Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-22-2012, 02:36 AM   #1
Baseband Member
 
Mirageboss's Avatar
 
Join Date: Dec 2012
Location: Australia
Posts: 91
Default Server Software - Linux

So my mate and I are starting the Webhosting industry, done loads of work in this industry before so not going into it with a blind eye.

I wondered whats the best to use:

Firewall: CSF/LFD or something else?
Apache: Apache or Litespeed etc.

Just wondered if anyone has been in this industry before, if so, what did/do they use?

Will be running CentOS 6.

Thanks
__________________

Mirageboss is offline   Reply With Quote
Old 12-22-2012, 06:10 AM   #2
Daemon Poster
 
dale's Avatar
 
Join Date: Mar 2012
Location: Taiwan
Posts: 1,008
Default Re: Server Software - Linux

CSF with LFD works great for me.

I use Apache, but there are lighter options out there.
__________________

__________________
distrACT -- an open community
● It helps to ask questions effectively
● Please join Server admins social group if you are into servers
dale is offline   Reply With Quote
Old 12-23-2012, 02:16 AM   #3
Baseband Member
 
Mirageboss's Avatar
 
Join Date: Dec 2012
Location: Australia
Posts: 91
Default

Yeah I was looking around and litespeed was good. I was also tossing up this as rumour has it apache is easier to drop in a DOS attack more so than litespeed etc
Mirageboss is offline   Reply With Quote
Old 12-23-2012, 06:24 AM   #4
Daemon Poster
 
dale's Avatar
 
Join Date: Mar 2012
Location: Taiwan
Posts: 1,008
Default Re: Server Software - Linux

I am guessing you are referring to this exploit [mail-archives.apache.org] (mitigation methods included).
__________________
distrACT -- an open community
● It helps to ask questions effectively
● Please join Server admins social group if you are into servers
dale is offline   Reply With Quote
Old 12-23-2012, 10:37 AM   #5
Baseband Member
 
Mirageboss's Avatar
 
Join Date: Dec 2012
Location: Australia
Posts: 91
Default Re: Server Software - Linux

Yeah that the one Dale!
Mirageboss is offline   Reply With Quote
Old 12-24-2012, 07:44 AM   #6
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,003
Default Re: Server Software - Linux

the company I work for is a cloud services provider. including website hosting.

we use windows 2008, IIS6 or 7, MSSQL backends.
Jet Nexus loadbalancers.
Cisco Firewalls and routers.
All hosted on VMWare ESXi.
through three Datacentres, with SRM recovery and fail-over in each.
A backup solution that has primary and DR "vaults" on different SANs in different data centres that use Delta backups with compression and de-duping to make the best use of the data. (and those SANs are different from the data holding the server "disks")

if someone wants linux hosting then they can be provided with a Centos VM with Apache as our preference of hosting choices. but whatever they want if they have a preference.

Then we also have most sites mirrored world wide by Akami.

but, assuming you don't have money to spunk on data centre cages (private rooms with many racks), multiple servers some of which sit virtually redundant. multiple lines, with multiple routers in failover configurations, warm standbys, equipment literally going to waste as cold standby and maybe don't even have the speciality to have multiple lines a huge IP blocks and the knowledge to sort out the BGP....


as a start, I'd say get a decent hardware firewall. Hardware is better than software.
Host virtually using VMWare. it's hugely flexible, you can offer dedicated servers or shared servers, using VMware means that you can scale up and down hosts as necessary. it also means that you can give customers exit opportunities of just providing VMDK files. and you can "on-board" customers by saying just send a VMDK of your existing webserver. (even made using P2V or V2V tools).

don't put a firewall on your machines, it's overly complicated, and takes unnecessary CPU time. also has to be configured individually on every host.
Only allow the ports you need with the hardware firewall.
A well designed network with hardware firewall at the outside and networks segregated using VLANS is much (much) better than trying to use firewalls on a flat network.

(that way you can not only give dedicated virtual machines to your customers, but also you can give dedicated virtual networks).

It's all very well telling a customer that there is a firewall on the machine preventing connections at layer 6 or 7.
but with the use of Vlans, you can prevent connections at layer 2 -much more secure!


this all sounds expensive,
but it's not.
you've already got servers,
a hardware firewall may already be being provided by your ISP.
a switch capable of Vlan tagging can be gotten for a few thousand pounds, (or less second hand)
VMWare isn't all that expensive. and if you've not yet got the money to spend on SANs then there is an appliance that takes this disks in your servers.
Raids them internally, and mirrors them to a partner server, to create shared storage on local machines mirrored throughout an array of machines.
(it is a bit disk intensive, but still cheaper than a real SAN for starting out!)
that offers you fully redundant esx hosts, where machines can failover in case of host problems.

above all else remember that uptime is king.

if you have hardware hosts instead of virtual hosts a simple failure can flaw your shared server, (and perhaps hundreds of websites) for a long time.
Virtual servers can be moved, sometimes instantly. -sometimes even moved on a hardware warning from the server. so that you can fix problems BEFORE then become problems.

