* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:12 ` Alan McKinnon
@ 2009-05-28 19:33 ` Mick
2009-05-28 19:45 ` Alan McKinnon
2009-05-28 19:34 ` Jarry
2009-05-28 19:51 ` Stroller
2 siblings, 1 reply; 12+ messages in thread
From: Mick @ 2009-05-28 19:33 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1586 bytes --]
On Thursday 28 May 2009, Alan McKinnon wrote:
> A chroot jail is of no real use to you here - it's a development tool and
> amazingly useful for gentoo installs, but has no real security or process
> separation benefits. So says Alan - not me, a different one.
OK, thanks for this to both of you! :)
> Your problem will be that only one apache instance can run on port 80.
That's no problem. I can run the payment managing website on a different
port.
> Your options:
> 1. Run the ecommerce apache on a different port.
Yep, SSL, different port.
> 2. Install a second NIC with a different IP and bind each apache to port 80
> on it's own nic.
How do you do this?
> 3. If you use separate mysqls, run them on different ports.
I'll need to run them using /usr/bin/mysql --options I guess, rather than
using the /etc/init.d scripts, right?
> However, it's an e-commerce site so one must state the obvious:
>
> You must be out of your mind running an ecommerce site on the same machine
> as other php vhosts. Please give me the URL so I know never to buy there -
> I have no way of knowing what those vhosts are, who the webmaster is and
> how secure they are.
Is the fear that one of these apache vhosts installations will be compromised
and then the ecommerce/payment website will get hacked from the inside?
> So I recommend option 4:
>
> Pony up the money for server #2
Hmm, yes that's what I was trying to avoid. ;-)
Would running complete virtual servers to achieve separation be any/much
better?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:33 ` Mick
@ 2009-05-28 19:45 ` Alan McKinnon
2009-06-04 11:45 ` Ajai Khattri
0 siblings, 1 reply; 12+ messages in thread
From: Alan McKinnon @ 2009-05-28 19:45 UTC (permalink / raw
To: gentoo-user
On Thursday 28 May 2009 21:33:02 Mick wrote:
> On Thursday 28 May 2009, Alan McKinnon wrote:
> > A chroot jail is of no real use to you here - it's a development tool and
> > amazingly useful for gentoo installs, but has no real security or process
> > separation benefits. So says Alan - not me, a different one.
>
> OK, thanks for this to both of you! :)
>
> > Your problem will be that only one apache instance can run on port 80.
>
> That's no problem. I can run the payment managing website on a different
> port.
>
> > Your options:
> > 1. Run the ecommerce apache on a different port.
>
> Yep, SSL, different port.
>
> > 2. Install a second NIC with a different IP and bind each apache to port
> > 80 on it's own nic.
>
> How do you do this?
It' sin the apache docs, called "IP based virtual hosts" if memory serves.
Basically, you'll modify the standard apache init script and make a copy to be
able to treat two apaches as separate apps. Instead of simply specifying the
port, specify an IP and a port in the config. You must use different hostnames
too obviously, and get this info into DNS.
Start apache-1, start apache-2, voila
> > 3. If you use separate mysqls, run them on different ports.
>
> I'll need to run them using /usr/bin/mysql --options I guess, rather than
> using the /etc/init.d scripts, right?
Yup, two configs, two init scripts, two instances.
Just like apache.
> > However, it's an e-commerce site so one must state the obvious:
> >
> > You must be out of your mind running an ecommerce site on the same
> > machine as other php vhosts. Please give me the URL so I know never to
> > buy there - I have no way of knowing what those vhosts are, who the
> > webmaster is and how secure they are.
>
> Is the fear that one of these apache vhosts installations will be
> compromised and then the ecommerce/payment website will get hacked from the
> inside?
Yes.
You do not ever want people's credit card details exposed or stolen. You need
to take extraordinary efforts or customers will not trust you.
Any thought you ever have along the lines of "I don't need to do thing X as
that will not happen" - beware, that's the very time that Murphy makes X
happen...
