Skip to content

Infrastructure Overview

Architecture Philosophy

MDHosting's infrastructure is designed around the following principles:

  • Reliability First: 99.98% uptime through redundant systems
  • Cost Efficiency: Lean operations without sacrificing quality
  • GDPR Compliance: German-based servers for optimal EU data protection
  • Geographic Distribution: Multi-location presence for resilience
  • Security by Design: Layered security approach with monitoring and hardening

Current Architecture

graph TB
    Internet[Internet]

    subgraph "Hetzner Germany"
        NS1[ns1.mdhosting.co.uk<br/>CX22 - Primary DNS]
        NS2[ns2.mdhosting.co.uk<br/>CX22 - Secondary DNS]
        EU1[eu1.cp<br/>CPX31 - Client Hosting<br/>~30 accounts]
    end

    Internet -->|DNS Queries| NS1
    Internet -->|DNS Queries| NS2
    Internet -->|HTTPS/HTTP| EU1

    EU1 -.->|DNS Updates| NS1
    EU1 -.->|DNS Updates| NS2

    classDef hetzner fill:#3498db,stroke:#2c3e50,stroke-width:2px,color:#fff
    class NS1,NS2,EU1 hetzner

Infrastructure Components

Hosting Layer

Primary Hosting (eu1.cp - Germany) - Serves approximately 30 client accounts - WordPress-focused with e-commerce support - AlmaLinux 8 with cPanel management (AlmaLinux 10 planned for ApisCP migration) - 160GB NVMe storage, 8GB RAM - 20TB monthly bandwidth - Hosts company websites and client sites

DNS Layer

Current Setup: - Two cPanel DNS servers in Germany - Primary/secondary configuration for redundancy - Standard DNS port 53 (TCP/UDP)

Planned Upgrade: - Hidden master PowerDNS architecture - Enhanced security through obscurity - DNSSEC support - API-driven zone management

Control Plane

Current: cPanel/WHM on all servers - Annual cost: £480 - Comprehensive hosting management - Familiar interface for operations

Migration Target: ApisCP - Open source alternative - Eliminates licensing costs - Modern API-first approach - Comparable feature set

Network Topology

Geographic Distribution

Germany (Hetzner)
├── eu1.cp (hosting)
├── ns1 (DNS)
└── ns2 (DNS)

Benefits: - GDPR compliance through EU hosting - Low latency to UK clients - DNS redundancy - Reliable Hetzner infrastructure

Connectivity

  • Primary: Hetzner network backbone
  • Bandwidth: 20TB/month on main hosting
  • Latency: <50ms to major UK cities
  • Redundancy: Multiple DNS servers, multiple hosting locations

Technology Stack

Operating System

  • Current OS: AlmaLinux 8
  • Planned OS: AlmaLinux 10 (new servers for ApisCP migration)
  • Security Updates: Regular patching schedule
  • Firewall: CSF (ConfigServer Security & Firewall)

Web Services

  • Web Server: Apache with nginx (cPanel standard)
  • PHP: Multiple versions supported (7.4, 8.0, 8.1, 8.2, 8.3)
  • Database: MySQL/MariaDB
  • SSL/TLS: Let's Encrypt with AutoSSL

Email Services

  • Mail Server: Exim
  • IMAP/POP3: Dovecot
  • Spam Protection: SpamAssassin
  • Webmail: Roundcube, Horde

Control Panel

  • Current: cPanel/WHM
  • Future: ApisCP (planned migration)
  • DNS Management: cPanel DNS → PowerDNS (planned)

Service Standards

Uptime Targets

Service Target Current
Web Hosting 99.9% 99.98%
DNS Services 99.99% 99.98%
Email Services 99.9% 99.98%

Performance Standards

  • Page Load Time: <3 seconds (WordPress sites)
  • Database Response: <100ms
  • Email Delivery: <5 minutes
  • DNS Propagation: <24 hours

Security Standards

  • SSH key authentication required
  • Non-standard SSH ports
  • Automatic security updates enabled
  • Daily malware scanning (planned with Wazuh)
  • Regular backup verification
  • GDPR-compliant data handling

Capacity Planning

Current Utilisation

eu1.cp (Main Hosting): - Disk: ~40% (64GB used of 160GB) - RAM: ~60% (4.8GB used of 8GB) - CPU: ~20% average load - Accounts: 30 of ~100 capacity

Capacity Headroom: - Can accommodate 2-3x current client base - Storage is primary limiting factor - RAM adequate for current workload

Growth Projections

12-Month Outlook: - Expected account growth: 10-15 new clients - Storage requirements: +30-40GB - No infrastructure expansion required - ApisCP migration provides room for optimization

Planned Evolution

Phase 1: Security Foundation (Q1 2025)

  • Deploy Wazuh security monitoring
  • Complete GDPR compliance documentation
  • Implement enhanced backup verification

Phase 2: DNS Infrastructure (Q2 2025)

  • Deploy PowerDNS hidden master
  • Migrate zones from cPanel DNS
  • Implement DNSSEC

Phase 3: Control Panel Migration (Q2-Q3 2025)

  • Set up ApisCP test environment
  • Migrate internal sites first
  • Phased client migration
  • Eliminate £480 annual cPanel costs

Phase 4: Service Expansion (Q3-Q4 2025)

  • Launch security monitoring service
  • Offer GDPR compliance packages
  • Standalone email hosting
  • Premium backup services

Documentation Roadmap

Current documentation priorities:

  1. ✅ Server inventory
  2. ✅ Infrastructure overview
  3. 🚧 Network architecture details
  4. 🚧 Security monitoring implementation
  5. 🚧 GDPR compliance procedures
  6. 🚧 ApisCP migration plan
  7. ⏳ Client onboarding procedures
  8. ⏳ Backup and recovery procedures
  9. ⏳ Incident response playbook

Legend:
✅ Complete | 🚧 In Progress | ⏳ Planned

For detailed server specifications, see Server Inventory.