On Thursday 28 May 2009 20:57:08 Mick wrote: > Hi All, > > I am considering running an ecommerce website (php+mysql) on a server which > is already running apache (with a number of virtual hosts) and a couple of > php+mysql driven websites. > > The ecommerce website is meant to be used to process customer payments. I > have not looked into setting up something like this before and I am not > sure where to start. Should I be thinking of chroot jails, multiple > apache/mysql installations, or what else is recommended? How do you do it > in your implementations?
A chroot jail is of no real use to you here - it's a development tool and amazingly useful for gentoo installs, but has no real security or process separation benefits. So says Alan - not me, a different one. Your problem will be that only one apache instance can run on port 80. Your options: 1. Run the ecommerce apache on a different port. 2. Install a second NIC with a different IP and bind each apache to port 80 on it's own nic. 3. If you use separate mysqls, run them on different ports. However, it's an e-commerce site so one must state the obvious: You must be out of your mind running an ecommerce site on the same machine as other php vhosts. Please give me the URL so I know never to buy there - I have no way of knowing what those vhosts are, who the webmaster is and how secure they are. So I recommend option 4: Pony up the money for server #2 -- alan dot mckinnon at gmail dot com
