Application hosting

# Application Hosting

This article details the server configuration for application hosting within our MediaWiki environment. It is intended for newcomers responsible for server maintenance and expansion. Understanding these configurations is crucial for ensuring the stability and performance of hosted applications.

Overview

We utilize a distributed server architecture to host various applications alongside MediaWiki itself. This approach allows for resource isolation, scalability, and improved fault tolerance. Applications are generally containerized using Docker and orchestrated with Docker Compose, though bare-metal deployments are also supported for specific legacy systems. This document focuses on the underlying server infrastructure and configurations, not the application-specific details. See Server Administration for general server maintenance procedures.

Server Hardware Specifications

Our application hosting servers are built to a standardized specification to simplify management and ensure consistent performance. The following table details the core hardware components:

Component	Specification
CPU	Intel Xeon Gold 6248R (24 cores/48 threads)
RAM	128 GB DDR4 ECC Registered
Storage	2 x 1 TB NVMe SSD (RAID 1) for OS & Applications	4 x 8 TB SATA HDD (RAID 10) for data storage
Network Interface	Dual 10 Gigabit Ethernet
Power Supply	Redundant 800W Platinum

These specifications are subject to change based on application demands and budget constraints. Please consult the Hardware Inventory for the latest details. Regular hardware monitoring is performed using Nagios.

Operating System and Software Stack

All application hosting servers run Ubuntu Server 22.04 LTS. This provides a stable and well-supported base for our applications. The following software is installed as standard:

Software	Version	Purpose
Operating System	Ubuntu Server 22.04 LTS	Base operating system
Docker	24.0.7	Containerization platform
Docker Compose	v2.21.0	Container orchestration
Nginx	1.25.3	Reverse proxy & load balancer
Fail2ban	0.12.0	Intrusion prevention system
UFW	0.36	Firewall

Regular security updates are applied automatically via APT. We also employ a robust logging system using rsyslog to facilitate troubleshooting and security auditing.

Network Configuration

Application servers are segmented into different networks based on security requirements and application function. A dedicated VLAN is used for each application environment (development, staging, production). Nginx acts as a reverse proxy, routing traffic to the appropriate application containers.

The following table outlines the key network parameters:

Parameter	Value
IP Address Range (Production)	192.168.10.0/24
IP Address Range (Staging)	192.168.20.0/24
IP Address Range (Development)	192.168.30.0/24
DNS Server	192.168.1.1 (Internal)
Gateway	192.168.1.254

Access to application servers is restricted via firewall rules managed by UFW. Secure Shell (SSH) access is limited to authorized personnel only, and key-based authentication is enforced. See Network Security for further details.

Security Considerations

Security is paramount. We implement several layers of security to protect our applications and data. These include:

**Firewall:** UFW is configured to allow only necessary traffic.
**Intrusion Detection:** Fail2ban monitors logs for malicious activity and automatically blocks offending IP addresses.
**Regular Security Audits:** We conduct regular security audits to identify and address vulnerabilities. See Security Auditing.
**Container Security:** Docker containers are isolated from the host system and each other, limiting the impact of potential security breaches.
**Least Privilege Principle:** Applications are granted only the permissions they need to function.

Monitoring and Alerting

We utilize Nagios and Grafana to monitor server performance and application health. Alerts are configured to notify administrators of critical issues, such as high CPU usage, low disk space, or application errors. Detailed logs are collected and analyzed using ELK Stack to identify trends and troubleshoot problems. Refer to the Monitoring Guide for detailed instructions on setting up and configuring monitoring tools.

Server Administration
Hardware Inventory
Network Security
Security Auditing
APT
rsyslog
Nagios
Grafana
ELK Stack
Docker
Docker Compose
UFW
Monitoring Guide
Application Deployment Process
Troubleshooting Guide

Category:Server Hardware

Intel-Based Server Configurations

Configuration	Specifications	Benchmark
Core i7-6700K/7700 Server	64 GB DDR4, NVMe SSD 2 x 512 GB	CPU Benchmark: 8046
Core i7-8700 Server	64 GB DDR4, NVMe SSD 2x1 TB	CPU Benchmark: 13124
Core i9-9900K Server	128 GB DDR4, NVMe SSD 2 x 1 TB	CPU Benchmark: 49969
Core i9-13900 Server (64GB)	64 GB RAM, 2x2 TB NVMe SSD
Core i9-13900 Server (128GB)	128 GB RAM, 2x2 TB NVMe SSD
Core i5-13500 Server (64GB)	64 GB RAM, 2x500 GB NVMe SSD
Core i5-13500 Server (128GB)	128 GB RAM, 2x500 GB NVMe SSD
Core i5-13500 Workstation	64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000

AMD-Based Server Configurations

Configuration	Specifications	Benchmark
Ryzen 5 3600 Server	64 GB RAM, 2x480 GB NVMe	CPU Benchmark: 17849
Ryzen 7 7700 Server	64 GB DDR5 RAM, 2x1 TB NVMe	CPU Benchmark: 35224
Ryzen 9 5950X Server	128 GB RAM, 2x4 TB NVMe	CPU Benchmark: 46045
Ryzen 9 7950X Server	128 GB DDR5 ECC, 2x2 TB NVMe	CPU Benchmark: 63561
EPYC 7502P Server (128GB/1TB)	128 GB RAM, 1 TB NVMe	CPU Benchmark: 48021
EPYC 7502P Server (128GB/2TB)	128 GB RAM, 2 TB NVMe	CPU Benchmark: 48021
EPYC 7502P Server (128GB/4TB)	128 GB RAM, 2x2 TB NVMe	CPU Benchmark: 48021
EPYC 7502P Server (256GB/1TB)	256 GB RAM, 1 TB NVMe	CPU Benchmark: 48021
EPYC 7502P Server (256GB/4TB)	256 GB RAM, 2x2 TB NVMe	CPU Benchmark: 48021
EPYC 9454P Server	256 GB RAM, 2x2 TB NVMe

Order Your Dedicated Server

Configure and order

Need Assistance?

Telegram: @powervps Servers at a discounted price

⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️