> > So I recommend option 4:
> >
> > Pony up the money for server #2
>
> Hmm, yes that's what I was trying to avoid. ;-)
>
> Would running complete virtual servers to achieve separation be any/much
> better?
It's almost as good as separate hardware, especially if you have a good
virtual machine system that gives you complete separation of network
interfaces - either physical or virtual.
If the box can handle the load, I say go with this approach. You have to have
an enormous site with heaps of users to outrun an average modern server
--
alan dot mckinnon at gmail dot com
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:12 ` Alan McKinnon
2009-05-28 19:33 ` Mick
@ 2009-05-28 19:34 ` Jarry
2009-05-28 19:48 ` Alan McKinnon
2009-05-28 19:51 ` Stroller
2 siblings, 1 reply; 12+ messages in thread
From: Jarry @ 2009-05-28 19:34 UTC (permalink / raw
To: gentoo-user
Alan McKinnon wrote:
> On Thursday 28 May 2009 20:57:08 Mick wrote:
>>
>> I am considering running an ecommerce website (php+mysql) on a server which
>> is already running apache (with a number of virtual hosts) and a couple of
>> php+mysql driven websites.
>>
>> The ecommerce website is meant to be used to process customer payments. I
>> have not looked into setting up something like this before and I am not
>> sure where to start. Should I be thinking of chroot jails, multiple
>> apache/mysql installations, or what else is recommended? How do you do it
>> in your implementations?
>
> A chroot jail is of no real use to you here - it's a development tool and
> amazingly useful for gentoo installs, but has no real security or process
> separation benefits. So says Alan - not me, a different one.
>
> Your problem will be that only one apache instance can run on port 80.
> Your options:
> 1. Run the ecommerce apache on a different port.
> 2. Install a second NIC with a different IP and bind each apache to port 80 on
> it's own nic.
> 3. If you use separate mysqls, run them on different ports.
>
> However, it's an e-commerce site so one must state the obvious:
>
> You must be out of your mind running an ecommerce site on the same machine as
> other php vhosts. Please give me the URL so I know never to buy there - I have
> no way of knowing what those vhosts are, who the webmaster is and how secure
> they are.
>
> So I recommend option 4:
> Pony up the money for server #2
Ad.2: he can assign 2 IPs to single NIC. No need to buy the second NIC.
BTW, I was in a similar situation: one user wanted to use notoriously
buggy phpBB, but I did not want to risk compromising my other web-pages.
So I have opted for #5: vserver-sources, and I have multiple instances
of apache running in pretty good isolated vserver-guests.
My €0.0144 ...
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:34 ` Jarry
@ 2009-05-28 19:48 ` Alan McKinnon
2009-05-28 20:30 ` Jarry
0 siblings, 1 reply; 12+ messages in thread
From: Alan McKinnon @ 2009-05-28 19:48 UTC (permalink / raw
To: gentoo-user
On Thursday 28 May 2009 21:34:33 Jarry wrote:
> Ad.2: he can assign 2 IPs to single NIC. No need to buy the second NIC.
>
> BTW, I was in a similar situation: one user wanted to use notoriously
> buggy phpBB, but I did not want to risk compromising my other web-pages.
>
> So I have opted for #5: vserver-sources, and I have multiple instances
> of apache running in pretty good isolated vserver-guests.
> My €0.0144 ...
I used vserver once, and was very impressed with the performance. I didn't use
it eventually, as I found administering a real running instance was non-
intuitive to anyone but me and I found it very hard to get people to grok how
to run the things.
That was in the days of pre-baselayout-2 when one had to use a very hackish
and buggy baselayout. How does it fare with v2?
--
alan dot mckinnon at gmail dot com
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:48 ` Alan McKinnon
@ 2009-05-28 20:30 ` Jarry
0 siblings, 0 replies; 12+ messages in thread
From: Jarry @ 2009-05-28 20:30 UTC (permalink / raw
To: gentoo-user
Alan McKinnon wrote:
>> So I have opted for #5: vserver-sources, and I have multiple instances
>> of apache running in pretty good isolated vserver-guests.
>> My €0.0144 ...
