CloudLinux Subsystem for Ubuntu® 20.04 Stable Release! 🎉

 

CloudLinux Subsystem for Ubuntu® 20.04 Stable Release


All mentioned in this article trademarks, logos, and copyrights are property of their respective owners and are only mentioned for informative purposes.
** Ubuntu is a registered trademark of Canonical Ltd.


 

Remember when cPanel first announced its support for Ubuntu® in 2022? Well, the collaboration doesn't end there. We're thrilled to announce that after one year of Beta testing CloudLinux OS is releasing a Stable version of a free extension designed exclusively for Ubuntu® 20.04 LTS users. This exciting development means that you can now upgrade your Ubuntu® production server with key CloudLinux OS features without complicated server conversions, OS reinstalls, or migration headaches.

 

The Ultimate Solution for Ubuntu® Hosting

 

The combination of CloudLinux Subsystem for Ubuntu® 20.04 and cPanel represents a notable advancement in the hosting industry. Resource allocation on shared servers has always been a puzzle. Our solution allows you to combine your existing Ubuntu® environment with cPanel and the CloudLinux Subsystem. This combo streamlines user management and boosts server performance.

But there's more. This release addresses the challenges in Ubuntu® hosting, such as resource consumption issues, security vulnerability on shared environments, and secures outdated PHP versions.

 

What kind of limits are available for Ubuntu® right now?

 

There is a broad range of different restrictions that CloudLinux Subsystem users can implement on their Ubuntu® workloads:

  •   SPEED - CPU speed limit, relative to a single core, or specified in HZ (portable across CPUs)
  •   CPU - CPU Limit (smallest of CPU & NCPU is used)                
  •   NCPU - max number of cores (smallest of CPU & NCPU used)
  •   PMEM - physical memory limit (RSS field in ps/RES in top). Also includes shared memory and disk cache  
  •   VMEM - virtual memory limit (VSZ field in ps/VIRT in top)
  •   IO - IO throughput - combines both read & write operations          
  •   IOPS - restricts total number of read/write operations per second.              
  •   NPROC - number of processes within LVE                 
  •   EP - limit on entry processes, i.e. max number of concurrent connections to Apache dynamic scripts as well as SSH and cron jobs running simultaneously.

Furthermore, you can also enable inode limits. LVE Manager inodes limits extension allows setting inode limits for the customers. An inode is a data structure on a file system used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota and will be enabled on /home partition only.

LVE Manager also allows you to set a soft and hard IO limit, where a hard limit prevents a user from writing data to disk and where a soft limit can be exceeded for a period of time. You can set inodes limits using LVE Manager, the same way you would set any other LVE Limits:

Finally, reseller limits – is a feature that allows hosters to limit the resources each reseller can operate. Reseller limits put a restriction on the cumulative resources this reseller and his end-users can use at any given moment in time.

Reseller limits feature also enables hosters to give their resellers control over the end-user’s resources. Resellers can assign limits to their end-users as they want, even if they are higher than the limits assigned to the reseller. The reseller’s end-users will not be limited by the reseller limits unless their cumulative usage goes above the limits the hoster assigned to their reseller.

 

What other features will be available for the CloudLinux Subsystem for Ubuntu®?

 

Apart from Limitation features, Ubuntu® users will also get some  additional features such as:

  • LVE Wrappers - LVE wrappers are the set of tools that allow system administrators to run various users, programs & daemons within Lightweight Virtual Environment, and allows system administrators to have control over system resources such programs can have.
  • CageFS - CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
  • Hardened PHP - HardenedPHP secures old and unsupported versions of PHP. increase customer retention by not forcing upgrades to a newer PHP version.
  • Mod_hostinglimits -  Apache module that detects VirtualHost from which the request came; detects if it was meant for CGI or PHP script; puts Apache process used to serve that request into LVE for the user determined via SuexecUserGroup directive for that virtual host; lets Apache to serve the request; removes Apache process from user's LVE.
  • Symlink owner match protection - protects against symlink attack where attacker tricks Apache web server to read some other user PHP config files, or other sensitive files.
  • Link traversal protection - prevents such attacks by preventing user from creating symlinks and hardlinks to files that they don’t own.
  • Tuned profiles - brings a range of kernel under-the-hood tunings to address high LA, iowait issues that were detected earlier on particular user’s deployments. The package also encloses OOM adjustments to prioritize the elimination of overrun PHP, lsphp, Phusion Passenger workers processes over other processes (e.g. ssh, a cron job).

As you can see it’s a very comprehensive range of features that truly changes Ubuntu® into a professional-grade multi-tenant website hosting OS.

 

Licensing

 

CloudLinux Subsystem for Ubuntu® will employ the same license structure as the traditional CloudLinux OS. We will begin requiring registration with CL OS Shared & CL Shared Pro starting January 1st 2024.

 

Getting started

 

Ready to explore the countless features now available to you? Explore all the functionality of CloudLinux Subsystem for Ubuntu® 20.04 and get your installation instructions here.

