Best file system for a busy webserver
Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? Just curious. I'm getting ready to setup a new box running FreeBSD 9, and since I'm starting from scratch, I'm questioning all my previous assumptions. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? Use stock UFS, just configure it properly. most importantly noatime. Amount of cached data is more important than hit count. Unless your webpage is incredibly bad design or constantly load different set of large amount of small file - filesystem shouldn't be a limit. Repetitive file fetches would go from cache. Just curious. I'm getting ready to setup a new box running FreeBSD 9, and since I'm starting from scratch, I'm questioning all my previous assumptions. Small files will be cached, if you push data from large set of big files that will not fit cache, make sure transfers will be fine. use 32kB block size, 4kB fragment size for UFS add options MAXPHYS=2097152 (or even twice of that) to your kernel config so there will be large transfers from disk. This tuning will not make any harm to small files. My recommendation is for serving files by WWW (or actually - by any means). If you ask for SQL database subsystem then answer is completely different: make sure all database fits memory cache, or is on SSD or it WILL BE SLOW no matter what you use. Do everything you can to limit amount of sync writes. if you use SSD and your database software allow dedicating raw partition - do it. If not - it is not crucial but useful, avoid double buffering of unix cache and database cache. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
On Thu, 16 Aug 2012 10:45:25 -0500 Paul Schmehl pschmehl_li...@tx.rr.com wrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? That's an average of about 3 hits per second. If it's static pages then pretty much anything will handle it easily (but please don't use FAT). If it's dynamic then the whole problem is more complex than a simple page rate. If that load is bursty it may make a difference too. Other considerations may come into play - how big is this filesystem (number of files, maximum number of entries in a directory, volume of data) ? Are there many users needing to be protected from each other ? What about archives ? snapshots ? growth ? churn ? uptime requirements, disaster recovery time ? -- Steve O'Hara-Smith | Directable Mirror Arrays C:WIN | A better way to focus the sun The computer obeys and wins.|licences available see You lose and Bill collects. |http://www.sohara.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
Date: Thu, 16 Aug 2012 10:45:25 -0500 From: Paul Schmehl pschmehl_li...@tx.rr.com To: FreeBSD Questions List freebsd-questions@freebsd.org Subject: Best file system for a busy webserver Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? Just curious. I'm getting ready to setup a new box running FreeBSD 9, and since I'm starting from scratch, I'm questioning all my previous assumptions. Insufficient data for a meaningful answer. A _LOT_ depends on the natue of the pages being served, Is the underlying data fairly 'static', or is it being frequently updated? If 'updated', you need to take into consideration things like 'how often', 'how large', and 'how localized' (in terms of the filesystem structure), are the updates. If file access is almost exclusively reads, the filesystem choice doesn't make much difference O/S 'caching', which occurs above the filesystem level, will handle the 'most frequently accessed' stuff. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
--On August 16, 2012 6:02:57 PM +0100 Steve O'Hara-Smith st...@sohara.org wrote: On Thu, 16 Aug 2012 10:45:25 -0500 Paul Schmehl pschmehl_li...@tx.rr.com wrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? That's an average of about 3 hits per second. If it's static pages then pretty much anything will handle it easily (but please don't use FAT). If it's dynamic then the whole problem is more complex than a simple page rate. If that load is bursty it may make a difference too. Thanks for the reply. It's a combination. There are many static pages, but there is also a php-mysql forum that generates pages on the fly. It accounts for about half of the traffic. I've always used ufs but am wondering if switching to zfs would make sense. This stats page might answer some of your questions: http://www.stovebolt.com/stats/ Basically traffic is steady but it's busiest in the evenings (US time zones) Other considerations may come into play - how big is this filesystem (number of files, maximum number of entries in a directory, volume of data) ? Are there many users needing to be protected from each other ? What about archives ? snapshots ? growth ? churn ? uptime requirements, disaster recovery time ? I don't even know where to begin. There's about 15G of data on the server. Maybe this will help answer your questions: # sysctl -a | grep file kern.maxfiles: 12328 kern.bootfile: /boot/kernel/kernel kern.maxfilesperproc: 11095 kern.openfiles: 492 kern.corefile: %N.core kern.filedelay: 30 p1003_1b.mapped_files: 1 last pid: 40369; load averages: 0.01, 0.03, 0.00 up 104+09:33:44 13:14:49 137 processes: 1 running, 136 sleeping CPU: 0.7% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.2% idle Mem: 229M Active, 6108M Inact, 1056M Wired, 15M Cache, 828M Buf, 514M Free Swap: 16G Total, 28K Used, 16G Free The system is not being stressed. If by users, you means shell accounts, there's two, so that's not really an issue. The site has grown organically over the years from a few hundred hits a month to the now 6-8 million hits (depends on the time of year and the weather - mechanics are usually out in the garage if it's sunny and on the computer when it's not). Uptime is not an issue. The owners have repeatedly said if the site is down for two days they don't care. (The forum users don't feel that way though!) We've had one disaster (hard drive failure and raid failed while I was on vacation), and it took about 36 hours to get back online, but that was 10 years ago. The site doesn't go down - it's running on FreeBSD. :-) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
Paul Schmehl writes: That's an average of about 3 hits per second. If it's static pages then pretty much anything will handle it easily (but please don't use FAT). If it's dynamic then the whole problem is more complex than a simple page rate. If that load is bursty it may make a difference too. Thanks for the reply. It's a combination. There are many static pages, but there is also a php-mysql forum that generates pages on the fly. It accounts for about half of the traffic. I've always used ufs but am wondering if switching to zfs would make sense. ZFS is known to use much more RAM than UFS. While (from the 'top' below) you have enough ... is that RAM best used for ZFS, or for something else? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
On Thu, 16 Aug 2012 13:16:26 -0500 Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On August 16, 2012 6:02:57 PM +0100 Steve O'Hara-Smith st...@sohara.org wrote: On Thu, 16 Aug 2012 10:45:25 -0500 Paul Schmehl pschmehl_li...@tx.rr.com wrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? That's an average of about 3 hits per second. If it's static pages then pretty much anything will handle it easily (but please don't use FAT). If it's dynamic then the whole problem is more complex than a simple page rate. If that load is bursty it may make a difference too. Thanks for the reply. It's a combination. There are many static pages, but there is also a php-mysql forum that generates pages on the fly. It accounts for about half of the traffic. I've always used ufs but am wondering if switching to zfs would make sense. This stats page might answer some of your questions: http://www.stovebolt.com/stats/ Basically traffic is steady but it's busiest in the evenings (US time zones) Other considerations may come into play - how big is this filesystem (number of files, maximum number of entries in a directory, volume of data) ? Are there many users needing to be protected from each other ? What about archives ? snapshots ? growth ? churn ? uptime requirements, disaster recovery time ? I don't even know where to begin. There's about 15G of data on the server. OK I would say there's no pressing reason to consider ZFS for this purpose. You'd save a bit of time in crash recovery with no fsck going on, and perhaps the checksum mechanism would give some peace of mind - but really in 15GB silent corruption is a very slow process - now if it were 15TB ... last pid: 40369; load averages: 0.01, 0.03, 0.00 up 104+09:33:44 13:14:49 137 processes: 1 running, 136 sleeping CPU: 0.7% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.2% idle Mem: 229M Active, 6108M Inact, 1056M Wired, 15M Cache, 828M Buf, 514M Free Swap: 16G Total, 28K Used, 16G Free OTOH you have plenty of memory lying around doing nothing much (6108M inactive) so you can easily support ZFS if you want to play with it's features (the smooth integration of volume management and filesystem is rather cool). The system is not being stressed. If by users, you means shell accounts, there's two, so that's not really an issue. OK so no need for fancy quota schemes then. Uptime is not an issue. The owners have repeatedly said if the site is down for two days they don't care. (The forum users don't feel that way though!) We've had one disaster (hard drive failure and raid failed while I was on vacation), and it took about 36 hours to get back online, but that was 10 years ago. The site doesn't go down - it's running on FreeBSD. :-) It sounds like you have backups or at least some means of restoring the site in the event of disaster so that's all good. If there was a pressing need to be able to get back up fairly quickly and easily I'd be suggesting ZFS in RAID1 with a hot swap bay in which a third disc goes, attached as a third mirror, periodically split it off the mirror take it off site, and replace it with the one that's been off site. There's really nothing here that's pushing you in any particular direction for a filesystem, at 15GB if performance ever becomes a problem a RAID1 of SSDs with UFS would make it fly probably into the hundreds of hits per second range. -- Steve O'Hara-Smith | Directable Mirror Arrays C:WIN | A better way to focus the sun The computer obeys and wins.|licences available see You lose and Bill collects. |http://www.sohara.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
--On August 16, 2012 9:42:30 PM +0100 Steve O'Hara-Smith st...@sohara.org wrote: I don't even know where to begin. There's about 15G of data on the server. OK I would say there's no pressing reason to consider ZFS for this purpose. You'd save a bit of time in crash recovery with no fsck going on, and perhaps the checksum mechanism would give some peace of mind - but really in 15GB silent corruption is a very slow process - now if it were 15TB ... Thanks. last pid: 40369; load averages: 0.01, 0.03, 0.00 up 104+09:33:44 13:14:49 137 processes: 1 running, 136 sleeping CPU: 0.7% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.2% idle Mem: 229M Active, 6108M Inact, 1056M Wired, 15M Cache, 828M Buf, 514M Free Swap: 16G Total, 28K Used, 16G Free OTOH you have plenty of memory lying around doing nothing much (6108M inactive) so you can easily support ZFS if you want to play with it's features (the smooth integration of volume management and filesystem is rather cool). It's hard, nowadays, to buy a server that's too small for our needs. Most of them are way overspec'd for what this server does. Which is a nice luxury to have. It sounds like you have backups or at least some means of restoring the site in the event of disaster so that's all good. Yes, daily, and the servers are always configured in RAID1. If there was a pressing need to be able to get back up fairly quickly and easily I'd be suggesting ZFS in RAID1 with a hot swap bay in which a third disc goes, attached as a third mirror, periodically split it off the mirror take it off site, and replace it with the one that's been off site. There's really nothing here that's pushing you in any particular direction for a filesystem, at 15GB if performance ever becomes a problem a RAID1 of SSDs with UFS would make it fly probably into the hundreds of hits per second range. Thanks for the input, Steve. I appreciate it. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
On 08/16/2012 01:16 PM, Paul Schmehl wrote: Paul Schmehl pschmehl_li...@tx.rr.com wrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? With only 15G of data, I'd recommend a pair of 60G SSD drives like the OCZ Vertex IIIs (About $1/G these days) wired into a *hardware* RAID controller setup to mirror them. This gives you blazing speed and reliability. If you want to add another drive, you can make it RAID 5 which - with the right cabinet and mounting hardware - would give you hotswap capability. I know people are fond of software RAID but I personally do not consider this a very high reliability technology unless you're running true datacenter class hardware with redundant everything (disk, NIC, fiber ...) and that's probably overkill in this case. Good RAID controllers are available from a number of manufacturers. I dunno if FreeBSD supports them, but Rocket has a good reputation (though I've never used them) as do both Adaptec and LSI. In any case, a controller plus 3 drives would probably only set you back in the $500-ish area which seems like a reasonable price point. Furthermore, depending on the amount of stuff that you're serving that is static vs. dynamic, you may get benefit from increasing memory (thereby increasing the likelihood of a cache hit) and increasing the minimum/threshold values for the number of httpd processing running all the time. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
OK I would say there's no pressing reason to consider ZFS for this another ZFS fanatics. it is about performance. direction for a filesystem, at 15GB if performance ever becomes a problem a RAID1 of SSDs with UFS would make it fly probably into the hundreds of hits per second range. classic for ZFS and modern things fanatics. lots of talk about high end hardware nothing about a thread. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
the OCZ Vertex IIIs (About $1/G these days) wired into a *hardware* RAID controller setup to mirror them. This gives you blazing speed just like i would read some popular street PC newspaper. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best file system for a busy webserver
On Thu, Aug 16, 2012 at 10:45 AM, Paul Schmehl pschmehl_li...@tx.rr.comwrote: Does anyone have any opinions on which file system is best for a busy webserver (7 million hits/month)? Is anyone one system noticeably better than any other? Just curious. I'm getting ready to setup a new box running FreeBSD 9, and since I'm starting from scratch, I'm questioning all my previous assumptions. Sounds like you have ample hardware, so I would probably consider ZFS. You get a lot of other options with it which simply aren't available or harder to manage on a UFS system. Things like data integrity, ZIL/ARC, live low-cost snapshots, diff'ing the snapshot, transparent compression, etc all come with ZFS. Great tools for certain scenarios. Properly setup, ZFS RAID functionality will own any hardware raid solution ever presented because ZFS doesn't rely on a battery for consistency, nor do they provide most other features stated including integrity oriented ones. ZFS is intended to work with raw disk/JBOD. Good controllers are still important, they simply don't have the knowledge to use them at peak efficiency. I don't see much benefit to SSD's for this use case. All the common files should be in the fs cache which is at least an order of magnitude faster than flash based memory, and finding enterprise SSD's(preferably SLC) which obey FLUSH commands appropriately and have a capicitor appropriate to production use is something more of a crapshoot than traditional SATA/SAS drives. All that being said, UFS is fine too. I use it most often for light VM installs and where resources are scarce. However the 2 single biggest ZFS feature I like are the data integrity and transparent compression are wonderful which aren't available in UFS. ZFS snapshots are much more functional as well and go well w/ zfs send/receive. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best way to bind webserver to port 80 without running as root
On 01/04/2012 11:10 AM, Dino Vliet wrote: Hi all, suddenly I'm facing this quest on freebsd 8. I need to bind my little webserver running aolserver to port 80. In the past I was always using port 8080 and had my router configured to forward requests on port 80 to the server on port 8080. However, I am planning to host my little site on a virtual server with a hosting company and figuredI can't use the workaround I always used. So my question is, how to bind aolserver to port 80 without running as root as I understood ports below 1024 can only be used by root. I found a sysctl net.inet.ip.portrange.reservedhigh which enables me to set it to 0. However, I don't know what the security ramifications are of using that. Are there any other options I could consider? Thanks Dino ___ freebsd-po...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-portacl.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Wed, Jun 29, 2011 at 5:27 PM, Gary Gatten ggat...@waddell.com wrote: Of course it depends on your apps, but unless you're doing some HUGE number of connections, or your apps are not good, this will be MORE than enough RAM and CPU. (...) Maybe turn this into a virtual host and make some use of that hardware, or just be happy using it at 5% capacity. ... or run some instances of Plone on it. Should be enough to keep it busy and out of the idle thread even at moderate traffic. ;-) G -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
Quoting C. P. Ghost cpgh...@cordula.ws: On Wed, Jun 29, 2011 at 5:27 PM, Gary Gatten ggat...@waddell.com wrote: Of course it depends on your apps, but unless you're doing some HUGE number of connections, or your apps are not good, this will be MORE than enough RAM and CPU. (...) Maybe turn this into a virtual host and make some use of that hardware, or just be happy using it at 5% capacity. ... or run some instances of Plone on it. Should be enough to keep it busy and out of the idle thread even at moderate traffic. ;-) I agree but somehow my extra resources (memory, disk, cpu, etc.) always seem to find sponges in a short period of time. This may be the exception. thanks ed G -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Thu, Jun 30, 2011 at 4:53 PM, eculp ec...@encontacto.net wrote: Quoting C. P. Ghost cpgh...@cordula.ws: On Wed, Jun 29, 2011 at 5:27 PM, Gary Gatten ggat...@waddell.com wrote: Of course it depends on your apps, but unless you're doing some HUGE number of connections, or your apps are not good, this will be MORE than enough RAM and CPU. (...) Maybe turn this into a virtual host and make some use of that hardware, or just be happy using it at 5% capacity. ... or run some instances of Plone on it. Should be enough to keep it busy and out of the idle thread even at moderate traffic. ;-) I agree but somehow my extra resources (memory, disk, cpu, etc.) always seem to find sponges in a short period of time. This may be the exception. It's certainly no exception. Programs tend to expand over time, and when they expand, they tend to use up more time as well. Since space and time complexity of programs are closely linked to and bounded by each other, a corollary to Murphy's Law: Any given program will expand to fill all the available memory. is, of course, Any given program will expand to use up all available CPU cycles. I'm half-joking though. Anyway, I'm sure you'll put that new machine to great use! thanks ed -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
I just saw this box that is being promoted as a gaming machine at a great price and am considering it as a web-server. In addition to having no information on the CPU as a server lack of comfort with 6 cores and memory 8GB of memory that I am having a problem with. I am not a gamer but I have always assumed that a gaming machine needs the most aggressive hardware. I have also seen this processor with 12 GB rather than 8 which, in my ignorance sounds better. Any opinions and guidance are appreciated. Thanks, ed I will be running 9.0 on this as I am already doing on one of my web-servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Wed, 29 Jun 2011 07:31:05 -0500, ec...@encontacto.net wrote: In addition to having no information on the CPU as a server lack of comfort with 6 cores and memory 8GB of memory that I am having a problem with. I am not a gamer but I have always assumed that a gaming machine needs the most aggressive hardware. I have also seen this processor with 12 GB rather than 8 which, in my ignorance sounds better. I have /basically/ the same machine at home I use as my FreeBSD and occasionally gaming machine with 12GB of RAM. It runs FreeBSD *very* well. If you care a lot about stability though the downside is that it's not server class hardware, no ECC RAM, etc. But for a machine with a lot of cores and memory -- have at it! Cheers, Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Wed, Jun 29, 2011 at 8:13 AM, Mark Felder f...@feld.me wrote: On Wed, 29 Jun 2011 07:31:05 -0500, ec...@encontacto.net wrote: In addition to having no information on the CPU as a server lack of comfort with 6 cores and memory 8GB of memory that I am having a problem with. I am not a gamer but I have always assumed that a gaming machine needs the most aggressive hardware. I have also seen this processor with 12 GB rather than 8 which, in my ignorance sounds better. I have /basically/ the same machine at home I use as my FreeBSD and occasionally gaming machine with 12GB of RAM. It runs FreeBSD *very* well. If you care a lot about stability though the downside is that it's not server class hardware, no ECC RAM, etc. But for a machine with a lot of cores and memory -- have at it! Cheers, Mark Thanks, Mark. I see you have 12G. I'm totally ignorant on the distribution of memory for the 6 cores if there is such a thing. Is it advantageous to have a multiple of 6 when ordering memory? (12, 18, 24) As far as stability is concerned for a webserver, I don't see it as a major concern. I'm sure some of my older machines of the last 15 years were less stable even though they all had ECC, raid, etc. Please correct me if I am wrong. My perspective from Mexico, I'm sure is very different than if I were in the US or Europe, etc. Thanks, ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
