Joe Healy, a Microsoft Developer Evangelist, recently approached Applied Innovations about assisting him with his hosting needs. Joe runs a pretty active developer website, devfish.net and was outgrowing shared hosting. In fact, like most developers today, Joe wanted more functionality and more control and for a developer like Joe, a Virtual Private Server was the perfect fit.
With our Windows 2003 VPS servers, developers get a semi-managed hosting experience for free. You see, OS updates and security patches are handled at the hardware node so the developer doesn’t have to worry about rushing to his server on patch Tuesday and updating his server. Another benefit is anti-virus is automatically managed on the host node so he doesn’t have to worry about nasties getting dropped on his server.
But most importantly, Joe now has full control of his hosting environment, he can install SQLexpress and IIS and configure them anyway he wants. He can go download the latest beta software and install it on the server. He can tweak the .NET Framework and configuration files, ANYWAY HIS HEART DESIRES. He can also remotely start, stop, reboot, backup and restore his VPS server anytime he pleases. His server is his own personal domain and he’s the master of his domain!
Joe published a review of his experience getting started on his VPS and also pointed out a few tips to help other developers looking to migrate out of shared hosting and into VPS hosting. We fealt Joe’s comments were very useful and wanted to publish them here and also add some additional information for other VPS administrators.
You’ll find Joe’s comments below indented and italicized and then my comments not indented. Hopefully it’s not too hard to read.
[Joe’s] dummies guide to getting your own virtual server configured (cut 1.0)
I’m sure jess or someone will mod this up once they read it
step1 :: get my VPS setup – basically Applied-I took care of the server setup after listening to what I want. Infrastructure guys scare me, but they took it easy on me.
This was the easy part actually. The important thing to decide when you first get a VPS server (or dedicated server for that matter) is what you’re going to run on your VPS. If you’re not comfortable administering IIS or plan to add a lot of sites you’re probably going to want a control panel installed. The good thing about a control panel is once it’s installed and configured, it’s going to save you alot of time and headaches. Each site will be setup identical to the others and you’ll avoid fat fingered mistakes. The downside to installing a control panel is it’s going to eat up memory that you probably don’t want to lose. You can figure 150-300MB of memory for your control panel to run so make sure you have enough memory in your VPS.
My recommendation is if you’re comfortable managing IIS and securing it, go without the control panel. If you’re new to IIS and administering a server, get the control panel. The headaches it will save will be well worth it. Most developers also immediately install SQLexpress, I’d advise you to consider a shared SQL database instead but if you must have SQLexpress make sure you set a memory limit on it or you’ll soon find all your server’s memory used up.
step2 :: get stuff to the server – I still use ftp. With IIS7 I’ll go to secure ftp, but ftp was an easy way to get file in and out of the box. I setup a separate ftp address for each domain running on the box and used isolated ftp to map it. Good instructions for Isolated FTP can be found here -> http://support.microsoft.com/kb/555018/en-us
FTP is simple and easy to use. I personally like to map my local drive in terminal services and drag and drop files between my local drive and my personal vps server. It’s easier for me but your mileage may vary. Windows includes a pretty good FTP server by default but a lot of people are starting to opt for the filezilla ftp server which is opensource and supports secure FTP already.
step3 :: setup the vdir – Create a new website in IIS manager – Setup the host headers in IIS – add in www.devfish.com / devfish.com / www.devfish.net / devfish.net to the host headers – give NETWORK SERVICE security rights to the directory we are going to be using – don’t forget to change the asp.net setting to the right framework version – useful link : http://www.iisanswers.com/articles/dns_for_iis.htm
Host headers are great, a lot of people are still against running sites on host headers because they’re concerned how search engines will see their sites. However, all of the major search engines have come out and said host headers are not a problem. So this is your choice.
Personally, I only use a unique IP on a site when it’s going to run SSL or is going to have many domains pointed to it. Let’s say you have 100 domains you wanted to point at one site, adding all host headers is going to take a couple hours but if you run the site on a unique IP address and only put a binding in for the IP address then you just need to make sure all your host records in the domain’s dns server point to the proper IP and you’re all set.
