1 |
On Thursday 28 May 2009 21:33:02 Mick wrote: |
2 |
> On Thursday 28 May 2009, Alan McKinnon wrote: |
3 |
> > A chroot jail is of no real use to you here - it's a development tool and |
4 |
> > amazingly useful for gentoo installs, but has no real security or process |
5 |
> > separation benefits. So says Alan - not me, a different one. |
6 |
> |
7 |
> OK, thanks for this to both of you! :) |
8 |
> |
9 |
> > Your problem will be that only one apache instance can run on port 80. |
10 |
> |
11 |
> That's no problem. I can run the payment managing website on a different |
12 |
> port. |
13 |
> |
14 |
> > Your options: |
15 |
> > 1. Run the ecommerce apache on a different port. |
16 |
> |
17 |
> Yep, SSL, different port. |
18 |
> |
19 |
> > 2. Install a second NIC with a different IP and bind each apache to port |
20 |
> > 80 on it's own nic. |
21 |
> |
22 |
> How do you do this? |
23 |
|
24 |
It' sin the apache docs, called "IP based virtual hosts" if memory serves. |
25 |
|
26 |
Basically, you'll modify the standard apache init script and make a copy to be |
27 |
able to treat two apaches as separate apps. Instead of simply specifying the |
28 |
port, specify an IP and a port in the config. You must use different hostnames |
29 |
too obviously, and get this info into DNS. |
30 |
|
31 |
Start apache-1, start apache-2, voila |
32 |
|
33 |
> > 3. If you use separate mysqls, run them on different ports. |
34 |
> |
35 |
> I'll need to run them using /usr/bin/mysql --options I guess, rather than |
36 |
> using the /etc/init.d scripts, right? |
37 |
|
38 |
Yup, two configs, two init scripts, two instances. |
39 |
Just like apache. |
40 |
|
41 |
> > However, it's an e-commerce site so one must state the obvious: |
42 |
> > |
43 |
> > You must be out of your mind running an ecommerce site on the same |
44 |
> > machine as other php vhosts. Please give me the URL so I know never to |
45 |
> > buy there - I have no way of knowing what those vhosts are, who the |
46 |
> > webmaster is and how secure they are. |
47 |
> |
48 |
> Is the fear that one of these apache vhosts installations will be |
49 |
> compromised and then the ecommerce/payment website will get hacked from the |
50 |
> inside? |
51 |
|
52 |
Yes. |
53 |
|
54 |
You do not ever want people's credit card details exposed or stolen. You need |
55 |
to take extraordinary efforts or customers will not trust you. |
56 |
|
57 |
Any thought you ever have along the lines of "I don't need to do thing X as |
58 |
that will not happen" - beware, that's the very time that Murphy makes X |
59 |
happen... |
60 |
|
61 |
> > So I recommend option 4: |
62 |
> > |
63 |
> > Pony up the money for server #2 |
64 |
> |
65 |
> Hmm, yes that's what I was trying to avoid. ;-) |
66 |
> |
67 |
> Would running complete virtual servers to achieve separation be any/much |
68 |
> better? |
69 |
|
70 |
It's almost as good as separate hardware, especially if you have a good |
71 |
virtual machine system that gives you complete separation of network |
72 |
interfaces - either physical or virtual. |
73 |
|
74 |
If the box can handle the load, I say go with this approach. You have to have |
75 |
an enormous site with heaps of users to outrun an average modern server |
76 |
|
77 |
-- |
78 |
alan dot mckinnon at gmail dot com |