From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-95937-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1M9lLa-0006Gg-1A
	for garchives@archives.gentoo.org; Thu, 28 May 2009 19:33:02 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 60654E0377;
	Thu, 28 May 2009 19:33:00 +0000 (UTC)
Received: from mail-bw0-f175.google.com (mail-bw0-f175.google.com [209.85.218.175])
	by pigeon.gentoo.org (Postfix) with ESMTP id EAFF9E0377
	for <gentoo-user@lists.gentoo.org>; Thu, 28 May 2009 19:32:59 +0000 (UTC)
Received: by bwz23 with SMTP id 23so5067000bwz.34
        for <gentoo-user@lists.gentoo.org>; Thu, 28 May 2009 12:32:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:from:reply-to:to:subject:date
         :user-agent:references:in-reply-to:mime-version:content-type
         :content-transfer-encoding:message-id;
        bh=Vbw+fCwVOtdqAlvu5nroPvnCnr5qU5Nxp60IGYix+Zc=;
        b=S1czt89HzVH7IImgSbXKmDG1uVlPZUVdRL9cYqQxlprBmFvqnh3J7WUtmXw6UN2fX+
         sV+yFYxWZnNJe2pxzfpPggVRBoDfra0odmZ6Sa+1lY/BlcNXVdR52IRz7rh1sVHEQzpm
         exCcbRCpuFfggMLq+AfoFvC+9mGwWFe60K9is=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        b=fnjXoQVWW+/tk9qQHOGOQlGQJ84F6kvkdQMTDP2rqL/GXF2hhA6/xIeWzw8mKkbQGu
         BE/h3ykar2/jxhcBHLCNMR4fa4q2E0LEVBl90QhzHMHEXvxqT6hzAqoHv9CUN7LMqX3O
         8g9+MfdV8v5O2Ux0hL6vGdF9HVwj34BhVVdis=
Received: by 10.103.227.13 with SMTP id e13mr1104945mur.2.1243539179166;
        Thu, 28 May 2009 12:32:59 -0700 (PDT)
Received: from lappy.study (230.3.169.217.in-addr.arpa [217.169.3.230])
        by mx.google.com with ESMTPS id s11sm718117mue.50.2009.05.28.12.32.57
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 28 May 2009 12:32:57 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
Date: Thu, 28 May 2009 20:33:02 +0100
User-Agent: KMail/1.9.9
References: <200905281957.19368.michaelkintzios@gmail.com> <200905282112.56754.alan.mckinnon@gmail.com>
In-Reply-To: <200905282112.56754.alan.mckinnon@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart36581705.EZYzdKZ4R5";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200905282033.04206.michaelkintzios@gmail.com>
X-Archives-Salt: c4d96221-28ec-4d90-9946-f028fa25809f
X-Archives-Hash: f4e05d1c071efb409d5a01602ec8419f

--nextPart36581705.EZYzdKZ4R5
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 28 May 2009, Alan McKinnon wrote:

> A chroot jail is of no real use to you here - it's a development tool and
> amazingly useful for gentoo installs, but has no real security or process
> separation benefits. So says Alan - not me, a different one.

OK, thanks for this to both of you! :)

> Your problem will be that only one apache instance can run on port 80.

That's no problem.  I can run the payment managing website on a different=20
port.

> Your options:
> 1. Run the ecommerce apache on a different port.

Yep, SSL, different port.

> 2. Install a second NIC with a different IP and bind each apache to port =
80
> on it's own nic.

How do you do this?

> 3. If you use separate mysqls, run them on different ports.

I'll need to run them using /usr/bin/mysql --options I guess, rather than=20
using the /etc/init.d scripts, right?

> However, it's an e-commerce site so one must state the obvious:
>
> You must be out of your mind running an ecommerce site on the same machine
> as other php vhosts. Please give me the URL so I know never to buy there -
> I have no way of knowing what those vhosts are, who the webmaster is and
> how secure they are.

Is the fear that one of these apache vhosts installations will be compromis=
ed=20
and then the ecommerce/payment website will get hacked from the inside?

> So I recommend option 4:
>
> Pony up the money for server #2

Hmm, yes that's what I was trying to avoid.  ;-)

Would running complete virtual servers to achieve separation be any/much=20
better?
=2D-=20
Regards,
Mick

--nextPart36581705.EZYzdKZ4R5
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEABECAAYFAkoe5vAACgkQVTDTR3kpaLZvdgCdFlsTLRbw7F8EKlPr4td1iVCx
c1UAoPtGj2rs/bDUe11uoz11bvgz2LSA
=6zAB
-----END PGP SIGNATURE-----

--nextPart36581705.EZYzdKZ4R5--