>
> I used vserver once, and was very impressed with the performance. I didn't use
> it eventually, as I found administering a real running instance was non-
> intuitive to anyone but me and I found it very hard to get people to grok how
> to run the things.
>
> That was in the days of pre-baselayout-2 when one had to use a very hackish
> and buggy baselayout. How does it fare with v2?
I've been using vserver just for a few months. baselayout2 is still
~arch iirc, but I never had any problem with it. Once baselayouts2 goes
finally stable, you can install guests with standard stage3. Untill then
a slightly tweaked stage3 (with baselayout2) must be used...
I'm running now 27 guests on very moderate server (AMD64/X2, 4GB RAM),
every service on its own guest, with only ssh and logging on host.
Even for gcc-upgrade I created new vserver-guest, to test it a little
before updating server (host).
Configuration is rather complex (especially for a newbie), but not
very difficult. It is definitelly an adult-looking project now,
worth giving a try...
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:12 ` Alan McKinnon
2009-05-28 19:33 ` Mick
2009-05-28 19:34 ` Jarry
@ 2009-05-28 19:51 ` Stroller
2009-05-28 20:06 ` Alan McKinnon
2 siblings, 1 reply; 12+ messages in thread
From: Stroller @ 2009-05-28 19:51 UTC (permalink / raw
To: gentoo-user
On 28 May 2009, at 20:12, Alan McKinnon wrote:
> ...
> Your problem will be that only one apache instance can run on port 80.
> Your options:
>
> 1. Run the ecommerce apache on a different port.
> 2. Install a second NIC with a different IP and bind each apache to
> port 80 on
> it's own nic.
Or run the separate instance of Apache on a different port, then have
a vhost on the instance of Apache on port 80 redirect to the instance
of Apache running on port 81 (or wherever).
I believe there is more than one way to de-fur this particular feline
(mod_proxy mod_rewrite).
> However, it's an e-commerce site so one must state the obvious:
>
> You must be out of your mind running an ecommerce site on the same
> machine as
> other php vhosts. Please give me the URL so I know never to buy
> there - I have
> no way of knowing what those vhosts are, who the webmaster is and
> how secure
> they are.
>
> So I recommend option 4:
>
> Pony up the money for server #2
Just for the sake of satanic advocacy, could you indulge me, please?
Let's say Mick is the administrator for all domains in question. He
decides to run the two sites on different machines, one for
MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
insecure, what makes you think he will administer MicrophoneShoppe any
more securely?
If Mick decides to run both sites on the same machine, served by the
same MySQL sever & Apache instances, surely he can set permissions in
such a way that MickBlog.org is unable to access the data of
MicrophoneShoppe.com? I don't know all the details, but (at least) the
SQL server should be able to host multiple databases, each with
different permissions; thus someone obtaining the admin WordPress
password for MickBlog.org may be able to edit the blog posts on that
site, but they shouldn't be able to access the shop's DB (which should
be separate (a separate MySQL user?) and secured with a different
password).
My biggest reservation to my the thoughts I've outlined above (and I'm
by no means saying those are sound, either) is that PHP is mentioned,
and I've heard that's not the most secure language. Is that also your
concern?
There are loads of web hosting companies out there that offer
ecommerce options, and I'd have thought that some of them are $30/year
deals which are run in vhosts and shared databases just like this. So
I'm inclined to imagine that this must be possible with _some_ level
of security. Clearly, yes, the best option is to isolate things as
much as possible, but the site's income might not justify the expense
of a dedicated server at present - does that render secure ecommerce
truly impossible?
Stroller.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 19:51 ` Stroller
@ 2009-05-28 20:06 ` Alan McKinnon
2009-05-30 23:27 ` Mick
0 siblings, 1 reply; 12+ messages in thread
From: Alan McKinnon @ 2009-05-28 20:06 UTC (permalink / raw
To: gentoo-user
On Thursday 28 May 2009 21:51:26 Stroller wrote:
> > So I recommend option 4:
> >
> > Pony up the money for server #2
>
> Just for the sake of satanic advocacy, could you indulge me, please?
