| 1 |
Alan McKinnon wrote: |
| 2 |
> On Thursday 28 May 2009 20:57:08 Mick wrote: |
| 3 |
>> |
| 4 |
>> I am considering running an ecommerce website (php+mysql) on a server which |
| 5 |
>> is already running apache (with a number of virtual hosts) and a couple of |
| 6 |
>> php+mysql driven websites. |
| 7 |
>> |
| 8 |
>> The ecommerce website is meant to be used to process customer payments. I |
| 9 |
>> have not looked into setting up something like this before and I am not |
| 10 |
>> sure where to start. Should I be thinking of chroot jails, multiple |
| 11 |
>> apache/mysql installations, or what else is recommended? How do you do it |
| 12 |
>> in your implementations? |
| 13 |
> |
| 14 |
> A chroot jail is of no real use to you here - it's a development tool and |
| 15 |
> amazingly useful for gentoo installs, but has no real security or process |
| 16 |
> separation benefits. So says Alan - not me, a different one. |
| 17 |
> |
| 18 |
> Your problem will be that only one apache instance can run on port 80. |
| 19 |
> Your options: |
| 20 |
> 1. Run the ecommerce apache on a different port. |
| 21 |
> 2. Install a second NIC with a different IP and bind each apache to port 80 on |
| 22 |
> it's own nic. |
| 23 |
> 3. If you use separate mysqls, run them on different ports. |
| 24 |
> |
| 25 |
> However, it's an e-commerce site so one must state the obvious: |
| 26 |
> |
| 27 |
> You must be out of your mind running an ecommerce site on the same machine as |
| 28 |
> other php vhosts. Please give me the URL so I know never to buy there - I have |
| 29 |
> no way of knowing what those vhosts are, who the webmaster is and how secure |
| 30 |
> they are. |
| 31 |
> |
| 32 |
> So I recommend option 4: |
| 33 |
> Pony up the money for server #2 |
| 34 |
|
| 35 |
Ad.2: he can assign 2 IPs to single NIC. No need to buy the second NIC. |
| 36 |
|
| 37 |
BTW, I was in a similar situation: one user wanted to use notoriously |
| 38 |
buggy phpBB, but I did not want to risk compromising my other web-pages. |
| 39 |
|
| 40 |
So I have opted for #5: vserver-sources, and I have multiple instances |
| 41 |
of apache running in pretty good isolated vserver-guests. |
| 42 |
My ¤0.0144 ... |
| 43 |
|
| 44 |
Jarry |
| 45 |
|
| 46 |
-- |
| 47 |
_______________________________________________________________ |
| 48 |
This mailbox accepts e-mails only from selected mailing-lists! |
| 49 |
Everything else is considered to be spam and therefore deleted. |
Archives