Am I nuts?

I run Gentoo on 3 workstations and a server on my LAN. I would like to setup a Linode running Gentoo, just because it seems easy.

I want to run Tomcat 5, Apache, IMAP mail, a possibly some video streaming.

Although, I'm totally confortable with Gentoo, and I'm a developer, I don't have much website admin experience. Am I getting in over my head with Apache and Mail, or is this the hosting service I've been looking for?

For example, I can easily install Apache

emerge -a apache

But, if I do this, I then have to configure Apache and make it secure. Is this going to take up too much time?

Can anyone give some advice from experience?

Thanks

5 Replies

> Although, I'm totally confortable with Gentoo, and I'm a developer, I don't have much website admin experience. Am I getting in over my head with Apache and Mail, or is this the hosting service I've been looking for?

One can get into Apache without too much trouble. There is a lot to configure, but you can get a basic webserver going relatively quickly and there is a lot of help on the web on how to configure it.

Mail, however, is a bugbear. It is like walking into a minefield.. something you should do with trepidation and hopefully someone with experience beside you! It can be rewarding, however, so if you do choose to get into mail just keep your eyes wide open and learn as much as you can!

Thanks for the reply. I did setup gmail once years ago on my home hosted system. And, there are some good wiki mail and even virtual server setup docs. I'll post here, in case someone else will benefit.

http://gentoo-wiki.com/HOWTO_Linux_Virt … ing_Server">http://gentoo-wiki.com/HOWTOLinuxVirtualHostingServer

http://www.gentoo.org/doc/en/virt-mail-howto.xml

I'm starting to talk myself into jumping in. But ….

What about Security? Basically, Apache, Mail, Tomcat, and the rest are all fun and games until you are outside your LAN. I'd hate to loose sleep because some port scanning script kiddies are pounding on my system for a password.

Any chance Linode helps with security like this?

Thanks

@genode:

Any chance Linode helps with security like this?

Linode only does filtering in layers 2 and 3 to stop network screwups. The Planet (Dallas datacentre) blocks some 'popular' exploit ports. HE (Fremont datacentre) doesn't block anything.

Nearly all Linode users run a netfilter/iptables firewall on their machine. FireHOL is an excellent firewall generator which configures iptables to do stateful packet filtering - you decide who accesses what on your machine.

@pclissold:

@genode:

Any chance Linode helps with security like this?

Nearly all Linode users run a netfilter/iptables firewall on their machine.

Right, thanks for the reply. Good to know what I'm getting into.

I'm thinking I'll run just httpd, imap, a firewall and i'll use syslog-ng/stunnel to securely write logs to my machine in my LAN here at home.

Here's a helpful link

http://www.gentoo.org/doc/en/security/s … ndbook.xml">http://www.gentoo.org/doc/en/security/security-handbook.xml

@genode:

@pclissold:

@genode:

Any chance Linode helps with security like this?

Nearly all Linode users run a netfilter/iptables firewall on their machine.

Right, thanks for the reply. Good to know what I'm getting into.

I'm thinking I'll run just httpd, imap, a firewall and i'll use syslog-ng/stunnel to securely write logs to my machine in my LAN here at home.

Here's a helpful link

http://www.gentoo.org/doc/en/security/s … ndbook.xml">http://www.gentoo.org/doc/en/security/security-handbook.xml

I'm currently running Gentoo (and have done so for over a year on the Linode) but will soon switch to Debian because of lower overhead. I.e., no source build overhead on the Linode.

Still, it's worked well for me so far. I do indeed run an iptables-based firewall, syslog-ng, amongst other goodies, and it has worked out great. (Along with Apache v2 + SSL, postfix for email, etc.)

If you need pointers with iptables rules, just post in a new thread. I'd be more than happy to assist, or the other users here. Also, if you're new to iptables, might want to look at tools like Shoreline (aka 'Shorewall') which is an OSS tool to build and maintain iptables configs.

Cheers.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct