Void's Forums

Can anyone tell me what kind of harware I need for a webserver using:

OS:
CentOS 4.4 (what's best 32bit or 64bit?)
and by this OS I think these versions are included:
Apache 2.1
MySQL 4.1
php-mysql 4.3
The webserver is gonna be Joomla and modules/components for that.
I can't think that no more than 50-100 connections at the same time(and I even think that is way above)

Network:
Broadband connection? hmm maybe a 3Mbit connection would be ok(?)

Security:
- For the disks, I'm going for the more cheap choice of RAID 1 both on the system disk and where I place the WebServer/MySQL database.

- Should I install and use SELinux? I've heard that this is a pain to handle, so I never used it.

- And what did you say, Void. I should create a "new" userid and then chown the webfiles to that ID... right? I know it was a bad idea to chown them to the Apache ID, that I do know

- Open up as few firewall ports as possible, only for the web and for my SSH(and this is pointed only to my client's IP Address)

- I'm gonna create .htaccess files where possible

- What else is there that I don't know or haven't said here?

and to another totally different thing...
when the system is up and running, I sure want the latest patches and stuff, but is those compatible enough for me to install so the webserver etc won't crash on me? this thing I never understood really

The size of the server you need completely depends on the amount of traffic you have, how system intensive the web apps are that you are running, and how important the information is that you are serving. For instance, I run this site off of the oldest piece of junk I have lying around. For a while it was running on an 800Mhx Cyrix processor/motherboard that I got from TigerDirect for 10 bucks. I only had 128MB of memory and a 4GB hard drive. That was actually the second machine I ran this site off of. The first machine was an old 90Mhz Dell Dimension desktop. Both of those machine have since quit working and I am currently running it on an old Dell dual 866 processor workstation that was given to me.

I guess my point is that it doesn't take much to run a low utilized web server. I really can give you any more advice because there are too many variables. It's something you should be able to figure out without too much trouble. You don't need a lot of processing power to serve out fairly static web pages. On the other hand if you plan on mirroring the human genome project you'll likely need something a little beefier.

As far as updates I have my systems set up to automatically update themselves every day and email me a report on how things went. I use apt-get on FC6 for this and I don't have any idea how well this process would work on the OS you plan on using. You may choose to update your system manually and if this is important stuff you might want to have a second system that you apply the updates to first so you have a chance to test if anything breaks before applying to a production system. In my case if this site goes down for a short while it isn't any big deal so I automate everything. It comes down to how much work you want to put into it or how fast you want to get pwn3d.

I don't use SELinux although I am pretty anal about security at all levels. That would include file system permissions, application configuration, database configuration, user configuration, good password practices, iptables configuration on system level and a separate DMZ on a hardware firewall which minimal access to only necessary apps from to/from necessary locations. Encryption whereever possible and makes sense (ssh, ssl, etc). I don't use encryption on my forums even for logins so I do break that general rule but I do have some technical reasons for this. I certainly would not be taking sensitive information (credit card or personal information) without encryption but I have no interested in gathering that type of information from anyone.

Thanks

Me too thinks that I can figure out the hardware for it, but I don't wanna exceed too much and since the server is gonna be placed at my apartment I sure want it to be quiet too, thus no extreamly "beefy" machine.

Basher52 wrote:- And what did you say, Void. I should create a "new" userid and then chown the webfiles to that ID... right? I know it was a bad idea to chown them to the Apache ID, that I do know

Is this correct?

Basher52 wrote:

Basher52 wrote:- And what did you say, Void. I should create a "new" userid and then chown the webfiles to that ID... right? I know it was a bad idea to chown them to the Apache ID, that I do know :P

Is this correct?

That's what I do but all that really matters is that the user that the web server runs under can't write or change anything (or to only what is absolutely necessary). So it's not just ownership but permissions too. Files and directories in your web root being owned by root is actually the best but I don't like becoming root to manipulate web content. That's why I change ownership and set permissions to the user I manage my web content with.

Got it

I'll try your configuration cos I like that more than what you say: "owned by root"-thing.
Hopefully I can get this fully operational by doing this, cos "Me/Linux/Web" is so new to me(kinda) that I don't know crap, lol




PS. I gotta thank you SO much for all your answers you have given through "my" years

PS2(In a joke-kinda-way) Do you want to have a course just for me? lol
(hmm, this sentence dont look OK, hope you get it)

That's what these forums are for. I just hope I don't feed too many people full of bull.

Void Main wrote:...full of bull.

yeah right, as you could do that