LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-29-2004, 08:28 PM   #1
shmude
Member
 
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83

Rep: Reputation: 15
First production webserver setup...need advice


I'm about to setup my first production webserver (it will be online 24x7 and needs to be secure) but i am a bit confused on exactly how i need to accomplish this. This server will run a basic website and host files.

First things first...which distro would be best to run in this situation. I am very familar with RH and Fedora and somewhat with slackware but which one out there would make a good webserver. Also, i know some will say go with slack because its less bloated, but what about updates? redhat has its up2date but what does slack use?

Next is extra software that i need. Obviously Iptables will be used for my firewall but what about things like tripwire and other programs like it...are these needed or necessary?

I might be missing things in my setup so please fill in some of the gaps...the only webserver's that i have set up were me being bored at home or just to play.
 
Old 07-29-2004, 08:44 PM   #2
millionknives
Member
 
Registered: Jul 2004
Location: Port Charlotte Florida
Distribution: slack 12.1
Posts: 78

Rep: Reputation: 15
Slackwares slaptget is a wonderful tool it really is, (and if youd prefer to use a gui try http://www.linuxpackages.net/pkg_details.php?id=2331 frontend) and I myself use a slackware based os (Ive been moddifing it for a while now Im really starting to like the way its turning out more or less what Im saying is slack can, if you put the time in, be modified to do just about anything) So Id say go for slackware.

Also, using the ip as the web address isnt very good unless its for your own personal use (such as image hosting for friends and family etc) so get a domain name thier fairly cheap, and can keep the server/computers ip "hidden" from the browser link and from your everyday web surfers.

I just did some research on tripwire and I say it looks like a useful tool I may download it and play with it, also if anything Id have some type of software or script running to help keep things such as spam (yes if you post your email on your site your more then likely going to get spam unless you do things such as this: knives_at_nerdshack_dot_com that does help keep spam down) also, I would find some tool to use to block ips from accessing your server if the users of those ips are annoyances and/or problems. Hope this helps you.

Last edited by millionknives; 07-29-2004 at 08:46 PM.
 
Old 07-29-2004, 10:18 PM   #3
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
I would chose Slackware too.

Slackware and Apache with a good iptables setup should be a very secure solution.

Slackware has automated package upgrade software as millionknives said, however, for a 24x7 server, you should never allow it to auto update itself.

Any software changes made on a server (especially one that is expected to be online all the time) should be done under close supervision, and only when necessary. Packages from Slackware-current are not guaranteed to be stable in the least.

Having your server download and install possibly unstable software in the middle of the night when you aren't there to watch it is a recipe for disaster.
 
Old 07-29-2004, 11:25 PM   #4
millionknives
Member
 
Registered: Jul 2004
Location: Port Charlotte Florida
Distribution: slack 12.1
Posts: 78

Rep: Reputation: 15
My slapt-get doesnt auto update.. course then again I just use it to update to the newest pkgs after Ive checked to make sure there good by looking online if it seems to be fine then coo if not then forget it but all in all slack is most likely the way to go in this case.
 
Old 07-30-2004, 01:18 AM   #5
shmude
Member
 
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83

Original Poster
Rep: Reputation: 15
Ok, so slack is the way to go then. I would never let it auto update itself and would only be keeping track of apache, php, and maybe mysql if i decide to install a database. What about keeping the kernel updated. It seems like a new kernel comes out every month so what is the deal with keeping them up to date. And do i need to monitor anything else for updated packages other then the ones i mentioned. THis is ONLY going to be a webserver, nothing more.

Got a few more questions though. How do you make sure that extra services that i dont need arn't running in the background on slackware? And should i install Apache/PHP from the install disks and update them with slapt-get, or should i install them after the main install?
 
Old 07-30-2004, 01:55 AM   #6
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
For the kernel, I would compile a brand new 2.6.7 kernel from scratch, removing everything you don't need (servers don't need sound, etc). After that, you shouldn't have to worry about a kernel update unless there is some kind of flaw or exploit discovered (like the recent local exploit).

For the packages, don't upgrade as soon as a new one comes out. Wait a few weeks in case there is a problem with the package, it wouldn't be the first time an official package was unstable or down-right broken. Also, like you said, don't bother updating packages that you don't use.

To stop anything running in the background of Slackware, you are going to want to read your "inetd.conf" and your "rc.inet2" files. These control what daemons start at boot. There are other places programs could start from, for instance, everything that is executable in the "/etc/rc.d" directory will start at boot.

For the Apache install, I would install it with Slackware, then upgrade the package. Also read up online about securing your Apache server. There are many things that the Apache server loads by default that you probably wont use. In fact, most of the modules that Apache uses aren't necessary for a simple web page.

A few other notes, you are going to want to setup a good partition setup for this server. I would suggest separate partitions for: "/", "/usr", "/var", "/root", and "/home". It is up to you, but you have to have a separate partition for "/var" otherwise, the system logs could clog up your HDD and crash your server.

You should also look into a backup media of some type. I personally use a Travan tape drive with a new tape for each day. This isn't required, but if you have a hardware failure and lose data, you are going to wish you had a backup system.

And finally, I don't know if you are aware, but you shouldn't have X or any GUI installed on the server. It will only bloat your system and take up resources that would be better put to use serving web pages.
 
Old 08-03-2004, 11:51 PM   #7
shmude
Member
 
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83

Original Poster
Rep: Reputation: 15
alright, the install and setup has gone really well, but i do have one more question. The version of apache that comes with slack 10 is 1.3.31 but i thought that version 2 of apache is much better. Which version should i use? which is more secure? more flexible? and what about hosting asp pages...can apache do that?
 
Old 08-04-2004, 01:21 AM   #8
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
For ASP, you are going to want to look into this:

Apache::ASP

As for the Apache version, there is nothing wrong with running 1.3.31. Slackware, as it usually does, has put software stability over software features.

While 2.x has some very nice features, 1.3.x is still the standard, and because of that it can be considered the more stable version (more users equals more patches and bug fixes).

If you feel the need to upgrade to the very latest Apache because it has features you need, then that is fine, but on the other hand, there is no need to fear the stock Slackware install (unless a new venerability is discovered, anyway).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can someone help me setup webserver? kuplo Linux - Software 2 11-05-2005 06:24 PM
Looking for advice about setting up a small, lightweight webserver jesseoneill Linux - General 1 03-01-2005 09:36 PM
Steps to making public webserver (need advice) Gates1026 Linux - Networking 1 04-01-2004 01:18 PM
Webserver Setup bytebrowser Linux - Networking 6 06-21-2003 04:34 AM
Need Advice - Webserver and Firewall Setup nbin Linux - Networking 8 06-17-2003 07:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration