|
Apache Question
I have 2 computers;
1) Quad P2 200mhz w/ 110 Gig Raid 5 2) Dual 800 P3 512 RAM with two 16 gig drives I want to run apache on the second computer and I want to have all the home directories of the domains/users on the first computer. What is the best way to go about this? Someone told me it was possible to use LDAP. I don't have much experience with LDAP but before I try and figure it all out I thought I was ask some opinions on the best way to do this. Is this even a normal setup? Or is there a better way all together to do this? I think if I could achieve this with LDAP it would be nice, because then I could use LDAP for authentication onto the websites. Thanks! |
Don't know much about LDAP, but I have heard it's not very easy to setup. You can accomplish what you want pretty easily using NFS. How it works is... you "export" your home directories on the first machine so that they are accessible to other machines. You can specify that you want these available to all other machines on your LAN, or just to one specific machine. Then, you just mount that stuff on your second machine and presto... they are accessible. Now you can treat this data as if it were located on the second machine.
So, for example, on machine #1, you'd go into /etc/exports and add this line... /home 192.168.0.0/24(rw,no_root_squash) Some people may tell you not to use no_root_squash, but I like it. Look this up in the man pages and decide for yourself. Note that the "rw"allows read and write access and /home is the /home directory on machine #1. Now in machine #2, edit /etc/fstab and add this line... 192.168.0.60:/home /mnt/machine1/home nfs rw 0 0 The ip address is for machine #1 and you're telling it to mount the home directory located there. /mnt/machine1/home is a directory you must create on machine #2. You'll need to look at the man pages for more info about the other options. These should be fine, but check anyway just so you know what you're doing. Good luck and hope that helps. |
Thanks that helps a ton.
I have heard rumors that NFS is not very secure. I have never really used it or researched it at all. Is it secure? Thanks again! |
I'm no expert, but I would assume that any security risks would come from inside your LAN. I believe it's pretty secure from the outside world. So I guess it depends on how secure your LAN is.
More about NFS than you ever cared to know... http://www.netapp.com/tech_library/nfsbook.html |
How do Web hosting companies do it? Is it similar to this, or do they have apache running on the same machine they have storage? I have a bunch of people that want web pages hosted, and thye knew that I dabbled in it, so I am trying to figure out the best way to do it. I have a network set up with a good firewall and my DNS is working great, now I am down to the webserver. Any thoughts on how others do this?
Thanks |
Quote:
In order to have the best possible performance and security you must have everything running on a seperate system. Webserver on one machine, DNS server on another machine, mail server on another machine... etc etc. Based on that premise, I would assume they would need to have some central storage solution so that all their home directories (data files, etc) are on a machine by themselves too and are centrally accessible to all the other machines. Since you're just getting started (much like me) it would probably be a good idea to just do whatever makes the most sense and grow as you go! When you get to the point where you need to rearrange things, you'll be expert enough to roll with the changes and moving everything to another machine or location will be a snap. Personally, I have 2 primary machines that I'm using just for my hosting business. Machine #1 has the web server, FTP server and DNS server. Machine #2 has all my email stuff, like virus and spam checking and also hosts the other DNS server so I have 2 of them. Actually there isn't much benefit in having both of them in the same location,but I needed 2 of them just to satisfy the registraars. I actually have a backup server as well, and all it does is backup files on both machines (and a few other machines too). |
Cool, you sound like you know what your doing. Mind if I pick your brain??
What software do you use to backup? What antivirus do you use? What FTP server do you use? One more thing I have been trying to figure out is account management. How do you manage your accounts, do you give them a regular user name then point their domain to their home directory? Sorry for all the questions, I am excited I found someone who already has running what I want to run :) Thanks for all the help! |
For backups I use rsync. For a while, I was using something called DAR which was nice for a while, but I decided I was sending too much data down the wire and switched to rsync and never looked back. With rsync, it only copies what changed since the last run, so you're not moving as much data.
For antivirus, I'm using clam AV. You should check out this mail server howto that explains how to set everything up... http://sylvestre.ledru.info/howto/ho...l_vpopmail.php With all of these other systems in place (like qmail-scanner) installing clam AV is pretty easy. For FTP, I use ProFTPd which is fine for what I'm doing. And yes, I do accounts exactly as you described. Just normal "useradd" command. ProFTPd iinterfaces nicely under this scheme because by default it uses the /etc/passwd file to authenticate users. One word of caution... you should look into setting up suexec if you want to get serious about hosting for people. suexec is something you activate under apache that will allow apache to run as whatever user/group you specify. Let's say for example, that you're NOT running with suexec enabled... Now if one of your customers is using a CGI script to create new files on the server, like if they are running their own message board, for example, where new messages are posted as seperate HTML files, these files will be created with apache/apache as the user and group. The problem with that is, when somebody logs into their FTP account, they will not be able to modify any files that are owned by the apache user because they will be logging in as their own account... and you CERTAINLY don't want people logging in as the apache user. With suexec, any CGI scripts that are being run are run as whatever use you want. So let's say one of your customers is named bob and he's in the group "bob" all by himself. Under the apache virtual host, you put SuexecUserGroup bob bob so that whenever a CGI script is executed from his home directory, it will be run as bob/bob and the files it creates will be owned by bob as well. This is good for security purposes too, so you should look at setting this up when you install apache. Hope that helps. |
| All times are GMT -5. The time now is 08:27 PM. |