman is a memory glutton. It runs constantly as a process,
gobbling memory for no good reason. If you don't need it, pop into WHM >>
Server Configuration >> Tweak Settings and turn it off by unchecking the
box. If you need a good mailing list, then PHPList (http://www.phplist.com)
works fine, uses resources only when it needs it, and also comes with
Fantastico if you have it.

2) While in Tweak Settings, there's some other adjustments you can make:

a) Mail >> Number of minutes between mail server queue runs (default is 60).
Each time the mail queue runs it increases load - The default of 60 can safely
be reduced to 120 or even 180 on a busy server. Whilst there I also disable
Boxtrapper Spam Trap and SpamAssassin Spam Box delivery, on the basis
that whilst the server will filter out most of the spam coming in, it's then up to
the users to employ filters in their email clients etc in order to filter out the
rest of the rubbish - Using Boxtrapper and SpamBox simply puts more load
on the server. (These 2 options also need to be disabled in the feature lists you
use so that they don't show up as available in clients' cPanels).

b) Also under the Mail section, I set the "Default catch-all/default address
behavior for new accounts" to fail - there's no need to collect unwanted or
unroutable mail in catch-all folders.

If you're doing this to a server with accounts already on it, changing this
setting will not change those existing accounts, which are probably set to the
default of BLACKHOLE. You can enforce the change onto all existing
accounts by logging in via SSH and running the command:

perl -pi -e "s:blackhole:/:fail:/g;" /etc/valiases/*
c) Further down in the Tweak Settings section are the settings for Stats
programs. Turn off Reverse DNS Lookup for AWStats, disable Analog Stats
(pretty useless really) and just run with AWStats (if you need it) and
Webalizer. All stats programs run processes to collate the stats so if you can
get away with using just Webalizer all the better.

d) Further down under tweak Settings, in the System section, is an option
"Conserve Memory at the expense of using more cpu/diskio." If you're
running a server that is always maxing out on memory usage this may be an
option to try, but you should bear in mind that it does slightly reduce speed of
processing, and you should check with Solar VPS Support that, as a result,
you're not using more than your share of CPU resources.

Also under the System section, ensure that you have checked the "Do not
start deprecated Melange 1.10 chat server." option.

3) Spamassassin: Spamassassin is also a memory hungry beast in its default
setup, but you can reduce this very easily. In WHM scroll right down the left-
hand menus until you get to the cPanel section and click on Manage Plugins.
There are two plugins in there that you should enable - spamdconf and
cronconfig (more on this one in a minute). Once you have checked those two
options, scroll down to the bottom and click Save. Your server will then
contact the cPanel servers and install those 2 plugins for you in a minute or so.
Once done, refresh the left hand frame in your browser (the one containing
the WHM menus) and you'll see a new section right at the bottom (You will
already have this section if you run Fantastico, but these new 2 options will be
added to it).

Select "Setup Spamd Startup Configuration" and you will presented with 4
option boxes, the second of which is the one we want. Setting "Maximum
Children" to 2 (no, this isn't birth control LOL) will restrict the number of
processes Spamassassin fires up on startup, each of which eats memory. Once
you save this the server will restart Ensim to build in the new setting - this
can take up to a minute to restart, so just be patient.

4) Cron times: Cron jobs use memory and CPU resources, so it's best to
check that they run in off-peak hours (usually overnight). The other option
we just added in the Manage Plugins section has added a menu option
"Configure cPanel Cron Times" in the Plugins section at the bottom of the
WHM menu. Within that section are 2 settings for the times that your cPanel
Update runs (if you run it automatically) and the time your backup runs. You
can change and "commit" each of these times to something more sensible.
Also, if you run Fantastico, there's another option in the Fantastico settings
for the time the daily Fantastico update cron job. This is all very much a
matter of preference, and depends a lot on when your server is least busy but,
for example, one of my standard settings for these would be:

cpbackup = 01:00AM
cpupdate = 03:00AM
Fantastico = 04:00AM

This allows each cron job enough time to run before another one starts so
that you don't get 2 resource-hungry routines overlapping. The actual times
you use depend on when your own server is least busy. You should also check
right up at the top of the WHM menu under Server Time that the server is
actually running in the Time Zone you expect - You cannot change this on a
VPS but you should ensure that the server time is actually reasonably correct
and not set to a timezone that would actually cause your cron jobs to run in
peak hours - this actually happened to me once when I discovered that a USA
server was actually set to GMT and all my crons were running seven hours
earlier than I thought, slap bang in the middle of one of the busiest periods ;)

5) FTP: In WHM >> Service Configuration, there is an option to change 2
settings for FTP. By default the first will be set to use pure-ftpd (this is good)
and the second is to allow anonymous FTP (this is very bad). Unless you
really want half the world (the bad half) discovering that you run an open
FTP server, turn anonymous OFF. Each FTP session uses resources, so you
should also be careful about how many FTP logons you allow each account in
your Feature Lists. Up to 3 is fine - anything over 10 is getting silly and
simply invites your users to use your server for file sharing.

To top