i find myself breaking things far too often. maybe i’ve broken a lot more than i wanted to.

i’m a software engineer gone cyber security geek. i love to pentest, code, and break things… not in that order. i also game from time to time. stick around, you may like my content.

tech – tips – reviews – gaming

a developer gone cyber security geek

The Geek Bin

Plesk: I’m impressed.

As you may or may not know, I’ve been running this blog’s server using Plesk Onyx (now, Obsidian). It’s stable, it’s fast and I’ve seen a dramatic performance increase from the new setup. In my fleet, I’ve got four web servers, of which Plesk is the last webserver (aptly named, web04-plesk).

When this blog and my previous blog (before rebranding to “The Geek Bin”) started, I ran it on the first web server, a basic Debian 9 “stretch” installation with apache2, mariadb (and postgresql later on), php 7. It was barebones to get the job done intentionally. That server is still hanging around and is now used as the staging server for my wife and I’s blogs.

The next web server “web02” is the exact same setup, however, runs services like Inventory Management (for keeping track of everything we own), Recipe management, and a vanilla-powered forum which is more often used as a station to dump notes on the go and during pentests, it’s locked down by invite-only and nothing is public.

The third web server “web03” turned into “jellyfin-media”, which runs my Jellyfin & Plex (soon) & Sonarr & Jackett (work in progress) for watching shows. Tonight is the night I’m finally fixing Plex and installing it.

Why Plesk?

Given the recent cPanel price increase, and given this is for personal usage only, I ruled cPanel out immediately. Plesk is owned by the same company as cPanel so there’s always a risk factor, but compared to alternatives like DirectAdmin, the UI of Plesk is significantly better, it’s got a better feature set, and things like configuring automated backups take less than 2 minutes with Plesk (with DirectAdmin, I fought for about an hour to get it working properly).

Performance-wise, I compared running this blog in production on both DirectAdmin and Plesk, during the day I switched between the hosts of identical specifications (4 vCPU, 4 GB RAM, 250 GB Storage), and found that when the server was on Plesk it loaded on average 0.43s faster, which isn’t very much faster – but when it comes to TTFB and other optimization metrics this is where I want to be.

Is Plesk worth it?

Yes, it is worth it. It takes a bit of work (<30 minutes) to get Plesk installed from fresh, LetsEncrypt certificate on the server, strong password policy and your site up and running. Plesk Obsidian shipped with ModSecurity, fail2ban among other security tools by default, unlike the previous Onyx version which didn’t.

I personally enabled nginx caching in front of Apache and Modsecurity, which made the performance slightly better, especially on images and static assets (javascript, css) that hardly change.

Given this improvement, I’m anxious to see during the next major traffic spike if it’ll hold up to the tests, the last time I had a huge traffic spike on web01 I received the hug-of-death as the CPU was pinned at 100%. Plesk with 4 vCPUs and 4 GB ram should be able to handle lots more than my initial server did.

I’ll be creating a follow-up post next month as I explore Plesk in-depth and fine-tune it to my needs!

Add Comment