>
> Let's say Mick is the administrator for all domains in question. He
> decides to run the two sites on different machines, one for
> MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
> insecure, what makes you think he will administer MicrophoneShoppe any
> more securely?
I suffer from a healthy dose of paranoia :-)
Added to that, my employer is an ISP and not shy with budgets, so a purchase
order for new hardware in a case like this will not raise any eyebrows. For
me, it's a low level of risk high impact scenario and the $ cost is low.
In a budget-constrained environment, it would obviously work very differently
And yes, I do indeed not trust php code at all. I've seen the audit results of
too many php projects that were diligently hardened and what it took to get
them from working state to an acceptably secure state.
--
alan dot mckinnon at gmail dot com
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-28 20:06 ` Alan McKinnon
@ 2009-05-30 23:27 ` Mick
2009-05-31 17:16 ` Alan McKinnon
0 siblings, 1 reply; 12+ messages in thread
From: Mick @ 2009-05-30 23:27 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1949 bytes --]
On Thursday 28 May 2009, Alan McKinnon wrote:
> On Thursday 28 May 2009 21:51:26 Stroller wrote:
> > > So I recommend option 4:
> > >
> > > Pony up the money for server #2
> >
> > Just for the sake of satanic advocacy, could you indulge me, please?
> >
> > Let's say Mick is the administrator for all domains in question. He
> > decides to run the two sites on different machines, one for
> > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
> > insecure, what makes you think he will administer MicrophoneShoppe any
> > more securely?
>
> I suffer from a healthy dose of paranoia :-)
Well, it is commonly said that the fact you are paranoid doesn't necessarily
mean they are not out to get you!
> Added to that, my employer is an ISP and not shy with budgets, so a
> purchase order for new hardware in a case like this will not raise any
> eyebrows. For me, it's a low level of risk high impact scenario and the $
> cost is low.
>
> In a budget-constrained environment, it would obviously work very
> differently
Well, I am in a very cost constrained environment I'm afraid. Good advice
given here - I am now thinking that a virtual server is the next stage. Any
idea how it would run on a single CPU machine - or must we bite the bullet
and go for some multicore monster?
> And yes, I do indeed not trust php code at all. I've seen the audit results
> of too many php projects that were diligently hardened and what it took to
> get them from working state to an acceptably secure state.
I haven't your specific experiences of course, but have read about and seen a
few horror stories of cracked phpBB implementations that I know I would not
be able to sleep at night ... especially as one of the hosted websites is
running some home brew of php+perl.
Still, at least formally it is weak passwords that are usually blamed for most
compromised servers.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
2009-05-30 23:27 ` Mick
@ 2009-05-31 17:16 ` Alan McKinnon
0 siblings, 0 replies; 12+ messages in thread
From: Alan McKinnon @ 2009-05-31 17:16 UTC (permalink / raw
To: gentoo-user
On Sunday 31 May 2009 01:27:07 Mick wrote:
> > Added to that, my employer is an ISP and not shy with budgets, so a
> > purchase order for new hardware in a case like this will not raise any
> > eyebrows. For me, it's a low level of risk high impact scenario and the $
> > cost is low.
> >
> > In a budget-constrained environment, it would obviously work very
> > differently
>
> Well, I am in a very cost constrained environment I'm afraid. Good advice
> given here - I am now thinking that a virtual server is the next stage.
> Any idea how it would run on a single CPU machine - or must we bite the
> bullet and go for some multicore monster?
virtualization can give surprisingly pleasant performance figures. It's VASTLY
improved since vmware still caught on, and web sites don't necessarily have to
be resource hogs.
So what I would do is get your hands on a spare machine somewhere (you might
need to get creative here...) and test out all the well-known virtualization
technologies (vmware-server, virtualbox, kvm, qemu). My experience has been
that as long as you don't run X on the hosts or guests, performance is good.
If you are already running out of steam on a single-cpu machine, then you'd
need an upgrade anyway and no amount of magic sauce technology can change that
- it takes budget ;-)
--
alan dot mckinnon at gmail dot com
^ permalink raw reply [flat|nested] 12+ messages in thread