Of course it depends on your apps, but unless you're doing some HUGE number of connections, or your apps are not good, this will be MORE than enough RAM and CPU. Yes, generally speaking more of something is always better, in fact our government seems to think more debt is better than less. However, if you're web apps only need xGB of RAM and y MIPS; what benefit is it to have n * x RAM and n * y MIPS? Maybe turn this into a virtual host and make some use of that hardware, or just be happy using it at 5% capacity. G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of eculp Sent: Wednesday, June 29, 2011 7:31 AM To: freebsd-questions Subject: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer. I just saw this box that is being promoted as a gaming machine at a great price and am considering it as a web-server. In addition to having no information on the CPU as a server lack of comfort with 6 cores and memory 8GB of memory that I am having a problem with. I am not a gamer but I have always assumed that a gaming machine needs the most aggressive hardware. I have also seen this processor with 12 GB rather than 8 which, in my ignorance sounds better. Any opinions and guidance are appreciated. Thanks, ed I will be running 9.0 on this as I am already doing on one of my web-servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Wed, Jun 29, 2011 at 10:27 AM, Gary Gatten ggat...@waddell.com wrote: Of course it depends on your apps, but unless you're doing some HUGE number of connections, or your apps are not good, this will be MORE than enough RAM and CPU. Yes, generally speaking more of something is always better, in fact our government seems to think more debt is better than less. However, if you're web apps only need xGB of RAM and y MIPS; what benefit is it to have n * x RAM and n * y MIPS? Maybe turn this into a virtual host and make some use of that hardware, or just be happy using it at 5% capacity. G Thanks Gary. I've been thinking about the virtual host idea and have some extra IP's so that might be fun. Traditionally when I renovate one may personal servers, I have them running at 5-20% capacity and within a year, I usually have figured out ways to put most all to use. The price difference between a minimal design and something like this usually not significant. So this is sounding more and more like a go. Have a great day, ed -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of eculp Sent: Wednesday, June 29, 2011 7:31 AM To: freebsd-questions Subject: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer. I just saw this box that is being promoted as a gaming machine at a great price and am considering it as a web-server. In addition to having no information on the CPU as a server lack of comfort with 6 cores and memory 8GB of memory that I am having a problem with. I am not a gamer but I have always assumed that a gaming machine needs the most aggressive hardware. I have also seen this processor with 12 GB rather than 8 which, in my ignorance sounds better. Any opinions and guidance are appreciated. Thanks, ed I will be running 9.0 on this as I am already doing on one of my web-servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
Gary Gatten writes: Yes, generally speaking more of something is always better, in fact our government seems to think more debt is better than less. However, if you're web apps only need xGB of RAM and y MIPS; what benefit is it to have n * x RAM and n * y MIPS? It is my understanding surplus RAM will be allocated to file-caching. Whether this benefits your particular application set I would have no idea. Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Opinion on using AMD Phenom II x6 1090t with Gigabyte 890BPA-UD3H and 8GB DDR-3 as a WebServer.
On Wed, 29 Jun 2011 10:47:09 -0500, Edwin L. Culp W. wrote: The price difference between a minimal design and something like this usually not significant. So this is sounding more and more like a go. Allow me a short addition: Gaming machines usually put no emphasize on energy efficiency. This means power consumption of several hundred Watts, up to more than 1000, is quite possible. Keep in mind that _running_ a machine also adds up to the price - see TCO. Especially CPUs and GPU are cost-intensive, but hard disks also seem to be. For use as a server, it's typical to assume that the machine will run 24 hours a day, 7 days a week, as long as it fails. You can easily calculate those costs and put them into relation with older systems that only consume 150 Watts. :-) But aside, I agree with the suggestion of utilizing the 95% unused system capacity for virtual hosts or other means. Make the system more efficient than a light bulb. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Small webserver recommendations
Thanks for the recommendation. I'm pretty much settled on thttpd now though - small, does cgi, no dependencies. Thanks, Peter. -Original Message- From: Nathan Peet Maier maier.nat...@gmail.com Sent: 09 June 2010 23:38 To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Subject: Re: Small webserver recommendations There is a webserver bundled with a framework called web2py. www.web2py.org. You can run it as a user from BSD or Linux. -Nate Maier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
There is a webserver bundled with a framework called web2py. www.web2py.org. You can run it as a user from BSD or Linux. -Nate Maier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Small webserver recommendations
Thanks, I never realised thttpd could run cgi. Looks simple to configure too. Cheers, Peter. -Original Message- From: andrew clarke m...@ozzmosis.com Sent: 07 June 2010 11:08 To: peter harrison four.harris...@googlemail.com Cc: questi...@freebsd.org questi...@freebsd.org Subject: Re: Small webserver recommendations On Sun 2010-06-06 18:44:10 UTC+0100, peter harrison (four.harris...@googlemail.com) wrote: I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? thttpd? http://acme.com/software/thttpd/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
On Sun 2010-06-06 18:44:10 UTC+0100, peter harrison (four.harris...@googlemail.com) wrote: I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? thttpd? http://acme.com/software/thttpd/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
Hello! On Sun, Jun 6, 2010 at 7:44 PM, peter harrison four.harris...@googlemail.com wrote: I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? nginx? http://nginx.org/ Bye, a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Small webserver recommendations
Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? Thanks in advance, Peter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
On Sun, Jun 6, 2010 at 1:44 PM, peter harrison four.harris...@googlemail.com wrote: Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. If you are using Perl, might as well use any of the http servers already implemented in Perl, for example: HTTP::Server::Simple, and of course it's integrated with Perl CGI Best, Alejandro Imass Anyone willing to make a recommendation? Thanks in advance, Peter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
On Sun, Jun 6, 2010 at 8:44 PM, peter harrison four.harris...@googlemail.com wrote: Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? lighttpd is a decent lightweight web server % pwd /usr/ports/www/lighttpd % make all-depends-list /usr/ports/devel/libtool22 /usr/ports/devel/pkg-config /usr/ports/devel/pcre /usr/ports/www/spawn-fcgi /usr/ports/devel/gmake -- Eitan Adler ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Small webserver recommendations
Sorry for top posting (damn windows phone). I never thought of using Perl directly, I'll look at that, thanks for the suggestion. Peter. -Original Message- From: Alejandro Imass a...@p2ee.org Sent: 06 June 2010 19:58 To: peter harrison four.harris...@googlemail.com Cc: questi...@freebsd.org questi...@freebsd.org Subject: Re: Small webserver recommendations On Sun, Jun 6, 2010 at 1:44 PM, peter harrison four.harris...@googlemail.com wrote: Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. If you are using Perl, might as well use any of the http servers already implemented in Perl, for example: HTTP::Server::Simple, and of course it's integrated with Perl CGI Best, Alejandro Imass Anyone willing to make a recommendation? Thanks in advance, Peter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Small webserver recommendations
Sorry for top posting (cheapo windows phone). Will it run cgi? Thanks for the suggestion. Peter. -Original Message- From: Eitan Adler li...@eitanadler.com Sent: 06 June 2010 21:42 To: peter harrison four.harris...@googlemail.com Cc: questi...@freebsd.org questi...@freebsd.org Subject: Re: Small webserver recommendations On Sun, Jun 6, 2010 at 8:44 PM, peter harrison four.harris...@googlemail.com wrote: Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. Anyone willing to make a recommendation? lighttpd is a decent lightweight web server % pwd /usr/ports/www/lighttpd % make all-depends-list /usr/ports/devel/libtool22 /usr/ports/devel/pkg-config /usr/ports/devel/pcre /usr/ports/www/spawn-fcgi /usr/ports/devel/gmake -- Eitan Adler ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Small webserver recommendations
On Sun, Jun 6, 2010 at 5:00 PM, peter harrison four.harris...@googlemail.com wrote: Sorry for top posting (damn windows phone). I never thought of using Perl directly, I'll look at that, thanks for the suggestion. Jajajaja. Windows Mobile sucks big time. Switch to an Android device and support Perldroid ;-) !!! Alex Peter. -Original Message- From: Alejandro Imass a...@p2ee.org Sent: 06 June 2010 19:58 To: peter harrison four.harris...@googlemail.com Cc: questi...@freebsd.org questi...@freebsd.org Subject: Re: Small webserver recommendations On Sun, Jun 6, 2010 at 1:44 PM, peter harrison four.harris...@googlemail.com wrote: Hello all, I'm looking for a small webserver to add to a nanobsd image, so preferably with few dependencies too. Needs to be able to run Perl cgi's as well. If you are using Perl, might as well use any of the http servers already implemented in Perl, for example: HTTP::Server::Simple, and of course it's integrated with Perl CGI Best, Alejandro Imass Anyone willing to make a recommendation? Thanks in advance, Peter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: webserver and natd
On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.comwrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? The server needs to know itself either via local DNS or via /etc/hosts So you may need entries in, say, /etc/hosts for every website running on it. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: webserver and natd
Solved. It's a bug in version 7.2 info here: http://groups.google.com/group/muc.lists.freebsd.stable/browse_thread/thread/35f137a0e43b3175/d317dc58af6d4be2 Cu prietenie, Razvan Cristea = http://www.adventube.ro = --- On Thu, 9/3/09, Odhiambo Washington odhia...@gmail.com wrote: From: Odhiambo Washington odhia...@gmail.com Subject: Re: webserver and natd To: Razvan Cristea cristea.raz...@yahoo.com Cc: freebsd-questions@freebsd.org Date: Thursday, September 3, 2009, 1:07 PM On Wed, Sep 2, 2009 at 1:02 AM, Razvan Cristea cristea.raz...@yahoo.com wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? The server needs to know itself either via local DNS or via /etc/hosts So you may need entries in, say, /etc/hosts for every website running on it. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
webserver and natd
Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? Cu prietenie, Razvan Cristea = http://www.adventube.ro = ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: webserver and natd
Razvan Cristea wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? Do you have a proper DNS name set up for the IP that the web server is running on? How are you accessing the web server... by name or IP? I'll assume that you are using Apache. What does the ServerName directive say? Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: webserver and natd
Razvan Cristea wrote: Razvan Cristea wrote: Hello, i have a webserver useing freebsd 7.2 and i user the same server to route internet to a local network. the internet on the local network is working fine but the sites from the webserver are loading verry slow. i fave this configuration in rc.conf: firewall_enable=YES firewall_type=open firewall_logging=YES gateway_enable=YES natd_enable=YES natd_interface=bce0 Can you please help me? Do you have a proper DNS name set up for the IP that the web server is running on? How are you accessing the web server... by name or IP? I'll assume that you are using Apache. What does the ServerName directive say? The webserver works just fine when the firewall is not enabeled. But when i enabele any firewall the webserver seems to be overloaded or something and loads the pages verry slow. The problem is that natd is not working without firewall activated. i have apache (directadmin cpanel) It's been years since I've needed to use NAT, so unfortunately, I can't help here. I'm sure someone else will speak up. If nothing comes up in the next while, perhaps asking on -ipfw will help (but do not cross-post). Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Information on Setting up a Jailed Webserver
2009/8/28 Ruben de Groot mai...@bzerk.org On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed: Two more questions then I should be ready to go with my jail(s). In order to minimize the HDD space of the jail, can I add things in my src.conf such as WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? Yes you can. Another option is to use read only nullfs mounts for e.g. /usr, /lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at all. The ezjail port, allready mentioned, can more or less automate this. I do use pf on the host system, but it isn't needed inside the jail as well, correct? Rather, it's not possible to use inside a standard (non-vimage) jail. There's only one network stack. Also, is it possible to compile a port (specifically nginx) inside the host, then simply cp it into the jail and run it? I'd like to do this to avoid installing a compiler into the jail itself. make package-recursive Ruben Thanks again for the help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I've not seen all this post so sorry if this has been mentioned before. Apache has a module called mod_jail, that means (im pretty sure) you dont have to build the full jail environment. I've not looked at it in detail but it's probably worth looking at before you start hacking around with full jails http://www.freebsdsoftware.org/www/mod_jail.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed: Two more questions then I should be ready to go with my jail(s). In order to minimize the HDD space of the jail, can I add things in my src.conf such as WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? Yes you can. Another option is to use read only nullfs mounts for e.g. /usr, /lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at all. The ezjail port, allready mentioned, can more or less automate this. I do use pf on the host system, but it isn't needed inside the jail as well, correct? Rather, it's not possible to use inside a standard (non-vimage) jail. There's only one network stack. Also, is it possible to compile a port (specifically nginx) inside the host, then simply cp it into the jail and run it? I'd like to do this to avoid installing a compiler into the jail itself. make package-recursive Ruben Thanks again for the help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollanskyer...@apsara.com.sg wrote: Hi, On 27 August 2009 am 11:10:37 Adam Vande More wrote: On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia apseudouto...@gmail.comwrote: Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. jails share the kernel but not the world. So, there will be only one kernel loaded but all libraries in use will be loaded individually by each jail when needed. Jails need some more disk space as the world, all libraries needed and all applications needed are installed individually in each jail. This can be minimised with proper planning of what runs it what jail. Erich Thanks for the helpful replies. I have a couple of questions: When a jail is compromised, the only thing I have to do to recover the system is delete the jail and create a new one, correct? The host system is untouched even if a jail is compromised? And how does the upgrade process work? I know the userland must be the same for the host system and the jail. If I want to upgrade to, say, FreeBSD 8 when released, what is the process? I'd imagine it goes something like this, but I'm not sure: -Shut down jail -Upgrade host system -Install host binaries -Install jail binaries -Restart jail Or is there more to the process than what it seems? Thanks again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia apseudouto...@gmail.comwrote: On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollanskyer...@apsara.com.sg wrote: Hi, On 27 August 2009 am 11:10:37 Adam Vande More wrote: On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia apseudouto...@gmail.comwrote: Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. jails share the kernel but not the world. So, there will be only one kernel loaded but all libraries in use will be loaded individually by each jail when needed. Jails need some more disk space as the world, all libraries needed and all applications needed are installed individually in each jail. This can be minimised with proper planning of what runs it what jail. Erich Thanks for the helpful replies. I have a couple of questions: When a jail is compromised, the only thing I have to do to recover the system is delete the jail and create a new one, correct? The host system is untouched even if a jail is compromised? Really depends on how you're using the jail, but under standard usage yes. And how does the upgrade process work? I know the userland must be the same for the host system and the jail. If I want to upgrade to, say, FreeBSD 8 when released, what is the process? I'd imagine it goes something like this, but I'm not sure: -Shut down jail -Upgrade host system -Install host binaries -Install jail binaries -Restart jail Or is there more to the process than what it seems? That's the basic process, however as mentioned before checkout ezjail. It makes administering multiple jails much easier and can save you disk space. Thanks again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
On Thu, Aug 27, 2009 at 11:03 AM, Adam Vande Moreamvandem...@gmail.com wrote: On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia apseudouto...@gmail.com wrote: On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollanskyer...@apsara.com.sg wrote: Hi, On 27 August 2009 am 11:10:37 Adam Vande More wrote: On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia apseudouto...@gmail.comwrote: Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. jails share the kernel but not the world. So, there will be only one kernel loaded but all libraries in use will be loaded individually by each jail when needed. Jails need some more disk space as the world, all libraries needed and all applications needed are installed individually in each jail. This can be minimised with proper planning of what runs it what jail. Erich Thanks for the helpful replies. I have a couple of questions: When a jail is compromised, the only thing I have to do to recover the system is delete the jail and create a new one, correct? The host system is untouched even if a jail is compromised? Really depends on how you're using the jail, but under standard usage yes. And how does the upgrade process work? I know the userland must be the same for the host system and the jail. If I want to upgrade to, say, FreeBSD 8 when released, what is the process? I'd imagine it goes something like this, but I'm not sure: -Shut down jail -Upgrade host system -Install host binaries -Install jail binaries -Restart jail Or is there more to the process than what it seems? That's the basic process, however as mentioned before checkout ezjail. It makes administering multiple jails much easier and can save you disk space. Thanks again. Ok, thanks. Two more questions then I should be ready to go with my jail(s). In order to minimize the HDD space of the jail, can I add things in my src.conf such as WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? I do use pf on the host system, but it isn't needed inside the jail as well, correct? Also, is it possible to compile a port (specifically nginx) inside the host, then simply cp it into the jail and run it? I'd like to do this to avoid installing a compiler into the jail itself. Thanks again for the help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
