On Thursday 28 May 2009 21:33:02 Mick wrote: > On Thursday 28 May 2009, Alan McKinnon wrote: > > A chroot jail is of no real use to you here - it's a development tool and > > amazingly useful for gentoo installs, but has no real security or process > > separation benefits. So says Alan - not me, a different one. > > OK, thanks for this to both of you! :) > > > Your problem will be that only one apache instance can run on port 80. > > That's no problem. I can run the payment managing website on a different > port. > > > Your options: > > 1. Run the ecommerce apache on a different port. > > Yep, SSL, different port. > > > 2. Install a second NIC with a different IP and bind each apache to port > > 80 on it's own nic. > > How do you do this?
It' sin the apache docs, called "IP based virtual hosts" if memory serves. Basically, you'll modify the standard apache init script and make a copy to be able to treat two apaches as separate apps. Instead of simply specifying the port, specify an IP and a port in the config. You must use different hostnames too obviously, and get this info into DNS. Start apache-1, start apache-2, voila > > 3. If you use separate mysqls, run them on different ports. > > I'll need to run them using /usr/bin/mysql --options I guess, rather than > using the /etc/init.d scripts, right? Yup, two configs, two init scripts, two instances. Just like apache. > > However, it's an e-commerce site so one must state the obvious: > > > > You must be out of your mind running an ecommerce site on the same > > machine as other php vhosts. Please give me the URL so I know never to > > buy there - I have no way of knowing what those vhosts are, who the > > webmaster is and how secure they are. > > Is the fear that one of these apache vhosts installations will be > compromised and then the ecommerce/payment website will get hacked from the > inside? Yes. You do not ever want people's credit card details exposed or stolen. You need to take extraordinary efforts or customers will not trust you. Any thought you ever have along the lines of "I don't need to do thing X as that will not happen" - beware, that's the very time that Murphy makes X happen... > > So I recommend option 4: > > > > Pony up the money for server #2 > > Hmm, yes that's what I was trying to avoid. ;-) > > Would running complete virtual servers to achieve separation be any/much > better? It's almost as good as separate hardware, especially if you have a good virtual machine system that gives you complete separation of network interfaces - either physical or virtual. If the box can handle the load, I say go with this approach. You have to have an enormous site with heaps of users to outrun an average modern server -- alan dot mckinnon at gmail dot com
