This is a first stab at a guide to preparing a minimalist web server running on Gentoo Linux, ideal for a small VPS. Don’t follow these instructions unless you know what you’re doing, ’cause I’m not sure I do. 
(Apologies for the lack of updates; I’ve been busy playing with this Gentoo web server amongst other things.)
This is a draft. Comments, suggestions, corrections, improvements are very much welcome!
These instructions assume that you start off with a completed Gentoo Stage3 installation. Each step has been tested on a 256MB VPS slice from Slicehost, but YMMV.
- Open /etc/make.conf for editing
nano /etc/make.conf
Use CFLAGS, CHOST, CXXFLAGS values from the Safe Cflags page of the Gentoo Wiki.
For a VPS on Slicehost, I used the settings for 22xx Dual-Core Opteron (AMD).CFLAGS="-march=opteron -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CXXFLAGS="${CFLAGS}"
Set MAKEOPTS to the number of processors your server has plus one. For the twin dual-core Opteron servers at Slicehost, I chose:
MAKEOPTS="-j5"I’m actually unsure if “-j5″ is a good setting for small VPS’s like mine with only 256MB RAM (or less). When compiling large packages, might disk swapping caused by the multiple spawns of GCC sucking up memory offset the performance improvement?
Use the appropriate keyword for your server:
ACCEPT_KEYWORDS="amd64"I’d use “~amd64″ if I wanted to install more up-to-date but less well-tested packages. A better method is to use /etc/portage/package.keywords to set the unstable keyword for specific packages rather than using the global unstable flag.
Set the features setting:
FEATURES="parallel-fetch"This makes Portage fetch files while compiling to save time. (source)
Set your USE flags:
USE=" -* glibc-omitfp minimal mmx nptl nptlonly pam sse sse2 zlib "“-*” disables all USE flags, but the flags that follow it are honored. I believe these are good default/global USE flags for a bare-bones minimalistic system. All other flags will be controlled with package-specific flags in /etc/portage/package.use . Always use the -a (–ask) or -p (–pretend) and -v (–verbose) parameters when emerging to check the available and enabled/disabled USE flags for a package.
Set the PORTAGE_RSYNC_EXTRA_OPTS settings to point to a file containing the Portage categories you want to exclude.
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"Read on for what to put in /etc/portage/rsync_excludes (source)
Set your desired language(s).
LINGUAS="en"Save and close /etc/make.conf (CTRL-X, Y)
- Use mirrorselect to choose the 3 fastest Gentoo mirrors for your server:
mirrorselect -s5 -b10 -o -D >> /etc/make.conf
This downloads a 100k file from each server to determine the download speeds. (source) You might have to comment out the previous line with the GENTOO_MIRRORS setting.
- Set your package-specific USE flags.
Open /etc/portage/package.use
These are my package-specific flags:dev-db/mysql -* dev-lang/php -* cgi curl discard-path force-cgi-redirect threads bzip2 crypt ctype ftp gd hash mysql mysqli pcre posix session simplexml spl tokenizer xml xmlreader xmlwriter zip-external zlib net-misc/openssh -* chroot hpn pam www-servers/lighttpd -* fastcgi minimal www-servers/nginx -* fastcgi pcre zlib
Save and close /etc/portage/package.use
- Exclude unnecessary Portage categories to save disk space, bandwidth, time
Create, open /etc/portage/rsync_excludesMy file consists of the following, my excluded categories. See here for more details.
app-cdr/ app-emacs/ app-laptop/ app-mobilephone/ app-pda/ app-xemacs/ games-*/ gnome-*/ kde-*/ media-fonts/ media-gfx/ media-plugins/ media-radio/ media-sound/ media-tv/ media-video/ rox-*/ sci-*/ x11-*/ xfce-*/
- Setting locales for glibc to avoid hundreds unnecessary locales.
Open /etc/locale.gen
Uncomment the locales you need and leave the rest commented, or paste in your desired locales. You can find the list of valid combinations in the file /usr/share/i18n/SUPPORTED. (source) For example:en_US ISO-8859-1 en_US.UTF-8 UTF-8 #ja_JP.EUC-JP EUC-JP #ja_JP.UTF-8 UTF-8 #ja_JP EUC-JP #en_HK ISO-8859-1 #en_PH ISO-8859-1 #de_DE ISO-8859-1 #de_DE@euro ISO-8859-15 #es_MX ISO-8859-1 #fa_IR UTF-8 #fr_FR ISO-8859-1 #fr_FR@euro ISO-8859-15 #it_IT ISO-8859-1
- Clear out the local Portage tree in preparation of a fresh “emerge sync”. A quick way to do this is to run the following commands: (source)
cd /usr/portage rm -rf a* dev-* g* k* m* n* perl-* r* sci-* sec-* sys-* w* x*
Note that you shouldn’t just rm -rf * because it also deletes the profiles directory. It will also delete the distfiles (where portage stores downloaded files) and packages (where Portage stores binary packages you’ve created with –buildpkg) directories.
- Update your local Portage tree, AKA emerge sync.
emerge --sync - Install CCache to speed up future compilations at the expense of disk space. You can use CCache until your system configuration is complete and then remove it and the cache to recover the disk space.
- Install Deltup to make Portage download patches containing the changes between old and new versions of packages, instead of entire packages. This can save bandwidth and disk space.
- Now it’s time to update your whole Gentoo system to your new USE flags (and update packages to the latest version at the same time). Go grab lunch.
(source)
emerge -va --update --deep --newuse world
- Next, run Portage’s depclean to remove the conditional dependencies that were emerged on your “old” system but that have been obsoleted by the new USE flags. (source)
emerge -va --depclean
- When depclean has finished, run revdep-rebuild to rebuild the applications that are dynamically linked against shared objects provided by possibly removed packages. revdep-rebuild is part of the gentoolkit package; “emerge gentoolkit” first if necessary. (source)
revdep-rebuild
- Replace OpenSSH with Dropbear to save memory. See this review of Dropbear.
emerge -va dropbear rc-config delete sshd rc-config add dropbear /etc/init.d/sshd stop /etc/init.d/dropbear start
If you want to use SFTP to transfer files, don’t remove sshd (OpenSSH) since Dropbear doesn’t support SFTP without sshd’s SFTP module. If you use SCP, then you can remove OpenSSH and use Dropbear stand-alone. See this comparison of SFTP and SCP.
- Setup a user account so you don’t bork your whole system running around as root.
useradd -m -G users,wheel -s /bin/bash myuser passwd myuser
- Install sudo and give myuser permission to sudo.
emerge -va app-admin/sudo nano /etc/sudoers FIND: root ALL=(ALL) ALL ADD below: myuser ALL=(ALL) ALL
- Logout and login again as myuser. From this point onwards, commands that require root access (like the ones above) should be preceded by “sudo”.
Now you should have a lean and mean base Gentoo system. Next up: install and configure servers and engines that power your web applications. To be continued…
If you liked this post, please subscribe to my feed. Thanks for visiting!
hi,
are you sure about the -j5 makeopts? it seems that letting it to -j2 on my 1024 slice allows to use up to 350% of the cpu while making a deep world update. puttin to -j5 makes me use “only” 95% of the cpu (as far as the statistics in the slice admin can tell)
The rule of thumb for MAKEOPTS is j(NUMBER OF CPU THREADS) + 1;