Quote:
Originally Posted by vincix
@sundialsvcs
I'm impressed by your fetishism. Of course I'm being slightly ironic, but I'm also honestly impressed, of course. The question though, lingers, and that is: how do you actually replace what cpanel does? What if you have 1000 clients that need direct access to the management of sql, dns, e-mail, maybe installing wordpress, etc.? What practical solution would you actually suggest? I honestly like being paranoid about security and I like the idea of locking everything, allowing the strictly necessary access. But what do you actually do when you want provide for so many clients? Custom scripts for everything?
|
There are a variety of ways to
provision a remote server – even hundreds of them. Most of these techniques involve
cloning identical copies of a server configuration that has been (hand-)built ahead of time.
For instance, Canonical's
MAAS ("Metal As A Service") tool is just one of a great many tools in this class.
The most critical aspect of this – which is also the
failure point of the tools that you mention – is that
access to the remote administration interfaces must be
secure. Even if they are based on the use of HTTP management-clients for convenience, the privileged daemons that perform the work are
not based on Apache and cannot be reached from the outside world.
Strong, certificate based, security, including peer-identification, is essential. To "break in" to the thing must be an impossibility. "Apache" has no power whatsoever to do anything, and the secure management interfaces cannot be reached "from web pages" on "web servers."
Security in-general is also crucial.
("ssh" won't do the trick!!) For instance, to reach the administrative interfaces of any web-sites or servers that I'm responsible for, there's only
one outer-bastion defense that you must cross: OpenVPN, with
tls-auth. And basically this means that you
possess a non-revoked certificate, of which there are exactly
three in this world. Every administrative daemon listens
only to this secure "tunnel." No other path
exists(!), and, unless you possess the
tls-auth certificate, it is impossible to
detect(!!) it. So, that's the first line of defense: a secure but secret door in a smooth and featureless wall, that only three people on Earth (at the present time) are able to
discover or enter, through the use of unique credentials assigned only to them.