Re: Help me choose OS for django server

[Nikolas Stevenson-Molnar]

Whatever gives you separate physical resources. The idea is to prevent your app 
and static content delivery from interfering (i.e., consuming CPU, memory, 
bandwidth) with each other. The cheapest and most effective way to accomplish 
this is using a CDN or something like Amazon's S3. For relatively light usage, 
it will only cost you a few dollars a month, and you don't need to worry about 
setting up and maintaining a separate server yourself.

_Nik

On Nov 1, 2012, at 12:06 PM, Chris Pagnutti wrote:

> So by "another server entirely" you mean to actually subscribe to another 
> hosting service (or a second account on my current service)?  I'm sure it's 
> in the docs if I look, but how would I deal with media uploads that way?
> 
> On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
> Hi.  I want to set up a production server for a django application.  
> constant.com offers Virtual Private Servers which should give me virtually 
> full control over the server, allowing me to install django and all the stuff 
> I need for my app to run properly.
> 
> First, is this a good idea?  Do you think I can do this securely using the 
> django, apache, and lighttpd docs? or am I asking for trouble?  What are the 
> major security issues I need to be aware of when administering a server?
> 
> Also, if I go this route, I'll need to choose an OS.  I'm running a 
> production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
> don't think arch is the best idea.  I'm sorta trying to decide between CentOS 
> and Ubuntu.  Leaning toward CentOS, but just a little worried it might be 
> missing some of the packages I need.  I've never used CentOS before.  Any 
> advice?
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/django-users/-/UQij5ebLzwYJ.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Chris Pagnutti]

So by "another server entirely" you mean to actually subscribe to another 
hosting service (or a second account on my current service)?  I'm sure it's 
in the docs if I look, but how would I deal with media uploads that way?

On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
> Hi.  I want to set up a production server for a django application.  
> constant.com offers Virtual Private Servers which should give me 
> virtually full control over the server, allowing me to install django and 
> all the stuff I need for my app to run properly.
>
> First, is this a good idea?  Do you think I can do this securely using the 
> django, apache, and lighttpd docs? or am I asking for trouble?  What are 
> the major security issues I need to be aware of when administering a server?
>
> Also, if I go this route, I'll need to choose an OS.  I'm running a 
> production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
> don't think arch is the best idea.  I'm sorta trying to decide between 
> CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it 
> might be missing some of the packages I need.  I've never used CentOS 
> before.  Any advice?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/UQij5ebLzwYJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Nikolas Stevenson-Molnar]

Apache+mod_wsgi is one solution (the docs also mention several others).
Their main point is that you shouldn't serve static content via Django.
Ideally, you'd serve static content from another server entirely or via
a CDN. If you are serving files + app on the same server, I think it's
fine to use nginx for both since unlike the Apache+mod_wsgi setup, nginx
isn't actually running the Django app, but simply acting as a proxy.

_Nik

On 10/30/2012 6:04 PM, Chris Pagnutti wrote:
> Hi all.  Thanks to everyone for their comments.  If Debian is
> available, I think I like that idea for the OS.
>
> As for server security, I think I had the basics, but there are some
> great points in your replies.  
>
> @Nik:
> Just following the django docs, it recommends Apache+mod_wsgi for the
> django app, and either lighttpd or nginx to serve media.  I liked the
> idea of serving media separately because the app is heavy on video
> streaming.  Is your suggestion to serve both the app and media using
> nginx?  Is this more secure?  Better performance?  Can you please
> point me to some docs that explain how to set up nginx for django?
>  Will google it in the meantime.
>
> Thanks a whole bunch.
>
> On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
> Hi.  I want to set up a production server for a django
> application.  constant.com  offers Virtual
> Private Servers which should give me virtually full control over
> the server, allowing me to install django and all the stuff I need
> for my app to run properly.
>
> First, is this a good idea?  Do you think I can do this securely
> using the django, apache, and lighttpd docs? or am I asking for
> trouble?  What are the major security issues I need to be aware of
> when administering a server?
>
> Also, if I go this route, I'll need to choose an OS.  I'm running
> a production server (just Apache + mod_wsgi) using my Arch Linux
> box, but I don't think arch is the best idea.  I'm sorta trying to
> decide between CentOS and Ubuntu.  Leaning toward CentOS, but just
> a little worried it might be missing some of the packages I need.
>  I've never used CentOS before.  Any advice?
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/Z-S0RK7YEicJ.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Christophe Pettus]

On Oct 31, 2012, at 12:41 PM, Javier Guerra Giraldez wrote:

> maybe, maybe not.   the point is that H.264 is not free, not gratis,
> not open.

If you are streaming H.264-encoded video free to end users, you don't have to 
pay fees, and will never have to:


http://www.mpegla.com/Lists/MPEG%20LA%20News%20List/Attachments/231/n-10-08-26.pdf

If you are changing end users, there are potentially fees, but they are quite 
modest:

http://www.mpegla.com/main/programs/AVC/Documents/AVC_TermsSummary.pdf
--
-- Christophe Pettus
   x...@thebuild.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Javier Guerra Giraldez]

On Wed, Oct 31, 2012 at 2:17 PM, Chris Pagnutti
 wrote:
> Hi Waitman,
>
> Do you mean that if I stream mp4 videos from my site, I have to pay someone
> royalties?

maybe, maybe not.   the point is that H.264 is not free, not gratis,
not open.  but there's a "free of charge" use-case as a gift from
MPEG-LA to most harmless users... check first with a lawyer, as it's
far from obvious and could get you in deep troubles

-- 
Javier

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Chris Pagnutti]

Hi Waitman,

Do you mean that if I stream mp4 videos from my site, I have to pay someone 
royalties?  

On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
> Hi.  I want to set up a production server for a django application.  
> constant.com offers Virtual Private Servers which should give me 
> virtually full control over the server, allowing me to install django and 
> all the stuff I need for my app to run properly.
>
> First, is this a good idea?  Do you think I can do this securely using the 
> django, apache, and lighttpd docs? or am I asking for trouble?  What are 
> the major security issues I need to be aware of when administering a server?
>
> Also, if I go this route, I'll need to choose an OS.  I'm running a 
> production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
> don't think arch is the best idea.  I'm sorta trying to decide between 
> CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it 
> might be missing some of the packages I need.  I've never used CentOS 
> before.  Any advice?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/3WNpBYOLb-8J.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Waitman Gobble]

On Tue, Oct 30, 2012 at 7:39 PM, Chris Pagnutti wrote:

> Yeah.  Hosting the videos ourselves was one of the primary requirements
> for this project.
>
>
> On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
>> Hi.  I want to set up a production server for a django application.
>> constant.com offers Virtual Private Servers which should give me
>> virtually full control over the server, allowing me to install django and
>> all the stuff I need for my app to run properly.
>>
>> First, is this a good idea?  Do you think I can do this securely using
>> the django, apache, and lighttpd docs? or am I asking for trouble?  What
>> are the major security issues I need to be aware of when administering a
>> server?
>>
>> Also, if I go this route, I'll need to choose an OS.  I'm running a
>> production server (just Apache + mod_wsgi) using my Arch Linux box, but I
>> don't think arch is the best idea.  I'm sorta trying to decide between
>> CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it
>> might be missing some of the packages I need.  I've never used CentOS
>> before.  Any advice?
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/NTcYbNQTX3gJ.
>
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>

Hi,

It's a great idea, why submit to the beast. There's an h.264 streaming
module for Apache that works quite nice, you might check out. Also check to
see if you qualify to pay patent royalties, i think under 10 minutes is
*gratis*. But you could deliver in webm format, it's a good *free*
alternative however I find it tends to spangle the dark tones a bit, and a
tad too weak in device/browser support.

I've used Red Hat / Fedora / RHEL / CentOS since the gay 90's so I'm
obviously pro-CentOS. On a personal level I feel like I'm being forced to
swim in jello with water wings while using Ubuntu, but it's cozy for many
folks. I understand it's popular.

Waitman Gobble
San Jose California

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Chris Pagnutti]

Yeah.  Hosting the videos ourselves was one of the primary requirements for 
this project.

