Best practice for web server setup?
Wipe_Out
wipe_out at users.sourceforge.net
Thu Feb 3 10:23:19 UTC 2011
>
>
> As you have asked some very basic questions, I would suggest that you don't
> do it! You really need to know about security and just setting up a lamp
> server on a VPS is a very insecure way of doing things if you don't know
> what you are doing. You run the risk of getting the websites hacked and
> also the company database/sites hosted on it.
>
> Hi,
Thats largely why I am doing my homework first.. The main reason for looking
into storing the files in different users home directories is to avoid
having all areas of the web services available to all that have permission
to upload to the server.. This would also include anyone
that successfully finds a way into the server..
> You will also need a DNS server if you want the domain found on the
> internet
> and probably some sort of mailing program installed to process mail sent
> from the websites.
>
> DNS is handled by another ISP server so no issues with that and mail for
the domain is handled by google so no issues with those areas.. :)
> If you are determined to do it yourself, I would suggest installing
> something like ehcp (http://ehcp.net/) , ISPConfig
> (
> http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3
> )
> or DTC http://www.gplhost.com/software-dtc.html
>
> I have looked into these packages but they just seem like a complete
overkill because I don't need all the services they offer.. This means I
will be running additional services and using up valuable resource to run
them when I don't need them.. I literally only need web, database and ssh
services on the server.. Thats its..
> It is not a good idea to run internal web based applications on a server
> that has public access unless you really know what you are doing. These
> should be run on a server on the internal LAN that is firewalled from the
> outside world with access by VPN if remote access is required.
>
> Remember that unless you are using a SSL, data being sent to and received
> from the server can be easily intercepted.
>
> Understood.. Before going live on the new server I will be looking
as implementing SSL for the internal apps.. Thats may trigger some more
questions on here.. :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110203/6be7a4ed/attachment.html>
More information about the ubuntu-users
mailing list