All of our linux hosting servers run on an operating system called CloudLinux. This operating system transformed the shared hosting industry a few years ago when it first became available. It enables hosts to do two critical things:
- Confine a user to their own root directory with a feature called CageFS.
- Set hard resource limits for CPU usage, Memory, Disk I/O and Processes.
CageFS isolates each user’s file system. Users cannot escape from their root directory and view another user’s data or access it. This prevents server wide hacks as a hacking script cannot venture any further than the current file system it has penetrated. This is a crucial security aspect when it comes to shared hosting.
CloudLinux uses a proprietary system called “LVE” (Lightweight Virtual Environment) to impose hard resource limits on each domain. This prevents one domain from bringing a server to its knees by utilizing all of its CPU, Memory, Disk I/O and Apache connections. On a server with hundreds of domains preventing resource, abuse is critical for its stability.
All standard shared hosting and reseller account, the current limits are as follows:
- CPU: 100%
- EP: 20
- IO: 2048
- PMEM: 1024kb
- NPROC: 100
- IOPS: 1024
This might look like a domain can use 100% CPU but that is a little misleading. The “100%” means 1 core. Most of our servers have 12 or 16 cores. Therefore a 16 core server has 1600% CPU total in CloudLinux terminology. You can use 1 core of those 16. If you hit 100% of that one core CloudLinux will slow your site down until its usage is below 100%. Hitting this limit will not cause your site to display any error message.
EP stands for “Entry Processes”. This is the number of concurrent Apache connections your site can sustain. Don’t confuse this with total number of connections – that could easily be in the hundreds or even thousands. Concurrent means processes happening at the same time. An easy way to visualize this is 20 visitors all clicking a link at the exact same second. You could have hundreds of visitors on your website but the likelihood of more than a handful doing things simultaneously is very low. Sites that hit this limit are generally getting hit hard by bots and crawlers. If your site hits this limit it will display a “503 Service Temporarily Unavailable” message.
IO standards for Input/Output. This is how hard the drives are working to read and write your data. This limit is set to 2048 which means 2MB/s. With SSD drives in RAID 10 this isn’t a limit we need to be too strict with. We may revise this higher depending on what we see over the next few weeks. If you hit this limit your website will continue to be available, it just functions a bit slower until the usage has dropped.
PMEM means Physical Memory and we have this set globally at 1GB. If you see “VMEM” in your control panel or email notifications it can ignored as VMEM was discontinued in favor of PMEM some years ago. If your website hits its Physical Memory limit it will usually display a “508 Resource Limit Reached” but it can also manifest as “500 Internal Server Error”.
NPROC means Number of Processes. This is the total number of active processes allowed on a domain. These include all services such as HTTPD (website connections), PHP processes, SMTP/IMAP/Sendmail, Cronjobs etc. Once the limit of 100 is reached, no new process can be spawned until another one ends. Hitting this limit generally results with Apache 500 or 503 errors.
Literally Input/Output per second. The IOPS limit restricts the total number of read/write operations per second. We set this at 1024 which is the recommended setting on Linux file systems. I have never seen a website on shared hosting exceed this limit. If a website nears this limit in any shape or form it will hit another of CloudLinux’s limits first. If the limit is reached the read/write operations simply go into a “wait” state, essentially waiting in a queue for one the operation in front of it to end. On a busy site this would manifest as slow page loading.
CloudLinux Limits Notification
If you hit one of the CloudLinux limits you will receive an email to the address you have listed in Plesk. It is very important to keep this email address up to date so you can understand what is happening with your site(s).