Le 26/08/2009 à 22:59:34-0400, APseudoUtopia a écrit Hello, I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking into running nginx inside a jailed host on my server for security reasons (eg, if there is a hole in a php script). The website root is actually a working copy of my subversion repository. I have svnserve running through OpenVPN. My plan would be to have svnserve and OpenVPN running on the main system, and nginx/php running inside a jail. I was wondering if it would be somehow possible to run a command on the main system that updates the svn working copy inside the jail for nginx to serve. Would I need to do the svn up over tcp/ip from the jail to the main system? Or can I somehow update it via file://path/to/main/repo? I've never used or setup a jail before, so IMHO that's bad idea. Someday you maybe want to put your website in other machine, maybe you want to have two server to duplicate your website (just need rsync). If you want update you svn repository you can put in your subversion server in the hook-scripts something like wget http://your_website/some_where/update_repo /dev/null and in your web serveur (jail or not) you create some script update_repo with cd /your_web_site_dir svn up You can add some deny in your apache conf to authorized only your svn serveur to make the wget Also, how memory-intensive is a jail? I'm willing to run postgresql in If you have only 32Mo you can have some problem ;-) I run almost ~20 jail server on one physical server without any problem. Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Jeu 27 aoû 2009 21:44:15 CEST ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Information on Setting up a Jailed Webserver
Hello, I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking into running nginx inside a jailed host on my server for security reasons (eg, if there is a hole in a php script). The website root is actually a working copy of my subversion repository. I have svnserve running through OpenVPN. My plan would be to have svnserve and OpenVPN running on the main system, and nginx/php running inside a jail. I was wondering if it would be somehow possible to run a command on the main system that updates the svn working copy inside the jail for nginx to serve. Would I need to do the svn up over tcp/ip from the jail to the main system? Or can I somehow update it via file://path/to/main/repo? I've never used or setup a jail before, so how everything works is a bit confusing to me. Right now, I use an svn post-commit hook to update the www working copy. Also, how memory-intensive is a jail? I'm willing to run postgresql in another jail as well if it wouldn't be too memory-intensive. And possibly even an IRC server. I'm running FreeBSD 7.2-RELEASE-p3. Thank you for the suggestions, advise, and criticisms. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia apseudouto...@gmail.comwrote: Hello, I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking into running nginx inside a jailed host on my server for security reasons (eg, if there is a hole in a php script). The website root is actually a working copy of my subversion repository. I have svnserve running through OpenVPN. My plan would be to have svnserve and OpenVPN running on the main system, and nginx/php running inside a jail. I was wondering if it would be somehow possible to run a command on the main system that updates the svn working copy inside the jail for nginx to serve. Would I need to do the svn up over tcp/ip from the jail to the main system? Or can I somehow update it via file://path/to/main/repo? The second method, it's quite easy. I've never used or setup a jail before, so how everything works is a bit confusing to me. Right now, I use an svn post-commit hook to update the www working copy. Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. Usually, most setups won't run things that require a lot disk io in virtual systems, but jails are an exception. Practically native speed, it's easier to understand jails by thinking of them as an enhanced chroot enviro rather than a virtualization instance. I'm willing to run postgresql in another jail as well if it wouldn't be too memory-intensive. And possibly even an IRC server. If you're going to run multiple jails, look at /usr/ports/sysutils/ezjail I'm running FreeBSD 7.2-RELEASE-p3. Keep in mind jail needs to run same kernel as host. If you upgrade base system, do so with every jail as well. Thank you for the suggestions, advise, and criticisms. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
Hi, On 27 August 2009 am 11:10:37 Adam Vande More wrote: On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia apseudouto...@gmail.comwrote: Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. jails share the kernel but not the world. So, there will be only one kernel loaded but all libraries in use will be loaded individually by each jail when needed. Jails need some more disk space as the world, all libraries needed and all applications needed are installed individually in each jail. This can be minimised with proper planning of what runs it what jail. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Information on Setting up a Jailed Webserver
may be it will better to imagine that jail is a different computer, so if your jail need connection to main host it will connect like other computer that not running in jail. you can do file:// from main host to jail but not from jail to main host. As far I know jail is a method so memory intensive is depend on your application. regards Thomas APseudoUtopia wrote: ... [cut] I was wondering if it would be somehow possible to run a command on the main system that updates the svn working copy inside the jail for nginx to serve. Would I need to do the svn up over tcp/ip from the jail to the main system? Or can I somehow update it via file://path/to/main/repo? I've never used or setup a jail before, so how everything works is a bit confusing to me. Right now, I use an svn post-commit hook to update the www working copy. Also, how memory-intensive is a jail? I'm willing to run postgresql in another jail as well if it wouldn't be too memory-intensive. And possibly even an IRC server. I'm running FreeBSD 7.2-RELEASE-p3. Thank you for the suggestions, advise, and criticisms. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Tue, Jul 14, 2009 at 12:46:43AM -0400, Steve Bertrand typed: John Almberg wrote: On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: You can fix the security problems by dumping Bind and using djbdns. What security problems? This one ? :) http://blogs.zdnet.com/security/?p=2812 I actually do use djbdns. Super easy to use, once you figure it out. ...to run a DNS cache with djbdns, it doesn't take much figuring out: (snipped rather long installation instructions) To enable DNS cache with bind: echo named_enable=YES /etc/rc.conf /etc/rc.d/named start Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
Ruben de Groot wrote: On Tue, Jul 14, 2009 at 12:46:43AM -0400, Steve Bertrand typed: John Almberg wrote: On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: You can fix the security problems by dumping Bind and using djbdns. What security problems? This one ? :) http://blogs.zdnet.com/security/?p=2812 It's the old 'my product is better' discussion: some people like Mercedes, other people BMW, 'American Cars' are always better, and some people like Volvo's. To prove they're right, they try to find why the other products are not as good as theirs, and keep holding onto old bugs and prejudices. I'm a happy bind user for years now (and I use sendmail as well). Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
Peter Boosten wrote: Ruben de Groot wrote: On Tue, Jul 14, 2009 at 12:46:43AM -0400, Steve Bertrand typed: John Almberg wrote: On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: You can fix the security problems by dumping Bind and using djbdns. What security problems? This one ? :) http://blogs.zdnet.com/security/?p=2812 It's the old 'my product is better' discussion: some people like Mercedes, other people BMW, 'American Cars' are always better, and some people like Volvo's. I like whatever works in regards to the situation I'm facing ;) We used BIND for years, but with hundreds of domains, I personally had to manage the zones, lest someone made a typo in a zone or a config file. I switched us over to DJBDNS a few years ago, simply for the ability to throw VegaDNS at it in order to provide a safe method to delegate domain management to other staff. Many of our servers are still BIND however. I prefer BIND myself. Some of the BIND servers slave for the djb servers, and others handle other tasks, particularly all of my zones with IPv6 records. I'm a happy bind user for years now (and I use sendmail as well). I switched from sendmail to Qmail on our core MTAs for the same reasons stated above. At one point, I wrote CGI wrapper applications so staff could manage email accounts, but it just got too much. I standardized on Matt Simerson's Mail Toaster about 6 years ago, simply for the ease-of-management (ie I don't have to do it). To me, the product that is better is the one that removes me from having to use and manage it, and allows me to do other things ;) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Should DNS be on same server as webserver?
Steve Bertrand wrote: I like whatever works in regards to the situation I'm facing ;) And that's the best possible reason one could have! ;-) Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: K You can fix the security problems by dumping Bind and using djbdns. On Tue, 14 Jul 2009 10:16:24 +0200, Ruben de Groot replied: R What security problems? This one ? :) R http://blogs.zdnet.com/security/?p=2812 When BIND offers (and makes good on) a $1,000 bug bounty, I'll be happy to consider its security model the equal of djbdns. -- Karl Vogel I don't speak for the USAF or my company Give me ambiguity, or give me something else. --unknown ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
Karl Vogel wrote: On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: K You can fix the security problems by dumping Bind and using djbdns. On Tue, 14 Jul 2009 10:16:24 +0200, Ruben de Groot replied: R What security problems? This one ? :) R http://blogs.zdnet.com/security/?p=2812 When BIND offers (and makes good on) a $1,000 bug bounty, I'll be happy to consider its security model the equal of djbdns. It's nice to see that their marketing efforts work on somebody. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: Should DNS be on same server as webserver?
On Monday 13 July 2009 14:27:46 Karl Vogel wrote: It's very easy to set up a caching nameserver without using all the memory on your system. It's much easier to turn your HIGH-performance webserver into a slug, by running stuff you don't need on the same machine. Memory unused by the webserver can then be used by the OS to provide filesystem caching, which indirectly greatly benefits a webserver, much more then a local cache can speed things up. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Should DNS be on same server as webserver?
