Question

Noob question. Should I create separate droplets for each website?

What would be best? A single droplet with high specs containing 4-6 websites? Or 6 droplets (1 for each)?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
December 29, 2023
Accepted Answer

Hello,

Great question! When considering hosting multiple domains on DigitalOcean, it’s also crucial to factor in the security implications. Let’s delve into this aspect along with the previously discussed topics.

No Hard Limits on Domains: Indeed, DigitalOcean allows you to host any number of domains on a single Droplet. This flexibility is one of the many advantages of their cloud infrastructure.

Understanding Resource Constraints: As mentioned earlier, each Droplet has limited CPU, RAM, and storage. Hosting multiple websites means these resources are shared, which can impact performance, especially if one site experiences high traffic or a resource-intensive process.

Security Considerations: When hosting multiple domains on a single Droplet, there’s an added dimension to consider: security. If one of the sites gets compromised (e.g., through a hack or a DDoS attack), it could potentially affect the other sites hosted on the same Droplet. Here’s why:

  • Shared Resources and Environment: Since all the sites share the same server environment, a security breach in one site could expose others to risks like data theft, malware spread, or additional attacks.
  • Maintenance and Updates: Keeping all sites secure requires diligent maintenance. A vulnerability in one site could be an entry point for attackers to the whole server.

Isolation Strategy: For enhanced security, especially when dealing with high-traffic or sensitive websites, consider using separate Droplets for each domain. This isolation approach offers several advantages:

  • If one site is compromised, the others remain unaffected since they are on different servers.
  • Each site can have resources tailored to its specific needs, improving performance.
  • Managing security updates and configurations can be more straightforward when sites are isolated.

Setting Up Virtual Hosts: To host multiple domains, you’ll be setting up what’s known as virtual hosts. This is where you configure your web server to serve different content based on the requested domain name.

  • Apache Example: In Apache, this is done through the <VirtualHost> directive in the configuration files. You specify the domain name and document root for each site. It looks something like this:

    <VirtualHost *:80>
        ServerName example.com
        DocumentRoot /var/www/example
    </VirtualHost>
    

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-20-04

  • Nginx Example: With Nginx, you use the server block. You’ll define a server block for each domain, specifying the server name and the root directory. Here’s a basic example:

    server {
        listen 80;
        server_name example.com;
        root /var/www/example;
    }
    

https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04

While hosting multiple domains on a single Droplet is feasible and resource-efficient, it’s important to weigh the security implications. Isolating domains on separate Droplets can offer greater security and performance customization, albeit at a higher cost. Always assess your needs and the sensitivity of your websites when deciding on your hosting strategy.

I hope this provides a clearer picture of the security considerations in multi-domain hosting!

Best,

Bobby

ABOUT SECURITY ! ! ! ! ! !

No one mentioned, but putting all sites together is 10x increased risk to your business! In case 1 (from all 6 sites) is hacked, then all your other sites are hacked too!

I don’t know if there is a complete solution to separate domains from each-other COMPLETELY. It’s not enough to restrict only sFTP user. Instead, there should be access-jails (which will restrict APACHE PHP process) to have access to upper directory files in server. I am trying to find out if there is any way.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel