Hello, World!
I have been using ETH-Services (website: https://eth-services.de/) for nearly four months now, and I am impressed with the quality of service they provide, especially considering they are a small hosting provider. In today's blog post, I will share my setup, discuss the issues I encountered, and explain how to set up a DDoS-protected VPS on ETH-Services. I also want to give ETH-Services some publication that they very much deserve :)
However, before we dive in, let's get the important stuff out of the way...
# Legal Disclaimer
This post shares my personal experience with ETH-Services and is intended for informational, somewhat educational, and entertainment purposes only.
It is neither sponsored, endorsed, nor affiliated with ETH-Services or any other company mentioned. Any actions you take based on this content are at your own risk and I take no liability regarding any of your consequences. Always back up your data, conduct thorough research, and consult a professional if you are uncertain. Permission for fair-use logo usage (in the image preview) has been confirmed by the ETH-Services owner Lennart Seitz.
I disclaim all liability for any issues that may arise from following the information provided in this blog post.
This blog post is not an advertisement. I genuinely appreciate ETH-Services and believe they deserve more positive recognition.
Now, all of this aside, let's get started on the actual post! :D
# TL;DR
If you don't feel like spending ~15 minutes reading this post in full detail, here's a "too long; didn't read" summary of the whole post:
I share my positive experience with ETH-Services (https://eth-services.de/), a small but reliable hosting provider offering services in Frankfurt, Germany. ETH-Services offers high-performance VPS hosting with DDoS protection, fast network speeds, high-end hardware, and great support. I discuss my 4-month use of ETH-Services, highlighting fast network speeds (up to 8000 Mbps), impressive hardware (AMD EPYC CPUs, SSDs, fast RAM) with benchmarks, and the excellent customer support as well as resilient DDoS protection (via Voxility). The VPS setup process is quick but has some quirks I explain in the post. I recommend using the provider for servers due to its affordability, flexibility, and really solid performance. ETH-Services stands out for its personalized service, high uptime (100% from my experience thus far), and great control over services. Overall, I give it 5 out of 5 stars and recommend it for those seeking a reliable and cost-effective hosting solution, hosted in one of the most impressive, secure, and durable data centres in Europe: NTT data centre 1 in Frankfurt.
If you wish, continue to know all the details, numbers, benchmarks, etc. :)... Or you can skip to # I Recommend! to read my overall review as well.
# What is ETH-Services?
ETH-Services is a small but highly reputable company that offers a range of IT services in the hosting sector, providing services in Frankfurt, Germany.
Their offerings include KVM-based VPS hosting (with Voxility DDoS protection up to 1 Tbit/s), colocation, and IP transit services tailored for both private individuals and commercial clients. ETH-Services has earned a strong reputation for reliability and customer satisfaction, reflected in their impressive 5 out of 5 star rating on Google Reviews (https://www.google.com/maps?cid=8276073780833669092) over the past years of providing quality services.
As evident on their website and listings (shown above), they provide various extraordinary perks for a great price: DDoS protection, affordable prices, SSDs by default, server-grade AMD EPYC™ CPUs, IPv4 (included), IPv6 (/64 routed range or /128), fair-use traffic, 24/7 support through e-mail and ticketing system, and a flexible monthly billing period.
They also provide very fast provisions compared to some other hosting providers: just 120 seconds. From my experience, this is very much true. What's also surprising is that they provide free weekly backups, and quad-weekly (for very critical services) for just 2.99/month!
# ETH-Services is Like... Really Fast
Looking at ETH-Services' technical side, they host their infrastructure in the NTT Frankfurt 1 data centre (later - NTT-FRA1), one of the largest and most advanced data centre facilities in Europe. Located strategically in Frankfurt, this data centre provides excellent connectivity, low latency, and robust network performance.
Myself, I've noticed that my own VPS usually gets between 1000 and 6000 Mbps in both upload and download speeds, for example, currently (under actual network load) I get this:
| Speedtest by Ookla
Server: [...]
ISP: ETH-Services
Idle Latency: 4.68 ms (jitter: 0.05ms, low: 4.55ms, high: 4.71ms)
Download: 8005.28 Mbps (data used: 8.8 GB)
5.22 ms (jitter: 0.60ms, low: 4.45ms, high: 9.14ms)
Upload: 7134.25 Mbps (data used: 6.1 GB)
4.76 ms (jitter: 0.37ms, low: 4.48ms, high: 9.52ms)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/91564b97-92c2-48f2-aa14-07994ba07908
|
This is not even "unusual" for ETH-Services. For instance, one of my older snapshots had similar results: https://www.speedtest.net/result/c/3de62e26-1495-4753-a19b-99467fe6ae73.