The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
In response to John Almberg jalmb...@identry.com: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? Don't know exactly how he phrased that statement, but it's truthfulness is highly dependent on the situation. It's possible (even recommended) to configure Apache not to do DNS lookups, which makes the statement rather moot. However, as a general rule, it's a good idea to have a fast DNS cache available to systems that will be doing a lot of lookups. In a typical configuration, a web server will do a lot of lookups. It doesn't _have_ to be on the same server, in fact, if you have multiple busy web servers, it's probably a better idea to dedicate a machine to doing DNS caching. Of course, if your hosting provider already provides a set of fast caches for you to use, it's not really necessary for you to set up your own. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? In my experience, you're straying well into it all depends and you'll have to benchmark your situation and see territory. I once walked into a situation where a web server was setup to do a reverse lookup on all log entries, and the DNS servers were on the far end of an overloaded 56 kbps line. That was miserable, stupid slow and quickly cured by setting up a resolving name server on the web server. On the other hand, in situations where my name servers have been on the same high-quality gigE switch as the web servers, I've never noticed an issue, but then I don't run any really high-volume servers. On the third hand (too many years in front of CRTs), Apache and Bind have both had their security issues over the years, and there's something to be said for running them on different servers to reduce both the all eggs in one basket factor and the ease of spreading an attack. (Yes, I'm assuming what you're actually running) If you want performance and security, you might consider running your authoritative dns servers for your domain on a different server, while on your web server you run a light-weight caching dns server reachable only on the loopback interface. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 12:36 PM, John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? -- John If you head down this road you might want to only make it a caching DNS server, not your primary or secondary for sure. Unless you are limited on available hardware. Regards, Mikel King CEO, Olivent Technologies Senior Editor, Daemon News Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 skype:mikel.king http://mikelking.com http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Mon, Jul 13, 2009 at 12:36:42PM -0400, John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? sounds like someone who does not understand the network. In fact, it is possibly even better for them to be on different machines. This would be for security reasons. Anyway, any DNS lookup results are normally cached on the local machine for some period of time (set by the nameserver). jerry -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Monday 13 July 2009 08:36:42 John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. Bogus. A high-performance webserver should not be doing DNS lookups, other then application driven ones, like verification of email domains upon registration. If having hostnames in the live logs is mandatory by some weird company policy or the webserver does not provide a configuration setting to turn this behavior off, then more performance is gained by having the nameserver on the network gateway as the likeliness of cache hits and especially negative cache hits is increased. As others have mentioned, network overhead is negligible. Human noticeable delays are caused by upstream DNS servers slowly or not at all responding when a client IP is being resolved. Secondly, a named cache size depends on available memory. A high performance webserver uses plenty of that, so you wouldn't be able to grow the named cache to almost caching the entire net size, which you would be able to on a dedicated machine. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 3:05 PM, Mel Flynn wrote: On Monday 13 July 2009 08:36:42 John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. Bogus. A high-performance webserver should not be doing DNS lookups, other then application driven ones, like verification of email domains upon registration. If having hostnames in the live logs is mandatory by some weird company policy or the webserver does not provide a configuration setting to turn this behavior off, then more performance is gained by having the nameserver on the network gateway as the likeliness of cache hits and especially negative cache hits is increased. As others have mentioned, network overhead is negligible. Human noticeable delays are caused by upstream DNS servers slowly or not at all responding when a client IP is being resolved. Secondly, a named cache size depends on available memory. A high performance webserver uses plenty of that, so you wouldn't be able to grow the named cache to almost caching the entire net size, which you would be able to on a dedicated machine. Thanks for all the comments on this topic. Glad I put 'expert' in quotes. I had a feeling... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Mon, 13 Jul 2009 13:03:24 -0400, Jon Radel j...@radel.com said: J Apache and Bind have both had their security issues over the years, and J there's something to be said for running them on different servers to J reduce both the all eggs in one basket factor and the ease of J spreading an attack. (Yes, I'm assuming what you're actually J running) You can fix the security problems by dumping Bind and using djbdns. It's very easy to set up a caching nameserver without using all the memory on your system. See http://www.lifewithdjbdns.com/ for more. -- Karl Vogel I don't speak for the USAF or my company Smash forehead on keyboard to continue... --Ken Applin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: On Mon, 13 Jul 2009 13:03:24 -0400, Jon Radel j...@radel.com said: J Apache and Bind have both had their security issues over the years, and J there's something to be said for running them on different servers to J reduce both the all eggs in one basket factor and the ease of J spreading an attack. (Yes, I'm assuming what you're actually J running) You can fix the security problems by dumping Bind and using djbdns. It's very easy to set up a caching nameserver without using all the memory on your system. See http://www.lifewithdjbdns.com/ for more. I actually do use djbdns. Super easy to use, once you figure it out. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
John Almberg wrote: On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: On Mon, 13 Jul 2009 13:03:24 -0400, Jon Radel j...@radel.com said: J Apache and Bind have both had their security issues over the years, and J there's something to be said for running them on different servers to J reduce both the all eggs in one basket factor and the ease of J spreading an attack. (Yes, I'm assuming what you're actually J running) You can fix the security problems by dumping Bind and using djbdns. It's very easy to set up a caching nameserver without using all the memory on your system. See http://www.lifewithdjbdns.com/ for more. I actually do use djbdns. Super easy to use, once you figure it out. ...to run a DNS cache with djbdns, it doesn't take much figuring out: (As root. I just tested this as I wrote it). % pkg_add -r daemontools % pkg_add -r ucspi-tcp % echo 'svscan_enable=YES' /etc/rc.conf % mkdir /var/service % /usr/local/etc/rc.d/svscan.sh start % adduser -q # add a 'dnscache' user. Put user in 'dnscache' group, and set the # users shell to nologin #rinse/repeat for a 'dnslog' user % pkg_add -r djbdns % rehash % dnscache-conf dnscache dnslog /etc/dnscache % ln -s /etc/dnscache /var/service # now edit your /etc/resolv.conf file, so that the first nameserver # entry in the list points to 127.0.0.1 __END__ By default, your new cache will only listen on the loopback address (127.0.0.1). There is a single file in /etc/dnscache/root/ip, named 127.0.0.1 If you want this cache to serve internal /24 network queries: % touch /etc/dnscache/root/ip/192.168.0 To restart the service after a change: % svc -t /etc/dnscache To down the cache: % svc -d /etc/dnscache To up the cache: % svc -u /etc/dnscache Note that this is only for the dnscache. Setting up an authoritative server is pretty much just as simple. Note also that I had to do some patching and hacking to make the tinydns web frontend (VegaDNS) allow for IPv6 records properly... that's out of the scope of this mail though (for the record, I use BIND for most things v6). An example of the empty files that allow cache access: amigo# ll /etc/dnscache/root/ip total 0 -rw-r--r-- 1 root wheel 0 Aug 19 2008 127.0.0.1 -rw-r--r-- 1 root wheel 0 Aug 19 2008 208.70.104 -rw-r--r-- 1 root wheel 0 Aug 19 2008 208.70.105 -rw-r--r-- 1 root wheel 0 Aug 19 2008 208.70.106 -rw-r--r-- 1 root wheel 0 Aug 19 2008 208.70.107 -rw-r--r-- 1 root wheel 0 Aug 19 2008 208.70.108 ... Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Should DNS be on same server as webserver?
Steve Bertrand wrote: [...snip...] There is a single file in /etc/dnscache/root/ip, named 127.0.0.1 If you want this cache to serve internal /24 network queries: % touch /etc/dnscache/root/ip/192.168.0 Need to add some clarification: Adding the new empty file permits queries from the IP range specified in the file name. It does NOT force the server to listen on an IP address that is NOT the loopback. To force the caching server to listen on a network-available IP address, replace 127.0.0.1 with your NICs IP address in the following file: /etc/dnscache/env/IP ...you'll then change /etc/resolv.conf to point to that IP address as your primary nameserver. The names of the other files that are located within said env directory are pretty descriptive, and may be worth looking at as well. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: lightweight webserver that can run php
On 4/18/09, APseudoUtopia apseudouto...@gmail.com wrote: On Sat, Apr 18, 2009 at 2:19 AM, Andrew a...@awdcomp.net wrote: ... If you choose to run php via FastCGI, check out PHP-FPM. It's a patch that greatly speeds up php's FastCGI performance. It honestly does help significantly. There's a FreeBSD port in the Archives Download section of the website. http://php-fpm.anight.org/ Can you explain PHP-FPM ? Some parts of http://php-fpm.anight.org/ are not written in english... Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
It says that distro available at php.net has a number of known problems related to using FastCGI SAPI in production servers. Also, it argues why using FastCGI SAPI along with php-fpm is a good idea. php-fpm addresses the following problems: 1. php daemonization 2. Process managing. Smooth php workers stop and restart without loosing queries. Smooth config refresh and binaries with no lost queries. 3. Banning IP addresses for the web server. 4. Running workers with different uid/gid/chroot/environment and different php.ini options. Safe mode is no longer required! 5. Logging stdout stderr working processes. 6. Emergency restart of all processes in case shared memory opcode cache is destroyed and if accelerator is in use. 7. Forced halting of hanged processes if set_time_limit() does not work. There are also special features like Error header, Accelerated upload support, fastcgi_finish_request(), Slowlog() hth olv On Sun, Apr 19, 2009 at 10:45:51AM -0300, Alexandre Biancalana wrote: On 4/18/09, APseudoUtopia apseudouto...@gmail.com wrote: On Sat, Apr 18, 2009 at 2:19 AM, Andrew a...@awdcomp.net wrote: ... If you choose to run php via FastCGI, check out PHP-FPM. It's a patch that greatly speeds up php's FastCGI performance. It honestly does help significantly. There's a FreeBSD port in the Archives Download section of the website. http://php-fpm.anight.org/ Can you explain PHP-FPM ? Some parts of http://php-fpm.anight.org/ are not written in english... Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
lightweight webserver that can run php
Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. TIA Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
On Saturday 18 April 2009 08:19:46 Andrew wrote: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. nginx + php over cgi. lighttpd seems popular too, personally find nginx more sexy sounding. YMMV. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
