Terms and Concepts of Webhosting You need to Know: Part 3 (CDN, CMS, Security and Backup)

Part 3 of a Multipart post about concepts of Webhosting and Internet.

Terms and Concepts of Webhosting You need to Know: Part 3 (CDN, CMS, Security and Backup)
Concepts of webhosting Part 3

Hi, welcome to The TechWeirdo, and this the the final part of my series "Terms and Concepts of Webhosting" which is an introductory post to Webhosting for beginners. In the previous 2 posts, I talked about setting up servers and pointing the domain name to the server IP with DNS. And today, I am going to talk about CDNs, CMS, and some security measures and disaster recovery. Let's dive in.

CDN (Content Delivery Network)

So, I already talked about how computers are connected to the internet and how server computers serve your website to the user's device. Now, this exchange of data is fast, but many times not fast enough. Internet travels at the speed of light (mostly as light pulses inside optical fibers). It is fast, but Earth is a big planet, and light takes a noticeable amount of time to travel from one part to the opposite part of the wall. Which ranges in between a few hundred milliseconds.

Our internet consists of multiple requests that travel at the speed of light. So your mobile sends a signal to the server, and then the server responds back to the signal. This time taken for this two-way communication is known as latency. Also, you can understand that this latency depends on the speed of light, and is directly proportional to the physical distance between the user and the server.

Every webpage needs multiple (3 to establish a secure connection) round-trips to even start loading, and after it starts loading it usually has to make multiple requests to load the whole page. The point is a difference between a 10 ms latency and 200 ms latency (our reaction time usually hovers around 300 ms) may not seem that bad, but the point is this difference gets multiplied for website loading.

TTFB: TTFB or time to the first byte is a metric that tells you how fast a website starts loading. From the time you start loading a site till it sends the first piece of data to your browser is known as TTFB. It depends on mostly 2 things, how fast your server is (high server load increases ttfb) and the latency (physical distance) between the server and the user.

What is a CDN

At its core, a CDN is a network of servers linked together with the goal of delivering content as quickly, cheaply, and reliably as possible. In order to improve speed and connectivity, a CDN will place servers at the exchange points between different networks, and put servers in 100s of locations.

CDN Illustration
CDN Illustration

These locations are where different Internet service providers connect in order to provide access to traffic originating on their different networks. By having a connection to these high-speed and highly interconnected locations, a CDN provider is able to reduce costs and transit times in high-speed data delivery. Also, it distributes the load between multiple servers.

Let's take the example of This blog itself (TechWeirdo.net). I host this blog on a pretty decent free server from Oracle Cloud in Amsterdam. But my audience is global, ranging from the US, UK, AU, CN, South Asia, and India.

Without a CDN my TTFB during no load on the server in Europe is about 150 - 200 ms, in the US 400 - 500 ms, and in APAC about 1.2 seconds. (Latency from India, APAC to AMS is about 130 ms).

TTFB at APAC region without CDN
TTFB at APAC region without CDN

Benefits of CDN (My real-life examples)

Now let's put a CDN in front of this blog. I am using Bunny CDN because it is cheap (1 USD/month) and very good, but any CDN will do. Bunny has around 120+ points of presence across the globe. PoPs are server locations. So with some catching techniques (blog coming soon), I serve my blog through all those 120+ locations. Let's explain a bit. When someone visits my blog, the user connects to a CDN server. That server then fetches my website from my server and serves the user, also stores a copy (cached copy) of my website to itself, so that the next time someone visits my site, that cdn server directly serves the cached copy of my website to the visitor without visiting my actual server. So here is how a CDN location map looks and the effect of CDN on the TTFB.

It reduce TTFB from 1.2 seconds to under 50 Milliseconds massively reducing the load time of my website.
PoPs of bunny CDN
PoPs of bunny CDN
TTFB boost I got from a CDN
TTFB boost I got from a CDN (Reduced performance in Iran, Israel due to war, at the time of writing 😔)

So from the above example, one benefit of CDN should be very clear to you now. There is another benefit. I also performed load testing on my blog with multiple blogs loading different pages of my site. I will write a different post in detail about that, but here are the findings in short.

