Best practice for web server setup?

[Tony]

"Wipe_Out" <wipe_out at users.sourceforge.net> wrote in message 
news:AANLkTikFt2PqiePkCftOU16RzC+PPybeqX5qsv08fFKy at mail.gmail.com...
> Hi All,
>
> I am wondering if anyone can point me to a "best practice" guide for 
> setting
> up my company web server..
>
> The basics are that I am setting up an Ubuntu 10.04 web server on a VPS
> hosted on the internet.. The server will run our internal web based
> applications and database being accessible from all our business 
> locations..
> It will also at some point in the future host the company website with a
> customer portal so customers can manage their requirements themselves (in
> other words the site will link to the company database on the server)..
>
> In addition to this I want to setup a development site for continued
> development and testing of the applications and website that can then be
> copied to the live site when testing is complete..
>
> Setting up the Ubuntu box and using "tasksel" to create the LAMP server is
> easy enough.. What I am looking at more specifically is setting up the
> virtual hosts for the various sites..
>
> Is it recommended to create user accounts for each function, i.e apps, web
> and dev, and then setup a public_html directory in each home directory and
> get apache to serve the files from there? or should I just create
> subdirectories of /var/www and put them all there to avoid problems 
> running
> the sites (permissions etc.. )??
>
> Any suggestions or things to look out for would be appreciated..
>
As you have asked some very basic questions, I would suggest that you don't 
do it!  You really need to know about security and just setting up a lamp 
server on a VPS is a very insecure way of doing things if you don't know 
what you are doing.  You run the risk of getting the websites hacked and 
also the company database/sites hosted on it.

You will also need a DNS server if you want the domain found on the internet 
and probably some sort of mailing program installed to process mail sent 
from the websites.

If you are determined to do it yourself, I would suggest installing 
something like ehcp (http://ehcp.net/) , ISPConfig 
(http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3) 
or DTC http://www.gplhost.com/software-dtc.html

It is not a good idea to run internal web based applications on a server 
that has public access unless you really know what you are doing.  These 
should be run on a server on the internal LAN that is firewalled from the 
outside world with access by VPN if remote access is required.

Remember that unless you are using a SSL, data being sent to and received 
from the server can be easily intercepted.

Tony