Alan McKinnon wrote:
On Thursday 28 May 2009 20:57:08 Mick wrote:
I am considering running an ecommerce website (php+mysql) on a server which
is already running apache (with a number of virtual hosts) and a couple of
php+mysql driven websites.
The ecommerce website is meant to be used to process customer payments. I
have not looked into setting up something like this before and I am not
sure where to start. Should I be thinking of chroot jails, multiple
apache/mysql installations, or what else is recommended? How do you do it
in your implementations?
A chroot jail is of no real use to you here - it's a development tool and
amazingly useful for gentoo installs, but has no real security or process
separation benefits. So says Alan - not me, a different one.
Your problem will be that only one apache instance can run on port 80.
Your options:
1. Run the ecommerce apache on a different port.
2. Install a second NIC with a different IP and bind each apache to port 80 on
it's own nic.
3. If you use separate mysqls, run them on different ports.
However, it's an e-commerce site so one must state the obvious:
You must be out of your mind running an ecommerce site on the same machine as
other php vhosts. Please give me the URL so I know never to buy there - I have
no way of knowing what those vhosts are, who the webmaster is and how secure
they are.
So I recommend option 4:
Pony up the money for server #2
Ad.2: he can assign 2 IPs to single NIC. No need to buy the second NIC.
BTW, I was in a similar situation: one user wanted to use notoriously
buggy phpBB, but I did not want to risk compromising my other web-pages.
So I have opted for #5: vserver-sources, and I have multiple instances
of apache running in pretty good isolated vserver-guests.
My €0.0144 ...
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