On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
> Hi.  I want to set up a production server for a django application.  
> constant.com offers Virtual Private Servers which should give me 
> virtually full control over the server, allowing me to install django and 
> all the stuff I need for my app to run properly.
>
> First, is this a good idea?  Do you think I can do this securely using the 
> django, apache, and lighttpd docs? or am I asking for trouble?  What are 
> the major security issues I need to be aware of when administering a server?
>
> Also, if I go this route, I'll need to choose an OS.  I'm running a 
> production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
> don't think arch is the best idea.  I'm sorta trying to decide between 
> CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it 
> might be missing some of the packages I need.  I've never used CentOS 
> before.  Any advice?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/NTcYbNQTX3gJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Lachlan Musicman]

On Wed, Oct 31, 2012 at 2:04 PM, Chris Pagnutti
 wrote:
>
> @Nik:
> Just following the django docs, it recommends Apache+mod_wsgi for the django
> app, and either lighttpd or nginx to serve media.  I liked the idea of
> serving media separately because the app is heavy on video streaming.  Is
> your suggestion to serve both the app and media using nginx?  Is this more
> secure?  Better performance?  Can you please point me to some docs that
> explain how to set up nginx for django?  Will google it in the meantime.

I presume there's a good reason for not using one of the video
streaming services out there (YouT, Vimeo, Blip, torrent into Miro via
rss feed)?

Note that I don't mean to suggest that you *don't* have a good reason
- but I've found that 9 times out of 10, there's no need to eat that
bandwidth cost yourself.

Cheers
L.

-- 
...we look at the present day through a rear-view mirror. This is
something Marshall McLuhan said back in the Sixties, when the world
was in the grip of authentic-seeming future narratives. He said, “We
look at the present through a rear-view mirror. We march backwards
into the future.”

http://www.warrenellis.com/?p=14314

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Chris Pagnutti]

Hi all.  Thanks to everyone for their comments.  If Debian is available, I 
think I like that idea for the OS.

As for server security, I think I had the basics, but there are some great 
points in your replies.  

@Nik:
Just following the django docs, it recommends Apache+mod_wsgi for the 
django app, and either lighttpd or nginx to serve media.  I liked the idea 
of serving media separately because the app is heavy on video streaming. 
 Is your suggestion to serve both the app and media using nginx?  Is this 
more secure?  Better performance?  Can you please point me to some docs 
that explain how to set up nginx for django?  Will google it in the 
meantime.

Thanks a whole bunch.

On Tuesday, October 30, 2012 3:50:30 PM UTC-4, Chris Pagnutti wrote:
>
> Hi.  I want to set up a production server for a django application.  
> constant.com offers Virtual Private Servers which should give me 
> virtually full control over the server, allowing me to install django and 
> all the stuff I need for my app to run properly.
>
> First, is this a good idea?  Do you think I can do this securely using the 
> django, apache, and lighttpd docs? or am I asking for trouble?  What are 
> the major security issues I need to be aware of when administering a server?
>
> Also, if I go this route, I'll need to choose an OS.  I'm running a 
> production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
> don't think arch is the best idea.  I'm sorta trying to decide between 
> CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it 
> might be missing some of the packages I need.  I've never used CentOS 
> before.  Any advice?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/Z-S0RK7YEicJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Fred Stluka]

Chris,

Yes, CentOS is a good choice.  You can find all of the packages you
need at the EPEL yum repo.

Some brief articles I've written about security tools I always use:
http://bristle.com/Tips/Unix.htm#logwatch
http://bristle.com/Tips/Unix.htm#fail2ban
http://bristle.com/Tips/Unix.htm#tripwire

and 9 other security tips:
http://bristle.com/Tips/Unix.htm#unix_security

--Fred

Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.


On 10/30/12 3:50 PM, Chris Pagnutti wrote:
Hi.  I want to set up a production server for a django application. 
 constant.com offers Virtual Private Servers which should give me 
virtually full control over the server, allowing me to install django 
and all the stuff I need for my app to run properly.