Furthermore, unlike other companies in the industry, ETH-Services does not force people into a pay-to-win box to get superb network speeds, although, to be transparent, it is shared and not dedicated, but unless you're a large corporate giant in top 500 - I doubt a little jump around throughout the day will make a huge difference to you.
Moreover, compute isn't much worse either - it's great, actually! Look at these benchmarks even under load:
- CPU speed (
sysbench with 2 threads, while under load):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | CPU speed:
events per second: 2947.73
General statistics:
total time: 10.0005s
total number of events: 29482
Latency (ms):
min: 0.65
avg: 0.68
max: 7.95
95th percentile: 0.72
sum: 19976.98
Threads fairness:
events (avg/stddev): 14741.0000/9.00
execution time (avg/stddev): 9.9885/0.00
|
- RAM speed (
sysbench, max 4G, 1M blocks)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 | Total operations: 4096 (11336.01 per second)
4096.00 MiB transferred (11336.01 MiB/sec)
General statistics:
total time: 0.3602s
total number of events: 4096
Latency (ms):
min: 0.08
avg: 0.09
max: 0.63
95th percentile: 0.10
sum: 358.29
Threads fairness:
events (avg/stddev): 4096.0000/0.00
execution time (avg/stddev): 0.3583/0.00
|
- SSD speed (
iozone with parsing)
| Write Speed:
Average: 1,504,815.07 KB/s
Max: 3,374,151.00 KB/s
Min: 0.00 KB/s
Read Speed:
Average: 3,486,925.56 KB/s
Max: 14,613,561.00 KB/s
Min: 0.00 KB/s
|
Analysing the statistics:
- CPU shows solid performance with nearly 3000 events per second and low latency, ideal for server environments.
- RAM speed of over 11000 MiB per second is excellent, reflecting a fast memory subsystem ideal for heavy workloads.
- SSD delivers outstanding read and write speeds, great for databases and other storage-heavy work.
- These speeds indicate high-end performant hardware, even on a KVM-VPS!
On top of all of that as-is, NTT-FRA1 facility is known for its high security standards, redundant power supplies, advanced cooling systems, efficient energy management, and compliance with international certifications, making it an ideal location for hosting critical IT services. Trusting your data to be safeguarded in this facility will ensure your services are secure, stable, energy-efficient, resilient, and performant.
ETH-Services focuses on delivering personalised, high-quality service, which is what makes it amazing - I am a huge fan. Their staff emphasizes transparency, responsiveness, and technical expertise (especially in resolving networking issues :D, speaking from experience), which has helped them build a very loyal and passionate customer base, including myself.
Last but not least, their panel runs on the WHCMS panel, making it very user-friendly, and allowing for easy customisation as well as management of services. For context, here's a screenshot:
I blurred some stuff out for privacy reasons.
Anyway, talking about the screenshot, the "Debian" icon is actually a little misleading, because that's what I chose on the initial install, not what I currently run.
Personally, I have installed a custom operating system (Alpine Linux) on the server to save on resources using their pre-shipped netboot.xyz image.
Outside of the flexible netboot image, they provide support for many operating systems and images by default: Alpine, Clonezilla, Debian (auto-install), Windows Server, GParted, GRML, Mikrotik, OpenSUSE, OPNsense, Proxmox-Mail-Gateway, FreePBX, Ubuntu (auto-install), AlmaLinux (auto-install), and Rocky Linux (auto-install).
Most of these images are available in Settings -> VPS configuration -> ISO for secondary CDROM in your server page, although not all of them come with automatic installation (the auto-install ones you can find in the 'Install' tab)
# It Is Also Very Reliable!
During my 4 months, outside of my own things and scheduled monthly reboots, the uptime has been a solid 100% :D You can even check their status at: https://status.eth-services.de/
And I've been hosting a bunch on my single VPS on there. It's been very fast and great, faced zero issues regarding the hardware itself, and I am honestly impressed how much they can handle - that is due to their powerful hardware.
For more context, the services I host/hosted include: XMPP (Prosody), Matrix (Dendrite) (R.I.P.), Forgejo (and Forgejo CI), Email (+ a bunch of other email-centric things in the very rich Mailcow suite), Roundcube webmail, SchildiChat and Cinny Matrix web clients (R.I.P.), PocketBase (+ MariaDB, + PostgreSQL), Nextcloud, a bunch of other custom Python apps... I am insanely happy with how ETH-Services is able to handle all of this load REALLY well. Their high-performance hardware and network transit is perfect for getting the most out of your Euro.
# VPS setup
As mentioned, ETH-Services at the moment is a small hosting provider, so if they happen to be out of stock, you'll just need to wait it out. Fortunately, they do not oversell their resources, which is a big plus! :D
The VPS setup process is generally quick, though it does have a few quirks. For example, when setting up a Gianfar server at https://panel.eth-services.de/cart.php?a=confproduct&i=0, you will encounter the following screen:
The specification details say:
| the small powerhouse
4VCore
8GB RAM
80GB SSD
1x IPv4
IPv6 /128 or /64
Fair-Use Traffic (~2TB/monthly)
24/7 Support via E-Mail and Ticket
monthly recurring
|
Let's start from here.
