Best practice for web server setup?
I am wondering if anyone can point me in the right direction for setting up my company web server..
The basics are that I am setting up an Ubuntu 10.04 web server on a Linode 512.. The server will run our internal web based applications and database being accessible from all our business locations.. It will also at some point in the future host the company website with a customer portal so customers can manage their requirements themselves (in other words the site will link to the company database on the server).. I don't expect any real volume through the server at all, certainly not thousands of hits per day..
In addition to this I want to setup a development site for continued development and testing of the applications and website that can then be copied to the live site when testing is complete..
So I will probably have something like three virtual servers being
No need for email or ftp or any other services really at this point..
Setting up the Ubuntu box and using "tasksel" to create the LAMP server is easy enough.. What I am looking at more specifically is setting up the virtual hosts for the various sites..
Is it recommended to create user accounts for each function, i.e internal, www and dev, and then setup a public_html directory in each home directory and get Apache to serve the files from there? or should I just create subdirectories of /var/www and put them all there to avoid problems running the sites (permissions etc.. )??
Or would I be better off with something like ISPconfig to create the sites and manage the server?
Any suggestions or things to look out for would be appreciated..
14 Replies
> Setting up the Ubuntu box and using "tasksel" to create the LAMP server is easy enough.
+1 for this. I don't think this gets mentioned enough.
@glg:
The guide in the library covers virtual hosts. With only a few sites, ISPConfig is overkill.
http://library.linode.com/lamp-guides/u … .04-lucid/">http://library.linode.com/lamp-guides/ubuntu-10.04-lucid/
So as per the guide you recommend having the web files all under /var/www rather than in the home directories of individual users?
@wipeout:
@glg:The guide in the library covers virtual hosts. With only a few sites, ISPConfig is overkill.
http://library.linode.com/lamp-guides/u … .04-lucid/">http://library.linode.com/lamp-guides/ubuntu-10.04-lucid/ So as per the guide you recommend having the web files all under /var/www rather than in the home directories of individual users?
The guide suggests /srv/www, the idea being that /srv would be it's own mount point.
Just don't do something crazy like /usr/local/www or /www or, god forbid, /something/html.
The 'pedia has a good table summarizing the Filesystem Hierarchy Standard, a document which has effectively removed all barriers to compatibility between different platforms and distributions, and has caused more and bloodier wars than anything else in the history of Linux:
@hoopycat:
I have found that it doesn't make a lick of difference.
Ok, so far so good, but then you say…
@hoopycat:
Just don't do something crazy like /usr/local/www or /www
If it doesn't make a bit of difference, then why is /www bad?
@hoopycat:
http://en.wikipedia.org/wiki/Filesystem … y_Standard">http://en.wikipedia.org/wiki/FilesystemHierarchyStandard
Huh, there's at least one mistake on that page (mistakes? In wikipedia? Say it ain't so!)
/usr/local need not be local to the machine; the standard merely says "locally". I was part of the original FSSTND group (yeah, you can blame me if you want) and there we'd said "local" was along the lines of "local to the admin" so it could be site-local or machine-local or whatever; it was out of the control of the OS distributor and up to the local admins as to what they wanted to do with it.
I admit we could have been a little bit clearer on that
I asked in IRC and someone mentioned (as was said here) it's basically a matter of preference… but then said in regard to /home/user-name/public_html, that it "requires traverse rights for everyone into home directories, which might be worse off security-wise", and didn't end up explaining further. Are there security implications for running sites from inside the user's home directory versus /srv/www? If I made /srv/www/user-name the home directory, would that cause the same issue? I'm mostly hoping for my users to be able to SFTP in and end up at the right place to work with the website files, and not have to jump around to another part of the file system after connecting. Would a symlink from their home dir into the website files be a good move?
Directly related to the question of folder structure for serving websites, is what are the appropriate user:group and permissions that the website folder should be running under, to ensure proper security and functionality? Should users be added to the www-data group or anything like that?
Anyhow, again glad people are discussing this question right when I was wondering about it myself.
Thanks in advance for your advice!
@jzimmerlin:
> Setting up the Ubuntu box and using "tasksel" to create the LAMP server is easy enough.+1 for this. I don't think this gets mentioned enough.
tasksel is going to install Apache with it's default, memory hungry, config.
I would definitely recommend using the LAMP StackScript to deploy your base LAMP stack. It will configure Apache/MySQL to use a much more reasonable amount of memory.
@JshWright:
tasksel is going to install Apache with it's default, memory hungry, config.
I would definitely recommend using the LAMP StackScript to deploy your base LAMP stack. It will configure Apache/MySQL to use a much more reasonable amount of memory.
Good point. I always have to tune my Apache config, which isn't really a big deal, but worth noting.
> I asked in IRC and someone mentioned (as was said here) it's basically a matter of preference… but then said in regard to /home/user-name/public_html, that it "requires traverse rights for everyone into home directories, which might be worse off security-wise", and didn't end up explaining further. Are there security implications for running sites from inside the user's home directory versus /srv/www? If I made /srv/www/user-name the home directory, would that cause the same issue? I'm mostly hoping for my users to be able to SFTP in and end up at the right place to work with the website files, and not have to jump around to another part of the file system after connecting. Would a symlink from their home dir into the website files be a good move?
Stick your web files in /home/
That way your users will automatically be shown their home directory when they log in and can't wander around the file system.
> Directly related to the question of folder structure for serving websites, is what are the appropriate user:group and permissions that the website folder should be running under, to ensure proper security and functionality? Should users be added to the www-data group or anything like that?
No the default umask for your users will be 022 which means the owner can read/write and others/group can just read, the others reading will allow the web server to do it's job.