On Thu, Sep 07, 2000 at 07:13:11AM -0700, john traenky wrote:
> I'm very much impressed with the short list of known
> exploits for this code. This leaves only my ability
> to administer securely as a hole.
Of course in this situation you should almost certainly run rsync over
ssh.
> In a similar vein, if you have 2 physical web servers
> which must share common information, which is better:
> NFS mount a common repository or rsync to 2 individual
> sources? NFS in an Internet environment can be dicey
> security-wise, so any stories--pro or con--would be
> appreciated. TIA.
My opinion is that it would be much better to make the web servers
completely independent: both because you're more secure without NFS,
and it avoids having a common point of failure.
I manage the small rproxy web site using this Makefile:
------
pages=index docs download lists devel resources cvs mirrors
latte_pages=$(addsuffix .latte, $(pages))
html_pages=$(addsuffix .html, $(pages))
extra=robots.txt penguin_xshirt.png rproxy-key.asc flowchart.png
sites=front.linuxcare.com.au:/var/www/projects/rproxy/ \
rproxy.sourceforge.net:/home/groups/rproxy/htdocs
all: $(html_pages)
%.html: %.latte style.latte
latte-html $(LATTE_FLAGS) -lstyle.latte -o $@ $<
upload: $(html_pages) $(extra)
for i in $(sites); do rsync -l -v -e ssh $(html_pages) $(extra) $$i; done
.PHONY: clean
clean:
rm -f $(html_pages)
------
Latte (latte.org) is a very nice HTML pre-processor for generating
pages.
--
Martin Pool http://linuxcare.com.au/rproxy/
rproxy accelerates HTTP by dynamic caching and differential update
PGP signature