At the peak load, my I achieved 17,000 page views in a minute. Served 14 GB of data, at a peak speed of 1.9 Gbps. And my blog's page load time was unaffected at 1.2 second total. Without a CDN my server was able to achieve around 1000 page views in a minute, at 175 Mbps peak speed and a page load time of 17 seconds which is unusable. The point is CDN massively reduces load on your origin server too.

Hopefully, you now have a better idea of what a CDN does, and why you should use one. If you want to read more I recommend you to read this blog from Cloudflare. I will also write, best ways to use CDNs with different types of web hostings and with different CDNs, so subscribe to the free newsletter to get a notification in your inbox when I do. Let's move on to the next thing: CMS and Control Panels.

Content Management System and Control Panel

For the most part of this series, I have talked about the hardware and networking side of web hosting. But without software there is nothing. In Webhosting you mostly need to know about two software (well there are many) one is the control panel and the other is CMS.

Control Panels

Control panels are specialized software that lets you easily manage your server. Install website run Webserver software and reverse proxies etc. You can easily do everything you want without a control panel software, but in my opinion, they make your life much easier. If you buy a managed hosting you will probably get a Control Panel from that company, mostly it is cPanel or Plesk. Hostinger offers a cPanel clone hPanel. But they cost you money, and I don't like spending much.

For you, I recommend two free software CloudPanel and Hestia Control Panel. Hestia is good for low-power VPS. CloudPanel is much more modern and easier to use. For my use cases, I almost always use CloudPanel. What you can do with software like CloudPanel? Well, for me I enjoyed the one-click deployment features for WordPress, for Reverse Proxies, etc. So yes, I recommend you to deploy CloudPanel in a VPS and make it a powerful Webserver, I will also write a guide. Here is a demo of CloudPanel.

CMS (Content Management Software)

You are probably already aware of the name of a CMS, yes, WordPress is a CMS. And there are many more. In short, a CMS is a complete suite of software, where you design, write content, and insert data, and those are served as a website. Like I am writing this post in the writing interface of Ghost CMS and you are reading that post on my website. There are many CMSs but every CMS has some different purpose.

The most widely used CMS is WordPress (>43% of all websites) but its share is decreasing slowly. There are now multiple easy-to-use drag-and-drop Website builders like Wix, Squarespace, Webflow, etc. For a blogging website, Ghost CMS is fantastic (this blog is built with Ghost). And there are many more like Drupal, Prestashop, Shopify, Hubspot, Adobe Enterprise Cloud, to name a few.

Fun Fact: Many large Websites use Adobe (they cost a lot), for example Spacex, Tesla, CNBC, Cars.com, BuzzFeed. CDC.gov, Nike, nytimes, CNET. And many big sites also use WordPress. Some examples are NASA, TechCrunch, Forbes and The Verge. Some big companies like Mozilla, Ecosia, Unplash uses Ghost for their blogs.
Popular CMSs
Popular CMSs

For a beginner though my recommendations are few, if you don't want to learn anything and painlessly build a site for your brand go with Wix or Squarespace. For a blog though I would highly recommend Ghost CMS. And for online shops just use Shopify. But if you are willing to learn a bit, the recommendation for a brand site changes to WordPress. For blogs, you can self-host Ghost easily even for free, or you may use WordPress. For a shop use Shopify.

So that would be my overall overview of CMS and Control Panels, hope it helps in your decision. Now let's talk about Security, backup, and disaster recovery readiness.

Security and Backup

Time is money, ar I should say, uptime is money in the field of hosting. You don't want your visitors to see a service not reachable page ever. Well, it is server and server breaks, so you can not get 100% uptime, but you can run for a 99.9999% uptime goal. And this achievement comes with proper security and backup.

Security:

Securing online stuff has two fronts securing your accounts i.e. personal security and Securing the server. Full disclosure, I am not a security expert, but I personally follow these steps to harden my security, and I believe these are some good practices.

Personal Security:

Always secure your accounts, from the control panel accounts to your hosting/ VPS provider accounts, to your CDN accounts, everywhere security is a must. Use a strong password, something you won't be able to remember, never repeat the same password. Yes, something that hard. Use a password manager. I prefer to use Bitwarden (Because free and open source, I don't self-host password manager - I don't have that much risk appetite). Also always use two-factor authentication (2FA). Avoid SMS-based 2FA, instead use physical keys, or TOTP apps like Ente Auth or Google authenticator. You don't want any account to get compromised.

