Hi

I will be hosting my own e-commerce website in the near future, and I will be using the same machine as a small business server (print/ firewall etc) in the slightly more distant future as well. I'm not at all clued up on server admin though, so I am keen to make use of one of the server-specific distros, which offer browser-based UIs to configure the server.

After a short look at each (installing in VBox)I like the feel of Zentyal, which is based on Ubuntu Server 10.04 LTS. But I have often read critical posts about Ubuntu, saying that it isn't very stable, and 10.04 does seems quite 'young' for a server distro, especially compared to the CentOS-based ones.

So, these other two distros based on CentOS should be much more stable, but then they don't seem as intuitive to me, and seem maybe a bit outdated (SME Server particularly). Instinct tells me to go for one of the distros with the more battle-tested CentOS back-end (ClearOS or SME Server) to ensure no website downtime, but, if there is no truth to the common moans about Ubuntu's stability I might just be making my life more difficult for no reason. I also use Ubuntu LTS's on my deskops and laptops, so it seems to make sense to go for Zentyal/Ubuntu unless there is a good reason not to.

So has anyone got any personal experience in these matters they would like to share with me to help me make up my mind?

Thanks in advance

spoov

Personally, I have not used Zentyal. But I have put SME server as well as ClearOS. And I liked Clear OS a lot. It is based on CentOS which in turn is RH. And personally though I run Ubuntu Lucid on desktop, I like to have something more stable on servers and CentOS or Debian are perfect for that. And if you are planning to host your own website, you definitely need something very robust and stable. And CentOS is better than Ubuntu for that. And my experience with CentOS and OpenFiler, which is based on previous, has been very good without any downtime. (Touch wood).

Thanks. Anyone else got any experience? Or maybe are there any reliability stats someone could point me at?

Cheers

If by commercial, you mean taking electronic payments (and that's quite a step, if you are really not clued up in the field of servers, and probably, by extension, security), then ensure that you meet the Payment Industry requirements. This doesn't help you with this problem, but its as well to get it out of the way up front.

Ugh. Do you have to? I hate the idea of putting anything security-critical with something like a print server. If anyone bothers to attack you and does it at the right time, when the print server is busy, I am sure that a DoS is on its way. Maybe you'll try to test to ensure that it doesn't happen, but what measures will you take to ensure that you have tested in the worst-case condition?

I can see the attraction, but webmin wasn't good for you?

I am sure that the reports are exaggerated, but there are reasons that Ubuntu may not be the ideal choice

• Ubuntu's process for creating an LTS is not ideal. When RH or Novell/SUSE make an enterprise release there are reasons that they do not even try to release it on the same day as their less-stable/more bleeding edge bretheren. And you can't accuse Debian of being too bleeding edge either, and their 'release it when its ready' process reflects that. There is a tension between the need for bleeding edge, and stability and releasing both on the same day isn't the ideal way to do it, unless the two development streams can be done separately and in parallel.
• Ubuntu has the undesirable habit of starting services just because they are installed. This can be a nasty surprise, but, when you know that they do this, isn't really a problem (because you know).
• The 'no root' thing is a bit irritating, but you'll disable root login anyway, won't you? Won't you?

OTOH, the biggest security issues are with mis-configurations (including installations of stuff that just shouldn't be installed as well as incorrect installation of stuff that should be installed) and nothing that Ubuntu does is likely to be anywhere near as bad as what the user does with it.

This isn't a problem, if there has been enough testing. Of course, due to their process, there is room for doubt as to whether that is true.

So, based on what I have said, so far, as a base distro Centos may have an advantage, but the advanatges or disadvantages of the base distro are probably negligible compared to what you might do wrong with it. Sorry to be so blunt, but that's the way it is.

I did once (5++ years ago) play with SME Server. Installed easily; in fact I was extremely happy with how well that worked, but then I asked myself 'What happens if I now want to add something or reconfigure something?' and I had no idea what to do or where to look. One of the disadvantages of the of the 'do it all, the user doesn't have to know what is going on' installs is that you have no idea what is going on under the hood and how to do stuff with it.

I went back to a standard distro (Ubuntu, as it happens, but its not a internet-facing box, so I am not as concerned about security as I might be, in other circumstances) and configured services individually.

1 members found this post helpful.

Thanks salasi for your comprehensive reply. Since starting this thread I've been reading a lot about running web/network servers and it is definately more complicated than I thought (and had been led to believe) it would be; the e-commerce element particularly looks very arduous and time-consuming to cover. Also no matter how much I can learn in the available time there appears to be a significant residual possibility of me seriously buggering things up.

I'm revising the wisdom of the whole idea. I will keep looking into this subject when i have time because apart from anything else it's really interesting, but I think i'll probably be going to a hosting company for the time being tbh.

Anway thanks for all your advice.

Spoov

This is a bare minimum for taking payments via plastic - well, when I say it is a bare minimum, what I really mean is that the details are not well enough fleshed out to cover everything (but then, they are not supposed to be; it is a framework, rather than a 'do this just this, then do just that, then you pass, step-by-step for the clueless' guide). But, if you read it and think 'this is way too much, I'm not doing it' then don't get into taking payments from plastic; find something else to do.

All in all, you can see why people like to go down the advertising/micropayment type route; you don't necessarily have to get into this stuff by not taking payments that way.

I'm not going to deny that; even if you think you are pretty clued in, there will still be some possibility of screwing up; even with extensive experience that will still be true.

I have to admit that, looking at what is going on in the wider market, I'm a bit disturbed by a number of factors:

• the number of 'Website design for the brain-dead'-style books that never even mention security. Not at all, not even slightly.
• the tendency to oversimplify the security problem to 'I have a firewall, I'll be protected' or 'I use Linux/Don't use Windows, so viruses can't get me' kind of approaches that just over-over-simplify the problem away

I've got to say that in even being aware of the problem(s), you are already in better shape than a number of people who are over-enthusiastically leaping before they look, and I wouldn't want to put a block in your way. Just don't do it on the basis that security can be done with zero effort, because it ain't so.

And, please note that while a hosting company is a good idea at this point, it doesn't automatically make all problems go away.

1 members found this post helpful.

Hmm I was imagining that, with a fair amount of effort, I could learn and therefore apply better security to my own box that I would probably get from the cheaper hosting companies, but that definately doesn't look the case. Every time I open a door it just opens onto another room full of closed doors.

This is my experience of FOSS so far tbh (my only experience with IT) - it's all very interesting, but to get most *really useful* stuff done requires large amounts of time and skill, much like any other profession. I think a lot of FOSS stuff is a bit misleading in this respect tbh.

I will persist though, and thanks again for your help, lots of food for thought there.