First, is this a good idea?  Do you think I can do this securely using 
the django, apache, and lighttpd docs? or am I asking for trouble? 
 What are the major security issues I need to be aware of when 
administering a server?


Also, if I go this route, I'll need to choose an OS.  I'm running a 
production server (just Apache + mod_wsgi) using my Arch Linux box, 
but I don't think arch is the best idea.  I'm sorta trying to decide 
between CentOS and Ubuntu.  Leaning toward CentOS, but just a little 
worried it might be missing some of the packages I need.  I've never 
used CentOS before.  Any advice?

--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/VmvwRcApvVMJ.

To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[John DeRosa]

+2 for fail2ban.

I love reviewing fail2ban's email, and seeing the script kiddies continuing to 
try to login to root. Which is login-disabled on all our servers. Keep trying, 
kids...

John

On Oct 30, 2012, at 4:38 PM, Fred Stluka  wrote:

> +1 for fail2ban
> 
> It's surprising that a 3-year attack eventually succeeded if you
> had fail2ban installed, which should have blocked the attack after
> just a couple tries.  Or had you not yet learned about fail2ban?
> I got hacked once too, before I learned about fail2ban.  Never 
> since.
> 
> --Fred 


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Fred Stluka]

+1 for fail2ban

It's surprising that a 3-year attack eventually succeeded if you
had fail2ban installed, which should have blocked the attack after
just a couple tries.  Or had you not yet learned about fail2ban?
I got hacked once too, before I learned about fail2ban.  Never
since.

--Fred

Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.


On 10/30/12 7:09 PM, Trevor Joynson wrote:


I highly recommend fail2ban.

And definitely use SSH key only auth (PasswordAuthentication no).

I've had a box with a 32 char random password get brute forced. Took 
three years to do, but it happened.


On Oct 30, 2012 4:08 PM, "Nikolas Stevenson-Molnar" 
> wrote:



> First, is this a good idea?  Do you think I can do this securely
using
> the django, apache, and lighttpd docs? or am I asking for trouble?
>  What are the major security issues I need to be aware of when
> administering a server?
This depends on your specific security requirements. If you're mainly
concerned with protecting your server and website from unwanted
tampering, then the important things are 1) only allow connections to
ports you're using (HTTP) and restrict access via SSH to your IP or a
local network; 2) make sure the software you're using is secure (the
ones you mention are good; though I think Apache is vulnerable to
a type
of DDOS attack: http://en.wikipedia.org/wiki/Slowloris); 3) check your
own code; Django is good about security but that doesn't mean you
can't
build an insecure application with it; 4) choose good passwords, etc.
and if you're particularly concerned, consider using keys for your SSH
connection.

> Also, if I go this route, I'll need to choose an OS.  I'm running a
> production server (just Apache + mod_wsgi) using my Arch Linux box,
> but I don't think arch is the best idea.  I'm sorta trying to decide
> between CentOS and Ubuntu.  Leaning toward CentOS, but just a little
> worried it might be missing some of the packages I need.  I've never
> used CentOS before.  Any advice?
I've used both and haven't noticed much difference for the things
I do.
I would recommend nginx in place of lighttpd (better maintained),
and if
you're using either of those, Apache isn't necessary (though you will
need a WSGI server, such as Gunicorn).

_Nik

--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com
.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google 
Groups "Django users" group.

To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Trevor Joynson]

I highly recommend fail2ban.

And definitely use SSH key only auth (PasswordAuthentication no).

I've had a box with a 32 char random password get brute forced. Took three
years to do, but it happened.
On Oct 30, 2012 4:08 PM, "Nikolas Stevenson-Molnar" 
wrote:

>
> > First, is this a good idea?  Do you think I can do this securely using
> > the django, apache, and lighttpd docs? or am I asking for trouble?
> >  What are the major security issues I need to be aware of when
> > administering a server?
> This depends on your specific security requirements. If you're mainly
> concerned with protecting your server and website from unwanted
> tampering, then the important things are 1) only allow connections to
> ports you're using (HTTP) and restrict access via SSH to your IP or a
> local network; 2) make sure the software you're using is secure (the
> ones you mention are good; though I think Apache is vulnerable to a type
> of DDOS attack: http://en.wikipedia.org/wiki/Slowloris); 3) check your
> own code; Django is good about security but that doesn't mean you can't
> build an insecure application with it; 4) choose good passwords, etc.
> and if you're particularly concerned, consider using keys for your SSH
> connection.
>
> > Also, if I go this route, I'll need to choose an OS.  I'm running a
> > production server (just Apache + mod_wsgi) using my Arch Linux box,
> > but I don't think arch is the best idea.  I'm sorta trying to decide
> > between CentOS and Ubuntu.  Leaning toward CentOS, but just a little
> > worried it might be missing some of the packages I need.  I've never
> > used CentOS before.  Any advice?
> I've used both and haven't noticed much difference for the things I do.
> I would recommend nginx in place of lighttpd (better maintained), and if
> you're using either of those, Apache isn't necessary (though you will
> need a WSGI server, such as Gunicorn).
>
> _Nik
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Some Developer]

On 30/10/2012 19:50, Chris Pagnutti wrote:
First, is this a good idea?  Do you think I can do this securely using 
the django, apache, and lighttpd docs? or am I asking for trouble? 
 What are the major security issues I need to be aware of when 
administering a server?


Configure a firewall to block all incoming ports except for port 80, 
443, and 22 (some suggest changing the port that SSH listens on but it 
has no real security value, a simple port scan by an attacker will 
reveal which port it is listening on so don't bother).


Disable root login via SSH.

Disable password logins via SSH.

Rate limit port 22.

Only allow one user (not root) access to the server via SSH.

Use SSH keys for authentication.

Make sure you always have the most recent security updates installed.

Make sure that the database server is not publically accessible (if you 
want to access your database server from your home computer connect to 
it via an SSH tunnel).


Just a few simple steps to take when securing a server.

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Help me choose OS for django server

[Nikolas Stevenson-Molnar]

> First, is this a good idea?  Do you think I can do this securely using
> the django, apache, and lighttpd docs? or am I asking for trouble?
>  What are the major security issues I need to be aware of when
> administering a server?
This depends on your specific security requirements. If you're mainly
concerned with protecting your server and website from unwanted
tampering, then the important things are 1) only allow connections to
ports you're using (HTTP) and restrict access via SSH to your IP or a
local network; 2) make sure the software you're using is secure (the
ones you mention are good; though I think Apache is vulnerable to a type
of DDOS attack: http://en.wikipedia.org/wiki/Slowloris); 3) check your
own code; Django is good about security but that doesn't mean you can't
build an insecure application with it; 4) choose good passwords, etc.
and if you're particularly concerned, consider using keys for your SSH
connection.

> Also, if I go this route, I'll need to choose an OS.  I'm running a
> production server (just Apache + mod_wsgi) using my Arch Linux box,
> but I don't think arch is the best idea.  I'm sorta trying to decide
> between CentOS and Ubuntu.  Leaning toward CentOS, but just a little
> worried it might be missing some of the packages I need.  I've never
> used CentOS before.  Any advice?
I've used both and haven't noticed much difference for the things I do.
I would recommend nginx in place of lighttpd (better maintained), and if
you're using either of those, Apache isn't necessary (though you will
need a WSGI server, such as Gunicorn).

_Nik

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Help me choose OS for django server

[Chris Pagnutti]

Hi.  I want to set up a production server for a django application. 
 constant.com offers Virtual Private Servers which should give me virtually 
full control over the server, allowing me to install django and all the 
stuff I need for my app to run properly.

First, is this a good idea?  Do you think I can do this securely using the 
django, apache, and lighttpd docs? or am I asking for trouble?  What are 
the major security issues I need to be aware of when administering a server?

Also, if I go this route, I'll need to choose an OS.  I'm running a 
production server (just Apache + mod_wsgi) using my Arch Linux box, but I 
don't think arch is the best idea.  I'm sorta trying to decide between 
CentOS and Ubuntu.  Leaning toward CentOS, but just a little worried it 
might be missing some of the packages I need.  I've never used CentOS 
before.  Any advice?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/VmvwRcApvVMJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.