One more tip here, if you notice Joe has www.devfish.net, devfish.com, www.devfish.net and devfish.net pointed at his site. The thing is pagerank is still considered pretty important by many people and you generally want everyone linking to your site with just one url. With multiple urls pointing to your website your page rank is going to be split among all those domains/urls. I’d recommend using something like isapi-rewrite from www.helicontech.com and creating 301 redirects. Ofcourse you can also use ASP.NET HTTP Handlers and generate those 301’s assuming your app runs in ASP.net. This way your pagerank isn’t split up. If you want to see an example go to www.applied-innovations.com/blog and www.appliedi.net/blog and pay attention to the url bar. You’ll see they redirect to one url.
Another thing you should consider if you’re running your own web server and hosting more than one domain is using unique application pools and unique anonymous users for each website. By using the unique application pool if one site crashes and takes down the application pool it doesn’t affect the other sites and by using unique usersy if one domain gets compromised (for whatever reason) the user won’t have access to the files of the other websites.
step4 :: move some content up – Copy up the latest devfish code up to the site. I also took this chance to move to vs2008 on .net 2.0, as well as integrate gatineau into my pages. Browse it from IIS manager, make sure it all works.
A few months back Microsoft purchased livestats from deepmetrix, I’ve been waiting to see what’s coming of that and looks like it’s gatineau. Definitely signup for the beta on that one. I think we’ll see it give google analytics a run for it’s money.
step5 :: redirect my dns – pointed my dns records at www.worldwidedns.net to new vdir – wait 30 minutes – then test it out
This goes back to what I mentioned about decide what you want to run on your VPS. You can run DNS on your VPS if you want or you can use an outside service. In Joe’s case he decided to keep his server lean and mean and used an outside DNS server instead of running DNS on his VPS.
What next? Lots of overhauls I want to do (yes, I know my website looknfeel sux), but first the fish must swim to .NET 3.5. Main concern here will be some of the funky web.config I’ve got and moving some of the ajax stuff over to 3.5 (aka ripping out web.config junkieness and cleaning it up). Shouldn’t be a big deal, but it is a testing situation.
I left this part because I think there’s one more step Joe should do, configure windows firewall. But be careful you don’t want to block terminal services (if you do though it’s an easy fix, just go into the VZPP and stop the services). Here’s my super secret recipe for configuring Windows Firewall. Open a dos command and copy and paste this block of text into the window it will set exceptions and then start the firewall.
netsh firewall set opmode enable
netsh firewall set portopening TCP 80 HTTP
netsh firewall set portopening TCP 53 DNS-TCP
netsh firewall set portopening UDP 53 DNS-UDP
netsh firewall set portopening TCP 21 FTP-Server
netsh firewall set portopening TCP 220 IMAP3
netsh firewall set portopening TCP 143 IMAP4
netsh firewall set portopening TCP 25 SMTP
netsh firewall set portopening TCP 110 POP3
netsh firewall set portopening TCP 3389 RDP
netsh firewall set portopening TCP 443 HTTPS
netsh firewall set portopening TCP 9999 SmarterMail
netsh firewall set portopening TCP 9998 SmarterStats
netsh firewall set logging droppedpackets=enable
This is by no means a perfect set of firewall rules and will need to be tweaked for your own needs but it will get the most common ports open and leave closed the really nasty ports (445, 137-139, 1433, 3306, etc) to the outside world and will also create a logfile in c:windowspfirewall.log so you can see what gets dropped/filtered by the firewall and don’t worry in Windows 2003 firewall rules only affect incoming traffic not outgoing traffic. Oh and if you have plesk (or any of the other modern control panels), it can handle managing the firewall for you from it’s web interface.
Virtual Private Servers are revolutionizing all aspects of the computer industry and the hosting industry is no exception. We’re excited to be a leader in Windows 2003 VPS Hosting and are glad to be able to help developers like Joe and yourself to find the perfect hosting environment. If you have any questions about Windows VPS Hosting please don’t hesitate to ask.