-   Linux - Networking (
-   -   FTP server -> NFS -> HTTP/SQL server (

Tux-Slack 10-10-2009 10:18 AM

FTP server -> NFS -> HTTP/SQL server

I'm in quite of an unpleasant situation at the moment. I have 2 servers, FTP server and HTTP/SQL server, they are both on different locations, different ISP etc. And I have an VPN link between them.
To discribe a little bit further, I want the users to be able to access only the FTP, to upload files, and then through HTTP to view their websites.
So I went and installed ProFTPd on the FTP server, configured it, made a user adding script and it works just fine.
Then I created a NFS link between the server and am mounting the the root FTP directory in the HTTP server, which does mount.
And after that, configured apache to read from those user directories, which again works ok. But the problem becomes when apache needs to write to some of those directories, and permission get's denied, altho I have set the rw flag, both in the exports file and the mount command/fstab file. Even if I set file permissions to apache:apache on the FTP server it still can't write. What could be the cause of that? Or is there any better way to do this?

Kind regards,

Lordandmaker 10-11-2009 12:55 PM

NFS's permissions are based on file ownership denoted by uid. Are the uids of the users apache and ftpd runs as the same?

Remove the services from the situation for now, can *anyone* write to the nfs mount?

What's the line in /etc/exports and /etc/fstab as appropriate from the two boxen?

As for better ways, an other way to do it would be to install apache on the ftp server, and have the current http server act as a proxy. This is likely to be suboptimal for the same reasons as why you've ended up with two different servers.

Tux-Slack 10-12-2009 03:00 AM


and output from mount(I don't use fstab yet, untill I set it up as I should):

-bash-3.2# mount
/dev/hda1 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda2 on /home type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
/dev/md0 on /mnt/raid type ext3 (rw) on /home/test type nfs (rw,addr=

Hmm...a reverse proxy? Wonder why I never gave that a thought.
Ok then, maybe not so much of a networking question anymore, or maybe so.
In that case, I would need a way to, configure both servers over the network, one way would be to share those configuration files over NFS?
I.e., I have this server for user websites, who don't have any access to the server, except for HTTP and FTP(SQL local only). The FTP server doesn't even have SSH access(it's blocked by a router firewall), except over VPN. But what I would like to do now is log in through SSH on my current HTTP server and configure everything from there. A new website directive as reverse proxy in current apache, add new user and create directories for the user on the FTP server, and configure apache on the FTP server for the new user. Which I think could be done by mounting those files and directories over NFS and manipulate them in this way.
But then the question comes, how do I restart the apache on the FTP server remotely?

Lordandmaker 10-15-2009 05:50 AM

Your exports and mount look about right to me (I can't remember the default status of root_squash, but on is generally sensible)


In that case, I would need a way to, configure both servers over the network, one way would be to share those configuration files over NFS?
I'd look at NIS for sharing user info, but the configuration of most of the services (http, ftp, ...) will be different between the boxes. NIS would simplify your NFS woes, too.
LDAP can be used for same, and is more recently proving more popular. But it's substantially less simple than NIS.

Tux-Slack 10-15-2009 03:35 PM

I don't need to share user info. All the users that have to exist, will be on the FTP server, which are created with a local bash script. Only SQL users will have to be created on the HTTP server. But if I use a reverse proxy, I need to edit both httpd.conf files on both machines, and restart/reload apache on both machines. Which I already solved with ssh public key logins and executing remote scripts.
root_squash defaults to on/yes, at least it's there in /proc/nfs/exports
Thanks for the help both of you, but this can be marked solved.

All times are GMT -5. The time now is 11:39 AM.