Andrew пишет: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. www/lighttpd and www/nginx(-devel) are definitely the most common choice ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
lighttpd ngingx cherokee All of them can connect to php using fastcgi. lighttpd and cherokee will start php themself, nginx does not, so you should have to start it manuall or from other script... On 4/18/09, Andrew a...@awdcomp.net wrote: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. TIA Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
Most light weight webservers like nginx and lighttpd only run PHP as a cgi mod. Cheers, m! On Apr 18, 2009, at 2:19, Andrew a...@awdcomp.net wrote: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. TIA Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
As a fastcgi not cgi, there is a differenceimportant one. for cgi request a new php process is started for a request. fastcgi is php listening for network requests and process can be reused. On 4/18/09, Mikel King mikel.k...@olivent.com wrote: Most light weight webservers like nginx and lighttpd only run PHP as a cgi mod. Cheers, m! On Apr 18, 2009, at 2:19, Andrew a...@awdcomp.net wrote: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. TIA Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
On Sat, Apr 18, 2009 at 09:56:09AM -0400, Mikel King wrote: Does anyone have any suggestions for a lightweight webserver that will run php? Most light weight webservers like nginx and lighttpd only run PHP as a cgi mod. With lighttpd, you can do both CGI and FastCGI: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModCGI http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModFastCGI Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
You are right, thanks for the information On 4/18/09, cpghost cpgh...@cordula.ws wrote: On Sat, Apr 18, 2009 at 09:56:09AM -0400, Mikel King wrote: Does anyone have any suggestions for a lightweight webserver that will run php? Most light weight webservers like nginx and lighttpd only run PHP as a cgi mod. With lighttpd, you can do both CGI and FastCGI: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModCGI http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModFastCGI Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
On Saturday 18 April 2009 16:34:52 Rodrigo Gonzalez wrote: As a fastcgi not cgi, there is a differenceimportant one. for cgi request a new php process is started for a request. fastcgi is php listening for network requests and process can be reused. And the more important difference with the php module for apache, is php_value/php_flag directives: per host/dir/location configuratioion of php. Which is much harder to do with fcgi. Something to consider /before/ migrating if this affects you. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
On Sat, Apr 18, 2009 at 2:19 AM, Andrew a...@awdcomp.net wrote: Hi All, Does anyone have any suggestions for a lightweight webserver that will run php? Apache is too bulky for what I need and thttpd won't allow me to run php. TIA Andrew If you choose to run php via FastCGI, check out PHP-FPM. It's a patch that greatly speeds up php's FastCGI performance. It honestly does help significantly. There's a FreeBSD port in the Archives Download section of the website. http://php-fpm.anight.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Any BSDians hands on with apache-2.2 webserver,
.htpasswd Failure .. htpasswd recreation also not working I added a Location / for restricting access to my web site URL. I used Basic Authentication module.. I created #htpasswd -c .htpasswd test password : test and restarted apache . The path to AuthUserFile is absolutely the system path no error in that .. but when I tried to accessmysites URL it showing the Authentication Dialogue , I enteredusername : test password : test , but its not loging in ..) I recreated the password many times with other user names and passwords .. but still I can't login .. what may be the issue ? how can I fix the issue ? This is the setup [r...@sun /usr/local/www/testblock]# ls -al total 6 drwxr-xr-x 2 www www512 Mar 5 19:13 . drwxr-xr-x 11 root wheel 512 Mar 5 16:10 .. -rw-r-xr-x 1 www www 19 Mar 6 09:52 .htpasswd [r...@sun /usr/local/www/testblock]# cat .htpasswd test:Nkw3seTaTE16I [r...@sun /usr/local/www/testblock]# VirtualHost *:80 ServerName mysite.com Location / AuthType Basic AuthName Auth AuthUserFile /usr/local/www/testblock/. htpasswd Require valid-user RewriteEngine On RewriteRule ^/(.*) http://127.0.0.1:8081/VirtualHostBase/http/mysite.com:80/site1/VirtualHostRoot/$1 [L,P] /Location ErrorLog /var/log/apache/site1/error_log CustomLog /var/log/apache/site2/access.log combined /VirtualHost Any hints most welcome Thanks in advance KK _ Windows Live Messenger. Multitasking at its finest. http://www.microsoft.com/india/windows/windowslive/messenger.aspx___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
make pdf from webpage on webserver (no x11)
Trying to figure out how to print a webpage on the server, without a gui.. On the local test webserver that we have we are trying to figure out how we can from php (or anything else) print a webpage to a pdf.. Anyone have a clue as to how to do this? Or is this some major php programming to make it happen? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make pdf from webpage on webserver (no x11)
On Sun, Jan 04, 2009 at 07:35:03PM -0500, B. Cook wrote: Trying to figure out how to print a webpage on the server, without a gui.. On the local test webserver that we have we are trying to figure out how we can from php (or anything else) print a webpage to a pdf.. Anyone have a clue as to how to do this? Or is this some major php programming to make it happen? I'm using textproc/htmldoc to create PDFs from HTML. HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Images-only webserver, lighttpd vs NginX
Hi everyone, I posted last week about my webserver hitting the kernel's max process allowed (error : collecting pv entries -- suggest increasing PMAP_SHPGPERPROC). As a part of the solution, I decided to build a jail with a light webserver dedicated to images requests, the biggest part of the requests the server have to process. Most of the websites hosted on the server have approximately 200 small images with a size between 1k and 32k each. I'm currently hesitating between NginX and lighttpd, which both seems to offer similar benchmarks for this job. The questions : Is someone doing something similar to this with one of the two ? Which one do you suggest and why ? I've read about a memory leak in lighttpd, is anyone is having issues with this under FreeBSD ? Any ideas regarding our situation is appreciated, Thanks ! Francis Dube R D Optik Securite www.optiksecurite.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Images-only webserver, lighttpd vs NginX
Francis Dubé wrote: As a part of the solution, I decided to build a jail with a light webserver dedicated to images requests, the biggest part of the requests the server have to process. Most of the websites hosted on the server have approximately 200 small images with a size between 1k and 32k each. I'm currently hesitating between NginX and lighttpd, which both seems to offer similar benchmarks for this job. The questions : Is someone doing something similar to this with one of the two ? I've had very good results with nginx for doing this sort of thing. Which one do you suggest and why ? I originally chose nginx because it did what I wanted and it didn't conflict with Apache (ie. by installinga binary called 'httpd') on the same machine. However I wasn't aware of lighttpd at that point. By the time I did find out about lighttpd, there was no compelling reason to change from nginx. I think you'll find either is adequate to your needs. Unless you're trying to squeeze the absolute last drop of performance out of your hardware, consider other things than raw speed. Do you find the configuration files easy to understand and deal with? Can you strip down the server to the absolute minimum necessary to serve your needs, and if so which of the two is smaller? Which server name do you find easier to type? I've read about a memory leak in lighttpd, is anyone is having issues with this under FreeBSD ? H... That would disqualify it from serious contention straight away. But http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt shows the memleak bug fixed in the latest version 1.4.20, which is in ports. Haven't had any stability problems ever with nginx. Any ideas regarding our situation is appreciated, I think either of these packages will probably serve you well. If you really can't choose between them, then toss a coin. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Images-only webserver, lighttpd vs NginX
Francis Dubé wrote: Hi everyone, I posted last week about my webserver hitting the kernel's max process allowed (error : collecting pv entries -- suggest increasing PMAP_SHPGPERPROC). As a part of the solution, I decided to build a jail with a light webserver dedicated to images requests, the biggest part of the requests the server have to process. Most of the websites hosted on the server have approximately 200 small images with a size between 1k and 32k each. I'm currently hesitating between NginX and lighttpd, which both seems to offer similar benchmarks for this job. The questions : Is someone doing something similar to this with one of the two ? Which one do you suggest and why ? I've read about a memory leak in lighttpd, is anyone is having issues with this under FreeBSD ? Any ideas regarding our situation is appreciated, Thanks ! Francis Dube R D Optik Securite www.optiksecurite.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] They are both good static content servers. You can easily max out a GiGe link using either. We use lighttpd more extensively than nginx, however we do use both. Quite frankly, it's truthfully up to you. Performance wise, they are on par with once another. ~Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Images-only webserver, lighttpd vs NginX
Sam Fourman Jr. wrote: They are both good static content servers. You can easily max out a GiGe link using either. We use lighttpd more extensively than nginx, however we do use both. Quite frankly, it's truthfully up to you. Performance wise, they are on par with once another. ~Paul at the risk of being slightly OT is there a recent toutorial that anyone knows of for lighthttpd on FreeBSD 7, I have used Google and I can't turn up anything recent Sam Fourman Jr. Fourman Networks What kind of tutorial are you looking for? Their documentation is quite extensive. ~Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Images-only webserver, lighttpd vs NginX
Matthew Seaman([EMAIL PROTECTED])@2008.11.03 19:59:56 +: Francis Dub? wrote: Which one do you suggest and why ? nginx. Lighttpd has remote security holes once in a while. nginx has better security design and is more modular and faster. It happens to also be feature-rich, which is not easy to do in a fast and secure server. Lighttpd had one recent remote hole as of .18. IIRC nginx had none. -- But oftentimes I'm asked: Why? Why do you care what happens outside of America? Washington, D.C., June 26, 2008 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Images-only webserver, lighttpd vs NginX
They are both good static content servers. You can easily max out a GiGe link using either. We use lighttpd more extensively than nginx, however we do use both. Quite frankly, it's truthfully up to you. Performance wise, they are on par with once another. ~Paul at the risk of being slightly OT is there a recent toutorial that anyone knows of for lighthttpd on FreeBSD 7, I have used Google and I can't turn up anything recent Sam Fourman Jr. Fourman Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Run script as root from WebServer
Hi, I'm using mod_python3 and apache22 to create some scripts and access them through a web interface. The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. In the past, I've solved this issue by using sudo and allowing just the commands I want to allow in the sudoers file to the apache user.But I'm wondering if this is the better way to do what I want to do. What would you do in such a situation? Thanks for your help. I use suexec for situations like this. -- Sasa Stupar pgpt7kt09orQq.pgp Description: Digitalen podpis PGP
Re: Run script as root from WebServer
