: Securing/running a server I have recently moved from a shared hosting account at hostgator to the rackspace cloud. I have never utilized a server directly before, so have found it somewhat hard
I have recently moved from a shared hosting account at hostgator to the rackspace cloud.
I have never utilized a server directly before, so have found it somewhat hard to setup the server for my purposes. I have finally got there, and got ftp, phpmyadmin etc setup such that it essentially works the same way that my previous shared hosting account worked.
I am developing some websites for a commercial release, and I expect they will grow quite quickly. Given this I want to mae sure my server is secure, and fully understand my requirements and how/when they need to be upgraded and why.
For example I am hosting the database on the same instance as my files.. is this correct?
Essentially I am looking for some guidance on where i can develop my knowledge to a sufficient level that i can manage my servers.. given that programming is really my area..
Thanks
More posts by @Nimeshi995
3 Comments
Sorted by latest first Latest Oldest Best
Here are some diagrams showing how to setup various cloud based application, while some are on AWS the same can be done on RackSpace
support.rightscale.com/09-Clouds/Rackspace_Hosting/Concepts/Rackspace_System_Architecture_Diagrams creately.com/blog/announcements/aws-architecture-diagrams-icons/
Securing your server is a whole other topic. Bottom line though keep your software up to date. Monitor your logs, setup IDS's
Congratulations, you've moved from the limited world of shared hosting to the powerful world of rackspace cloud servers.
First order of business. Get rid of FTP. It's insecure and was used by my grandpa back in the 60's. Instead use SSH (SFTP) or better yet learn how to Replace FTP with Git
You can run MySQL on the same sever, but just make sure it's not listening to the world... only localhost (127.0.0.1). Run this command as root to see what ports your server is listening on.
netstat -ltunp
Shut down anything you don't need
service ftpd stop
/sbin/chkconfig ftpd off
That will get you started. Make sure to keep your server up to date. Here are some helpful programs you might want to install to keep your server secure.
Fail2ban
RKHunter
For MySQL admin I HIGHLY recommend Sequel Pro (OS X only)
If you're main concern is security, look into documentation for hosting a site that is PCI compliant. PCI Compliance is for running websites that take credit cards. Even if you aren't taking credit cards, following the guidelines for PCI compliance is a start in the right direction.
Server security is an ongoing process so you have to continually stay up to date. If coding is your true strength, you should probably go with a fully managed host instead of a diy cloud server. You'll end up spending a lot of time managing the internals of the server platform that could be spent making something profitable ($.02).
For example, your server distribution may release a security update for your scripting language of choice (php, python, etc). You install the update. Two days later your web application stops working when cron sends a sighup to do rotations because you didn't realize the new version of the scripting language had different .ini configurations that weren't recorded. In a managed environment a professional would have solved that problem before you ever saw it.
About the database, it's less secure to host a database on the same server as a webserver. If your webserver gets compromised, the attacker won't have root level access to your database since it's on a different server. Make sure the user/pass for the web application doesn't have full privelegs to the database itself either.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.