- Firstly, if the hardware is not enough for you, you could try to contact support and see if anything could be worked out :) - the support is amazing.
- The 4 cores is enough for most personal servers honestly. They are powerful. I don't think you'll ever really need more.
- For SSDs, you may want to set up SSD compression if the storage is not enough. On Alpine, for example, you can use Btrfs to enable on-the-fly ZSTD compression at cost of a bit CPU time: https://wiki.alpinelinux.org/wiki/Btrfs
- Despite the specifications saying that there is only 1x IPv4, you can request an extra IPv4, which costs extra 2.38 euro a month + a 5 euro setup fee.
- Regarding IPv6, you have two options, both of which are free and come at no extra cost (I don't truly know what the "switched /128" is, since I never used it, but I believe it is what I am describing; correct me if I'm wrong):
- A switched /128 on IPv6: single IPv6 address with limited IPv6 features, forced routing.
- I believe that the /128 option is for individual hosts or interfaces, not for subnets. I think that is is not suitable for general network segments where multiple devices need to communicate directly.
- A routed /64 subnet (what I chose): 264 addresses (large address space), general subnets, fully supported autoconfiguration through SLAAC, neighbour discovery, local traffic does not require routing, and assigns a prefix in use for multiple hosts.
- /64 is the standard subnet size for IPv6 networks, enabling full IPv6 features for local communication, autoconfiguration, and neighbour discovery. I chose a /64 because that's what I had before and it sounded like the best option anyway, but a simple
/128 may even be enough!
- Regarding fair-use traffic, while on the "buy" page it says 2 TB/month, on the panel it says 5 TB/month. I presume that 5 TB is the hard limit, and the 2 TB could be just a soft limit? Unsure, honestly, just speculating: never hit this amount of traffic.
- DDoS protection comes pre-shipped for free and is implicitly included in the price. Traffic is passed through Voxility, which, to my knowledge, provides up to 1 Tbit/s DDoS protection.
Next, after understanding your plan and options, there is a small hiccup. Where it says "NS1 Prefix" and "NS2 Prefix" always enter ns1 and ns2, respectively. I don't know why, but I believe this is just a quirk in how the system works. Don't get confused like I did :)
And the rest will honestly be pretty easy: you will be asked for your information (name, address, e-mail, payment details, phone number), then you will be soon-set-to-go in 2 minutes! I would also recommend you to set up two-factor-authentication on your account after you log in, for extra security.
# Support
ETH-Services support is not always instant, however, the staff are as fast as possible and make the most of the resources they have. In fact, from my experience they are very responsive and provide helpful support, with the response time usually being under hour!
If you ever face any issues or just have questions, they always welcome your tickets on the ETH-Services panel or on e-mail: support["at&t" without the "&t"]eth-services.de.
# Post-Setup & Custom OS
After a default installation setup (the "install" tab or order page: Debian, Ubuntu, AlmaLinux, or Rocky Linux), all software and configurations will be automatically installed so you do not need to do much in that regard. Do still read # System Admin Things, since it applies for even non-custom OS.
Nevertheless, if you so choose to install a custom OS from the "secondary CDROM" setting, you will need to do a few things to ensure your VPS networking and management is at its best:
- Install the OS through VNC. The default install is automatic (so no need to connect to anything), but non-default will require you to connect through VNC to finish the installation.
- After installation, boot the OS and SSH into it.
- Then, set up networking, similarly to how I have done in my Alpine Linux installation in
/etc/network/interfaces:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 45.86.125.63
netmask 255.255.255.128
gateway 45.86.125.1
iface eth0 inet6 static
address 2a0c:8900:2:b6c6:0000:0000:0000:0001
netmask 64
gateway 2a0c:8900:1::1
autoconf 0
|
- Don't forget to also install
qemu-guest-agent or alike (optional). This will help you see accurate statistics and manage the VPS on the panel, and, during any maintenance, if you have that agent installed, a clean shutdown will be guaranteed, rather than just force-kill. - That's it!
# System Admin Things
Regarding more general post-setup, I had also secured my server a little. Although, this is not exclusive to custom OSes:
- Changed root password from the command line so it never goes through HTTPS or the ETH-Services system.
