Adjusting CloudLinux Limits

CloudLinuxAll of our linux hosting servers run on an operating system called CloudLinux. This operating system transformed the shared hosting industry a few years ago when it first became available. It enables hosts to do two critical things:

  1. Confine a user to their own root directory with a feature called CafeFS.
  2. Set hard resource limits for CPU usage, Memory, Disk I/O and Processes.

CageFS isolates each user’s file system. Users cannot escape from their root directory and view another user’s data or access it. This prevents server wide hacks as a hacking script cannot venture any further than the the current file system it has penetrated. This is a crucial security aspect when it comes to shared hosting.

CloudLinux uses a proprietary system called “LVE” (Lightweight Virtual Environment) to impose hard resource limits on each domain. This prevents one domain from bringing a server to its knees by utilizing all of its CPU, Memory, Disk I/O and Apache connections. On a server with hundreds of domains preventing resource abuse is critical for its stability.

Over the past few days we enabled some analytics in CloudLinux so we could look deeper and find what kind of limits our shared hosting clients are hitting. You might have received an email with the title “Hosting account resources exceeded” with some statistics you probably didn’t understand. I will break those down in a second. But based on what we have been seeing we have increased the IO and Memory limits. On all standard shared hosting and reseller accounts the current limits are as follows (don’t worry if you don’t understand these values, I will explain each one next):

  • CPU: 100%
  • EP: 20
  • IO: 2048
  • PMEM: 1024kb
  • NPROC: 100
  • IOPS: 1024

I’m sure that looks like technical mumbo-jumbo to most people but it’s easily explained!

 

New CloudLinux Limits

 

CloudLinux Limits

CPU: 100%

This might look like a domain can use 100% CPU but that is a little misleading. The “100%” means 1 core. Most of our servers have 12 or 16 cores. Therefore a 16 core server has 1600% CPU total in CloudLinux terminology. You can use 1 core of those 16. If you hit 100% of that one core CloudLinux will slow your site down until its usage is below 100%. Hitting this limit will not cause your site to display any error message.

EP: 20

EP stands for “Entry Processes”. This is the number of concurrent Apache connections your site can sustain. Don’t confuse this with total number of connections – that could easily be in the hundreds or even thousands. Concurrent means processes happening at the same time. An easy way to visualize this is 20 visitors all clicking a link at the exact same second. You could have hundreds of visitors on your website but the likelihood of more than a handful doing things simultaneously is very low. Sites that hit this limit are generally getting hit hard by bots and crawlers. If your site hits this limit it will display a “503 Service Temporarily Unavailable” message.

IO: 2048

IO standards for Input/Output. This is how hard the drives are working to read and write your data. This limit is set to 2048 which means 2MB/s. With SSD drives in RAID 10 this isn’t a limit we need to be too strict with. We may revise this higher depending on what we see over the next few weeks. If you hit this limit your website will continue to be available, it just functions a bit slower until the usage has dropped.

PMEM: 1024kb

PMEM means Physical Memory and we have this set globally at 1GB. If you see “VMEM” in your control panel or email notifications it can ignored as VMEM was discontinued in favor of PMEM some years ago. If your website hits its Physical Memory limit it will usually display a “508 Resource Limit Reached” but it can also manifest as “500 Internal Server Error”.

NPROC: 100

NPROC means Number of Processes. This is the total number of active processes allowed on a domain. These include all services such as HTTPD (website connections), PHP processes, SMTP/IMAP/Sendmail, Cronjobs etc. Once the limit of 100 is reached, no new process can be spawned until another one ends. Hitting this limit generally results with Apache 500 or 503 errors.

IOPS: 1024

Literally Input/Output per second. The IOPS limit restricts the total number of read/write operations per second. We set this at 1024 which is the recommended setting on Linux file systems. I have never seen a website on shared hosting exceed this limit. If a website nears this limit in any shape or form it will hit another of CloudLinux’s limits first. If the limit is reached the read/write operations simply go into a “wait” state, essentially waiting in a queue for one the operation in front of it to end. On a busy site this would manifest as slow page loading.

 

CloudLinux LVE

 

CloudLinux Limits Notification

If you hit one of the CloudLinux limits you will receive an email to the address you have listed in Plesk. It is very important to keep this email address up to date so you can understand what is happening with your site(s). Here is an example:

 

CloudLinux Limits Email

This lists all the CloudLinux limits with a “Faults” column next to each limit. As you can see the third site listed hit the EP limit 124 times in a 12 hour period. With this kind of usage the domain would be down more than it is up! I checked the site in Plesk and went into the WordPress section. No WordPress installation was shown, although this domain had WP installed. This means it was installed manually. I hit “Scan” and the server scanned the whole installation and added it to the WordPress section. The result:

 

Plesk WordPress Toolkit

 

The installed WordPress is very old as are its theme and plugins. It is likely that malware bots are attacking this domain relentlessly. Keeping your core WordPress files, themes and plugins up to date is going to fix most resource overuse issues. You can also look at your analytics to see what IPs are hitting your site and block them with simple .htaccess rules. In January we are going to be launching Managed WordPress Hosting where we enforce updates and auto-patch any old WordPress instances that fall between the cracks. It also has an amazing WAF (web appliance firewall) that blocks most bot traffic, Plesk accessible Malware Scanner and a host of other great features. These plans also have triple the standard resources. If you don’t want to pay a premium for such a service you just need to manage your websites correctly and keep everything up to date.

Plesk also gives you statistics of resource usage. Just look at the top-right menu in Websites & Domains:

 

Plesk Resource Usage

 

In the website we are using as an example we see the following:

 

Plesk Resource Usage DetailsUnder “Details” there are more statistics with graphs of usage for each resource limit.

If you have everything up to date and you are still hitting limits we can double your CloudLinux limits for $9.95/mo per website. If you want triple limits, extra security layers and spam-free email our new Managed WordPress Hosting plans are for you. Plans will be $14.95/mo for your primary domain and $9.95/mo for additional domains. The platform is ready right now, we are just working on the new website pages. If you are interested in switching now just contact us and we can migrate you over. I will be officially announcing it over the Christmas holiday.

Lots of new and exciting stuff inbound!

Share This

About the author

Laurence

Hi, my name is Laurence and I’m a web hosting aficionado. When I'm not cracking the whip at HN I can be found at the gym where I'm chasing that 500lb deadlift and kickboxing with guys half my age and still giving as good as I get. Yep, a rare breed of tech nerd mixed in with meathead.

View all articles by Laurence

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.