Digital Ocean VPS with NGINX & PHP-FPM5 — Current Web Host

My current web hosting setup includes a multi-domain NGINX & PHP5-FPM VPS with 1CPU, 1GB RAM, and 20GB SSD from Digital Ocean serving WordPress sites and a few static sites over HTTP2 connections through Cloudflare and SSL’s from StartSSL.

That’s a mouth full.

The total number of domains are always changing, but as of writing this, there are six WordPress sites, and two static sites. None are high traffic, but I’ve found it’s mostly about balancing the MySQL memory usage due to the WP installs.

Here is a run down of the sections I’ve included. This post will grow and adjust as time goes on too.

  • Hosting: Digital Ocean VPS
  • DNS: Cloudflare
  • Domain Registrar
  • SSL Certificate

Hosting: Digital Ocean VPS

This is the waterfall for the homepage of this site. It’s taken a lot of work, reading, and late nights hammering away in a terminal with eight tabs open to different tutorials. My current server config is a pretty straight forward NGINX setup, but it is pretty quick. The waterfall above is from the Digital Ocean VPS in Toronto to the default Web Page Performance Test to Dulles with no throttling.

This site is still very light, but the way it is built thus far, it will always have good perceived performance. More details on my thoughts here. As I build this site out, it’s overall weight will grow, but initial paint and the user experience will always be fast. Below is a look at the waterfall from Dulles on the 3GFast throttled setting.

It’s still pretty quick on a simulated 3G connection. Not bad for $10/month.

Obviously the cost is spread out over hours of learning, but I didn’t learn how to build a Linux server for this purpose…it just happened to work out that way and has proved an invaluable skill.

Digital Ocean has been great with an always evolving and improving UI for their server management online, and the price is great. $5/month gets you on a 512MB VPS, and it scales from there. I’ve been building all kinds of things on Digital Ocean VPS’s for a few years now going back to web apps for Versett.

Don’t forget about the Digital Ocean Community for all kinds of tutorials and guides. Just a whole mess of Linux info in there.

DNS: Cloudflare

For as long as I can remember, I’ve run my DNS through Cloudflare. It’s free for 95% of my needs, and provides an added layer of protection and convenience—on top of being a badass DNS manager.

The heart of Cloudflare’s benefits are security. Think of it as running a firewall before you even get to your server, or locking the doors on your car. I would highly recommend anyone running any website they have through Cloudflare—regardless of your hosting. It really is a matter of changing your nameservers where you’ve registered your domain. 99% of the time Cloudflare correctly detects all your DNS and switch-overs go smoothly.

I’ll perhaps do an in-depth article on Cloudflare some day. From caching to obscure features like a fairly accurate geo-location feature that provides an HTTP header with a visiters location. I’ve used it for some neat site features of a global client. Cloudflare even offers the ability to minify and optimize asset loading through a relatively remarkable system.

Yeah, Cloudflare definitely needs an entire post.

Domain Registrar

It feels like every year I have a cluster of registrations due and I spend a couple hours looking at domain registrars. Like spring cleaning is to the dark corners of your house, January seems to be my annual registrar sweep.

Last year I moved domains to Namecheap. I’ve got no complaints. Their UI has gone through a face lift since last time I looped through their neighbourhood, and has felt intuitive enough. Nothing jumps out anyway.

I’ve had zero issues registering some new domain names like .coffee and .photography. DNS updates I can’t really report on as I change nameservers over to Cloudflare immediately. Prices are good, but something that has come up recently is registrar masking information. It seems to come up more and more as users become more savy with how a website actually works. Clients want the registration information masked on whois lookups. On initial purchase or transfer and renewal of a domain, this is added in free…for the first year. It’s $4/year per domain after that.

It sounds odd, but so far, the best domain registrar I have used that includes free whois information protection is Dreamhost. Yeah, I know.

The fact is, I’ve used Dreamhost for  small client sites or those clients that have a bunch of properties or love to make sub-domains. Their shared hosting is perfect. As cheap as Bluehost, GoDaddy or the other standard big shared hosts, and Dreamhost provides free whois obfuscation for all the domains you register there. For me, this might be the reason I move my domains back there, and leave them there. Again, my workflow is: Buy Domain > Change Nameservers > All DNS Forward on Cloudflare.

Needless to say, my needs from a registrar are minimal.

SSL Certificate

Adding an SSL certificate to all of your websites should be on your schedule for 2017, and developing a process for including an SSL certificate in all new websites going forward. With Let’s Encrypt starting to get traction among web host’s with automated integration, it’s time the internet went all SSL. Soon it will be automatic with most if not all hosting. But what about us who like to tinker?

Free SSL Certificate from Startcom (StartSSL)

I use a free SSL certificate from Startcom (StartSSL) for all of my sites. I started adding SSL/TLS to my sites before Let’s Encrypt was around, and Startcom was the best route to go. Heck, they were the only route to go for free SSL certificates for personal websites.

Over the last year, StartSSL has improved how to get a free SSL certificate, but it still isn’t super user friendly. However, once you understand the process, it really is straight forward and yearly renewal takes me 10 minutes per site now. Furthermore, the last free SSL certificate I renewed I noticed StartSSL offered up to ten domains per certificate. Prior to this, they only allowed two domains per certificate (www & non-www).

So now, you can have a number of sub-domains all on the same certificate as your primary domain. I tested it with a dummy WooCommerce site I setup for testing: https://woofoos.3oh6.com/shop/ . I am running the same Startcom free SSL certificate for that site, this site, and a couple other sub-domains. It works perfect.

I recently posted a guide on how to get up and running with a StartSSL free SSL certificate here. The first step is to not use the guide. Yeah.

Free SSL Certificate — The hard way

Perhaps Let’s Encrypt is a better option for a lot of folks, but for me, I’ll keep the sites I have on StartSSL as I have the process already in place and switching over to Let’s Encrypt for free SSL certificates just doesn’t provide me any benefit at this point. Keep in mind, a few shared hosts like Dreamhost and SiteGround have started including an easy process to get a free SSL certificate from Let’s Encrypt with even their most basic shared hosting packages.

**update 29/01/2017** I recently moved a site ( theMcleod.ca ) over to SiteGround off of my Digital Ocean VPS. The process was slick. I was up and running on a Let’s Encrypt SSL with just a couple clicks. It was the first time I did an SSL on SiteGround and it couldn’t have been much easier.