If you can't offer guaranteed uptime, then you aren't all that useful. -we provide uptime guaranteed, with financial penalties and fines attached if sites are unavailable.

the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 12-24-2012, 08:15 AM   #7
Daemon Poster
 
dale's Avatar
 
Join Date: Mar 2012
Location: Taiwan
Posts: 1,008
Default Re: Server Software - Linux

Quote:
Originally Posted by root View Post
the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.
The Thanks system doesn't seem to be working, so: thank you! this really puts things into perspective!
__________________
distrACT -- an open community
● It helps to ask questions effectively
● Please join Server admins social group if you are into servers
dale is offline   Reply With Quote
Old 12-27-2012, 03:16 AM   #8
Baseband Member
 
Mirageboss's Avatar
 
Join Date: Dec 2012
Location: Australia
Posts: 91
Default Re: Server Software - Linux

Quote:
Originally Posted by root View Post
the company I work for is a cloud services provider. including website hosting.

we use windows 2008, IIS6 or 7, MSSQL backends.
Jet Nexus loadbalancers.
Cisco Firewalls and routers.
All hosted on VMWare ESXi.
through three Datacentres, with SRM recovery and fail-over in each.
A backup solution that has primary and DR "vaults" on different SANs in different data centres that use Delta backups with compression and de-duping to make the best use of the data. (and those SANs are different from the data holding the server "disks")

if someone wants linux hosting then they can be provided with a Centos VM with Apache as our preference of hosting choices. but whatever they want if they have a preference.

Then we also have most sites mirrored world wide by Akami.

but, assuming you don't have money to spunk on data centre cages (private rooms with many racks), multiple servers some of which sit virtually redundant. multiple lines, with multiple routers in failover configurations, warm standbys, equipment literally going to waste as cold standby and maybe don't even have the speciality to have multiple lines a huge IP blocks and the knowledge to sort out the BGP....


as a start, I'd say get a decent hardware firewall. Hardware is better than software.
Host virtually using VMWare. it's hugely flexible, you can offer dedicated servers or shared servers, using VMware means that you can scale up and down hosts as necessary. it also means that you can give customers exit opportunities of just providing VMDK files. and you can "on-board" customers by saying just send a VMDK of your existing webserver. (even made using P2V or V2V tools).

don't put a firewall on your machines, it's overly complicated, and takes unnecessary CPU time. also has to be configured individually on every host.
Only allow the ports you need with the hardware firewall.
A well designed network with hardware firewall at the outside and networks segregated using VLANS is much (much) better than trying to use firewalls on a flat network.

(that way you can not only give dedicated virtual machines to your customers, but also you can give dedicated virtual networks).

It's all very well telling a customer that there is a firewall on the machine preventing connections at layer 6 or 7.
but with the use of Vlans, you can prevent connections at layer 2 -much more secure!


this all sounds expensive,
but it's not.
you've already got servers,
a hardware firewall may already be being provided by your ISP.
a switch capable of Vlan tagging can be gotten for a few thousand pounds, (or less second hand)
VMWare isn't all that expensive. and if you've not yet got the money to spend on SANs then there is an appliance that takes this disks in your servers.
Raids them internally, and mirrors them to a partner server, to create shared storage on local machines mirrored throughout an array of machines.
(it is a bit disk intensive, but still cheaper than a real SAN for starting out!)
that offers you fully redundant esx hosts, where machines can failover in case of host problems.

above all else remember that uptime is king.

if you have hardware hosts instead of virtual hosts a simple failure can flaw your shared server, (and perhaps hundreds of websites) for a long time.
Virtual servers can be moved, sometimes instantly. -sometimes even moved on a hardware warning from the server. so that you can fix problems BEFORE then become problems.

If you can't offer guaranteed uptime, then you aren't all that useful. -we provide uptime guaranteed, with financial penalties and fines attached if sites are unavailable.

the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.
Oh, wow thats a lot of information for me to read through - I'll set some time aside tonight to read it all.

Quote:
Originally Posted by dale View Post
The Thanks system doesn't seem to be working, so: thank you! this really puts things into perspective!
Yeah, this for sure.
__________________

Mirageboss is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:04 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0