Bill Campbell escribió: On Tue, Sep 23, 2008, Mel wrote: On Monday 22 September 2008 22:51:26 Matias Surdi wrote: The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. There's 2 alternatives I have used: 1) If the configuration files allow 'includes', then include a file that is writeable by the webuser. This will additionally allow you to restrict what the webserver can change in the config of this application. Note, that configuration files that are modifyable by root only, often are for a reason, so this does not improve the security of the service being configured, but it takes a fork() and sudo out of the mix. 2) If the changes do not need to be immediate, then you can put it in a queue directory and run a script through root's cron that picks up the queue and runs the commands there in. You then have the opportunity to remove scripts before they are run or even build in authorization. Another option that we use is to have an XML-RPC server running as root on localhost, accessible from the web server. This server is written using the standard python SimpleXMLRPCServer, and handles a limited number of procedures. Some of these procedures, such as running ``make'' in the etc/postfix directory, do not have serious authentication. Others have stronger methods of authentication and restrictions. Bill This sounds as a good option also, but, How do you avoid any user (maybe non root) logged into the system to make calls to your xmlrpc server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Run script as root from WebServer
Hi, I'm using mod_python3 and apache22 to create some scripts and access them through a web interface. The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. In the past, I've solved this issue by using sudo and allowing just the commands I want to allow in the sudoers file to the apache user.But I'm wondering if this is the better way to do what I want to do. What would you do in such a situation? Thanks for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Run script as root from WebServer
Matias Surdi wrote: I'm using mod_python3 and apache22 to create some scripts and access them through a web interface. The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. In the past, I've solved this issue by using sudo and allowing just the commands I want to allow in the sudoers file to the apache user.But I'm wondering if this is the better way to do what I want to do. What would you do in such a situation? I think sudo is pretty much _the_ way to accomplish this. Not that it would be your only option per se, but I think it's definitely your best option. We maintain a number of scripts that serve very restricted purposes for the use of our web user with sudo. www WIFIROUTERS = (root) NOPASSWD: WIRELESS This allows the www user to run the wireless connection setup/teardown scripts as root without typing a password on wireless routers. We use this to allow a transparent proxy web-app to move the user to the authenticated firewall context. Our sudoers file (shared across roughly 100 machines) is littered with other examples ranging from allowing users to sa-learn in mailman to nagios monitoring and remote sync jobs for DNS/DHCP. -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgpzuUTwE1gr0.pgp Description: PGP signature
Re: Run script as root from WebServer
On Monday 22 September 2008 22:51:26 Matias Surdi wrote: The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. There's 2 alternatives I have used: 1) If the configuration files allow 'includes', then include a file that is writeable by the webuser. This will additionally allow you to restrict what the webserver can change in the config of this application. Note, that configuration files that are modifyable by root only, often are for a reason, so this does not improve the security of the service being configured, but it takes a fork() and sudo out of the mix. 2) If the changes do not need to be immediate, then you can put it in a queue directory and run a script through root's cron that picks up the queue and runs the commands there in. You then have the opportunity to remove scripts before they are run or even build in authorization. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Run script as root from WebServer
On Tue, Sep 23, 2008, Mel wrote: On Monday 22 September 2008 22:51:26 Matias Surdi wrote: The problem is that some of these scripts deal with configuration files and some other tasks that require root privileges. There's 2 alternatives I have used: 1) If the configuration files allow 'includes', then include a file that is writeable by the webuser. This will additionally allow you to restrict what the webserver can change in the config of this application. Note, that configuration files that are modifyable by root only, often are for a reason, so this does not improve the security of the service being configured, but it takes a fork() and sudo out of the mix. 2) If the changes do not need to be immediate, then you can put it in a queue directory and run a script through root's cron that picks up the queue and runs the commands there in. You then have the opportunity to remove scripts before they are run or even build in authorization. Another option that we use is to have an XML-RPC server running as root on localhost, accessible from the web server. This server is written using the standard python SimpleXMLRPCServer, and handles a limited number of procedures. Some of these procedures, such as running ``make'' in the etc/postfix directory, do not have serious authentication. Others have stronger methods of authentication and restrictions. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 It would be a great improvement if the government respected individuals rights as much as they respect the rights of the caribous. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to test the uptime of a webserver?
On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman [EMAIL PROTECTED] wrote: Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene [EMAIL PROTECTED] wrote: I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. Not necessarily. You can install nagios on your web server and use it to monitor a server at the other end of your wan link -- usually a machine in your ISPs infrastructure[*] -- on the basis that if you can get packets out, then other people can get packets in. The trick is to monitor something that isn't too far away, or you'll end up monitoring the availability of other people's networks, rather than your own. There's a lot more can be done than just monitoring connectivity by sending ICMP ping packets every so often. There are any number of ways a web server can go wrong -- processes can crash, critical disk partitions can fill up, load spikes can overwhelm the machine's capacity. You can develop a range of different nagios tests that should tell you pretty much at a glance just what has gone wrong. Takes all the fun out of diagnosing the problems perhaps, but it does mean you'll be back to bed sooner when the pager goes off in the small hours. Cheers, Matthew [*] Some ISPs provide machines specifically for this purpose. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW Thank you guys. I'm looking for the simplest solution though, like a simple oneliner, or a shell script. Anybody have an idea? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to test the uptime of a webserver?
On Thu, Sep 4, 2008 at 8:58 PM, Redd Vinylene [EMAIL PROTECTED]wrote: On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman [EMAIL PROTECTED] wrote: Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene [EMAIL PROTECTED] wrote: I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. Not necessarily. You can install nagios on your web server and use it to monitor a server at the other end of your wan link -- usually a machine in your ISPs infrastructure[*] -- on the basis that if you can get packets out, then other people can get packets in. The trick is to monitor something that isn't too far away, or you'll end up monitoring the availability of other people's networks, rather than your own. There's a lot more can be done than just monitoring connectivity by sending ICMP ping packets every so often. There are any number of ways a web server can go wrong -- processes can crash, critical disk partitions can fill up, load spikes can overwhelm the machine's capacity. You can develop a range of different nagios tests that should tell you pretty much at a glance just what has gone wrong. Takes all the fun out of diagnosing the problems perhaps, but it does mean you'll be back to bed sooner when the pager goes off in the small hours. Cheers, Matthew [*] Some ISPs provide machines specifically for this purpose. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW Thank you guys. I'm looking for the simplest solution though, like a simple oneliner, or a shell script. Anybody have an idea? -- http://www.home.no/reddvinylene I'll try to write a simple shell script and report back to y'all. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to test the uptime of a webserver?
On Thu, Sep 4, 2008 at 9:05 PM, Redd Vinylene [EMAIL PROTECTED]wrote: On Thu, Sep 4, 2008 at 8:58 PM, Redd Vinylene [EMAIL PROTECTED]wrote: On Sun, Aug 31, 2008 at 4:59 PM, Matthew Seaman [EMAIL PROTECTED] wrote: Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene [EMAIL PROTECTED] wrote: I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. Not necessarily. You can install nagios on your web server and use it to monitor a server at the other end of your wan link -- usually a machine in your ISPs infrastructure[*] -- on the basis that if you can get packets out, then other people can get packets in. The trick is to monitor something that isn't too far away, or you'll end up monitoring the availability of other people's networks, rather than your own. There's a lot more can be done than just monitoring connectivity by sending ICMP ping packets every so often. There are any number of ways a web server can go wrong -- processes can crash, critical disk partitions can fill up, load spikes can overwhelm the machine's capacity. You can develop a range of different nagios tests that should tell you pretty much at a glance just what has gone wrong. Takes all the fun out of diagnosing the problems perhaps, but it does mean you'll be back to bed sooner when the pager goes off in the small hours. Cheers, Matthew [*] Some ISPs provide machines specifically for this purpose. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW Thank you guys. I'm looking for the simplest solution though, like a simple oneliner, or a shell script. Anybody have an idea? -- http://www.home.no/reddvinylene I'll try to write a simple shell script and report back to y'all. -- http://www.home.no/reddvinylene Perfection is achieved, not when there's nothing left to add, but when there's nothing left to take away :) while sleep 555; do wget http://ip -O /dev/null -t 1 || mail -s email Host is down; done -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to test the uptime of a webserver?
Redd Vinylene wrote: Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? http://www.nagios.org/ Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: How to test the uptime of a webserver?
On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene [EMAIL PROTECTED] wrote: Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hello, You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to test the uptime of a webserver?
Redd Vinylene wrote: On Sun, Aug 31, 2008 at 2:22 AM, Moises Castellanos [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 7:05 PM, Redd Vinylene [EMAIL PROTECTED] wrote: Hello hello! I got this dedicated server which is exposed to DDoS attacks quite frequently. Say I need to host a website on it, is there any way of telling how often it is actually online (to the rest of the world)? Maybe make some sort of ping script from a remote server? Hello, You can install nagios and monitor the web server. It will send you an email when the server is down and when is up again. With this information you can know the uptime of the web server. I'd have to install Nagios on a different server then, right? I doubt the actual server knows when its ISP's link drops (or just slows down) due to an attack. You can easily get nagios to test the web server sitting on the same machine its installed on and you can also get nagios to ping some external target to test the link. However if the link is down that won't help you, so basically yes it would be wise to have an external nagios server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]