Server security:

If you are self-hosting then you also have to keep this in mind, i.e. keep your servers secure. Some best practices I follow are, keeping the software and OS up-to-date. Block all unnecessary ports in your firewall, you may also want to block your SSH port, and instead use tailscale to ssh into your servers (will write a post later too).

Web Application Firewall and DDOS protection:

You also want to protect your online services from malicious attackers. And DDOS protection and WAF are very helpful in many aspects. Most CDNs provide DDoS protection. Cloudflare and Bunny offer DDoS protection for free. And yes, DDoS happens on small sites too. I remember the day I launched MedBlogs.org a WordPress blog of mine, it got DDoSed. I had to put it behind Cloudflare after that, and never played with the security of my servers.

I got ddosed
I got ddosed

WAF on the other hand depends on the software you are running, for examle WordPress is pretty insecure, but Ghost is much more secure. You can do WAF on your server itself, or you can do that on a separate server in front of your main server. The second approach is faster, but costly, provided by many CDNs like Cloudflare. Cloudflare offers basic WAF for free(which is plenty). But some advanced stuff costs money though.

Also, try bypassing your traffic through reverse proxies, to hide your origin server IP address. CDNs do that, but you need to set up that properly. I proxy my site through Bunny, although Cloudflare is the most popular and most used reverse proxy, basically, you have to proxy your site to use Cloudflare with it. These things are important.

Backup and Disaster recovery

Again these things come with paid managed hostings, but for self-hosted things, you must have a proper backup and Disaster recovery protocol.

Monitoring

Now the first step is setting up monitoring, I use Uptime-Kuma an awesome self-hosted solution that constantly monitors my servers, website, CDNs, etc. If anything goes down I get an email and telegram notification within 20 seconds. You can also use a service like UptimeRobot (which is free) that monitors your online infra in 5-minute intervals.

Uptime kuma dashboard
Uptime kuma dashboard

Backup the Drive

When you self-host, you attach a boot drive, and all cloud providers offer some kind of solution to backup your drive. Things happen, knowingly or unknowingly, humans make mistakes, and the machine breaks down. So there is always a chance of something going wrong. If you do an intermittent backup of your drive, you can have a starting point and an option to revert the changes easily, like completing a level in video games, and not worrying about starting it from level 1 again, every time.

Reserve the IP address

In the previous post, I talked about IP addresses. Where I talked about static IPs and servers getting static IPs, but you actually should go a step further, and reserve the static IP under your name. So that, if you for some reason need to destroy the current VPS and spin up a new one, you can just reattach the backend up boot drive and the IP address and you are ready to go within minutes. And believe me, it saves you more often than you realize.

A real-life example of disaster recovery for me and redundancy

You can call me unlucky, maybe I am, I faced ddos, twice, and also faced a server hardware failure, and it was a critical one for me. I was running uptime Kuma and VPN on a server. The VPN was rerouting all my home traffic through that vps, for adblocking with Pihole. ( Will write a post about it). So basically my entire home internet was dependent on that vps, and it was also the monitoring server.

Who knew, a VPS could fail? Well, I didn't know at that time for sure. And one fine morning, I found my whole home internet is down. And I was my server. But the recovery was easy because of the above backup measures. The VM failed, but there was backup of the drive, and the IP was reserved. I just spinned up another VM, attached the drive and the IP and within minutes everything went normal.

After that, I now maintain, 3 VPS with 2 cloud provider for that VPN service and monitoring services, so that there is always failover. I will also probably write a post about this crazy stuff later.

So the point is be secured, keep backup, and have a protocol for disaster recovery, it runs behind the scene but gives a great peace of mind.

Conclusion

Anyways it is time to conclude this massive beginner's guide to Webhosting. I tried to cover all the important stuffs, you as a webhosters need to know. I just hope all the terms and concepts now feel easy, and you can easily under most things you need to know at first. Of course, this is not all, rather it was just scratching the surface. There are many more complex things to the web, which is beyond the limit of this discussion. But if you feel like, I have missed something please comment down below. Also let me know how the writing was, whether you liked it or not. Thanks for reading The TechWeirdo, and have a very nice day, I hope we will meet again soon.