- Set up zRAM: https://wiki.alpinelinux.org/wiki/Zram
- Set up swap (with low priority): https://wiki.alpinelinux.org/wiki/Swap
| ... none swap sw,pri=1 0 0
|
- Set up firewalls: https://wiki.alpinelinux.org/wiki/Fail2ban and https://wiki.alpinelinux.org/wiki/Uncomplicated_Firewall
- Set up firewall rules: fail2ban stuff +
ufw rules, such as:
| ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw enable
ufw allow in on lo
ufw allow out on lo
ufw allow out on eth0
ufw limit 22/tcp
ufw allow ... ports ...
|
Obviously, don't forget to enable IPv6 in your UFW at /etc/ufw/ufw.conf by adding:
And enabling UFW by ufw enable and rc-update add ufw to start it on boot.
- Set up
/etc/sysctl.conf for best server configuration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29 | # content of this file will override /etc/sysctl.d/*
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_fin_timeout=15
fs.file-max=2097152
vm.dirty_ratio=10
vm.dirty_background_ratio=5
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.ip_forward=0
# vm.nr_hugepages=0
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=4096
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_rfc1337=1
# net.netfilter.nf_conntrack_tcp_timeout_syn_recv=30
net.ipv6.conf.all.forwarding=0
net.ipv6.conf.default.forwarding=0
vm.swappiness=30
# vm.oom_kill_allocating_task=1
vm.dirty_expire_centisecs=1500
vm.dirty_writeback_centisecs=1500
vm.vfs_cache_pressure=50
# vm.overcommit_memory=2
vm.overcommit_memory=1
vm.oom_kill_allocating_task=0
# end
|
After changing the configuration file, I applied it using sysctl -p.
- Reset my host SSH keys by:
| rm /etc/ssh/ssh_host_*
ssh-keygen -A
rc-service sshd restart
|
- Hardened my SSH configuration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54 | Include /etc/ssh/sshd_config.d/*.conf
Port ...
AddressFamily any
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin yes
MaxAuthTries 3
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PrintMotd no
TCPKeepAlive no
ClientAliveCountMax 2
UseDNS no
Banner /etc/issue
AcceptEnv none
Subsystem sftp /usr/lib/openssh/sftp-server
ChallengeResponseAuthentication no
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AuthenticationMethods publickey
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
AllowUsers ...
|
And I also ensured to change the port to reduce the attack surface. On the client-side I therefore enforce:
| ServerAliveInterval 60
HashKnownHosts yes
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Host "ari.lt"
Hostname "ari.lt"
Port ...
|
- Configured my
/etc/resolv.conf:
| search mail.ari.lt
nameserver 2.58.52.135
nameserver 2.58.52.155
|
- Set up
dcron for maintenance jobs: https://wiki.alpinelinux.org/wiki/Cron#dcron - With
dcron I ensured auto-updates were set up by making it run apk upgrade --update daily. - Also set up
logrotate to rotate all logs weekly to monthly at /etc/periodic/daily/logrotate:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | #!/bin/sh
if [ -f /etc/conf.d/logrotate ]; then
. /etc/conf.d/logrotate
fi
if [ -x /usr/bin/cpulimit ] && [ -n "$CPULIMIT" ]; then
_cpulimit="/usr/bin/cpulimit --limit=$CPULIMIT"
fi
$_cpulimit /usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
|
- I ensured system logging as well for the lack of
journald: https://wiki.alpinelinux.org/wiki/Syslog - Made all my services into OpenRC init scripts at
/etc/init.d/... using the OpenRC supervisor, so on crash it restarts the service, avoiding downtime (https://wiki.gentoo.org/wiki/OpenRC/supervise-daemon) - Having all the logs, wrote a bunch of
fail2ban rules to watch them, and also enabled relevant pre-shipped ones. I have enabled/written rules such as: sshd, nginx, php, prosody (XMPP), ufw, forgejo, nextcloud, and alike to ban abusive IPs and protect myself from abuse. - Other sysadmin tasks... There's a lot that goes into this!
# I Recommend!
So... Overall review?
For me, ETH-Services is a truly exceptional hosting provider that enables me to do things other providers simply don't allow just by giving me great control and high-availability.
Their focus on delivering high-performance, affordable, and highly available products - with a personal touch - makes ETH-Services stand out as a shining star among corporate hosting providers. I give them 5 out of 5 stars and would highly recommend their services!
I am extremely satisfied with the level of control they offer, impressed by their robust DDoS protection and great support, and delighted with the hardware and network performance. Overall, being a client of such a flexible and reliable hosting provider is a breath of fresh air.
I don't have the words to describe how good this hosting provider is. Everything has been so smooth so far, it's insane :D
# Thank You :)
Thanks for reading!
I'm happy that I could share information about this affordable, high-performance, and very competitive (truly, I don't think I could name a single hosting provider that could compete well with how great ETH-Services is, in this price range) hosting provider.
I truly do hope that some of you consider it using it for your personal, or even corporate projects! psst, ETH-Services on lowendtalk when...
'til next time