 

Get the installation instruction

 

CloudLinux Subsystem for Ubuntu® 20.04 Stable Release! 🎉

 

CloudLinux Subsystem for Ubuntu® 20.04 Stable Release


All mentioned in this article trademarks, logos, and copyrights are property of their respective owners and are only mentioned for informative purposes.
** Ubuntu is a registered trademark of Canonical Ltd.


 

Remember when cPanel first announced its support for Ubuntu® in 2022? Well, the collaboration doesn't end there. We're thrilled to announce that after one year of Beta testing CloudLinux OS is releasing a Stable version of a free extension designed exclusively for Ubuntu® 20.04 LTS users. This exciting development means that you can now upgrade your Ubuntu® production server with key CloudLinux OS features without complicated server conversions, OS reinstalls, or migration headaches.

 

The Ultimate Solution for Ubuntu® Hosting

 

The combination of CloudLinux Subsystem for Ubuntu® 20.04 and cPanel represents a notable advancement in the hosting industry. Resource allocation on shared servers has always been a puzzle. Our solution allows you to combine your existing Ubuntu® environment with cPanel and the CloudLinux Subsystem. This combo streamlines user management and boosts server performance.

But there's more. This release addresses the challenges in Ubuntu® hosting, such as resource consumption issues, security vulnerability on shared environments, and secures outdated PHP versions.

 

What kind of limits are available for Ubuntu® right now?

 

There is a broad range of different restrictions that CloudLinux Subsystem users can implement on their Ubuntu® workloads:

  •   SPEED - CPU speed limit, relative to a single core, or specified in HZ (portable across CPUs)
  •   CPU - CPU Limit (smallest of CPU & NCPU is used)                
  •   NCPU - max number of cores (smallest of CPU & NCPU used)
  •   PMEM - physical memory limit (RSS field in ps/RES in top). Also includes shared memory and disk cache  
  •   VMEM - virtual memory limit (VSZ field in ps/VIRT in top)
  •   IO - IO throughput - combines both read & write operations          
  •   IOPS - restricts total number of read/write operations per second.              
  •   NPROC - number of processes within LVE                 
  •   EP - limit on entry processes, i.e. max number of concurrent connections to Apache dynamic scripts as well as SSH and cron jobs running simultaneously.

Furthermore, you can also enable inode limits. LVE Manager inodes limits extension allows setting inode limits for the customers. An inode is a data structure on a file system used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota and will be enabled on /home partition only.

LVE Manager also allows you to set a soft and hard IO limit, where a hard limit prevents a user from writing data to disk and where a soft limit can be exceeded for a period of time. You can set inodes limits using LVE Manager, the same way you would set any other LVE Limits:

Finally, reseller limits – is a feature that allows hosters to limit the resources each reseller can operate. Reseller limits put a restriction on the cumulative resources this reseller and his end-users can use at any given moment in time.

Reseller limits feature also enables hosters to give their resellers control over the end-user’s resources. Resellers can assign limits to their end-users as they want, even if they are higher than the limits assigned to the reseller. The reseller’s end-users will not be limited by the reseller limits unless their cumulative usage goes above the limits the hoster assigned to their reseller.

 

What other features will be available for the CloudLinux Subsystem for Ubuntu®?

 

Apart from Limitation features, Ubuntu® users will also get some  additional features such as:

  • LVE Wrappers - LVE wrappers are the set of tools that allow system administrators to run various users, programs & daemons within Lightweight Virtual Environment, and allows system administrators to have control over system resources such programs can have.
  • CageFS - CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
  • Hardened PHP - HardenedPHP secures old and unsupported versions of PHP. increase customer retention by not forcing upgrades to a newer PHP version.
  • Mod_hostinglimits -  Apache module that detects VirtualHost from which the request came; detects if it was meant for CGI or PHP script; puts Apache process used to serve that request into LVE for the user determined via SuexecUserGroup directive for that virtual host; lets Apache to serve the request; removes Apache process from user's LVE.
  • Symlink owner match protection - protects against symlink attack where attacker tricks Apache web server to read some other user PHP config files, or other sensitive files.
  • Link traversal protection - prevents such attacks by preventing user from creating symlinks and hardlinks to files that they don’t own.
  • Tuned profiles - brings a range of kernel under-the-hood tunings to address high LA, iowait issues that were detected earlier on particular user’s deployments. The package also encloses OOM adjustments to prioritize the elimination of overrun PHP, lsphp, Phusion Passenger workers processes over other processes (e.g. ssh, a cron job).

As you can see it’s a very comprehensive range of features that truly changes Ubuntu® into a professional-grade multi-tenant website hosting OS.

 

Licensing

 

CloudLinux Subsystem for Ubuntu® will employ the same license structure as the traditional CloudLinux OS. We will begin requiring registration with CL OS Shared & CL Shared Pro starting January 1st 2024.

 

Getting started

 

Ready to explore the countless features now available to you? Explore all the functionality of CloudLinux Subsystem for Ubuntu® 20.04 and get your installation instructions here.

 

Get the installation instruction

 

imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter