Andrew Pollock wrote: > > Hi, Hello :-)
> I'm looking at starting to do some commercial virtual web hosting on a Linux > box > I have that was previously just used for tinkering. Good. Could you detail what it is you will make available for your customers? You spoke about CGI access but it would help if you were detailing a bit more. > I'm just wondering what methods different people are using to provision > multiple > websites under Apache? There are basically 2 different type of architectures I can think of: Centralized and Distributed. For more info I invite you to read http://dudle.linuxroot.org/docs/presentation/oreilly/web_hosting/index.html As far as Apache is concerned, you can do it 2 ways. You can chose to use mod_vhost_alias (http://httpd.apache.org/docs/mod/mod_vhost_alias.html) or you can have a portion of the httpd.conf reserved for each VirtualHost. Wether you chose one solution over the other depends on 2 major points: - the complexity of your setup - the number of web sites you are planning on hosting. If like me you plan on hosting a lot of bare bones web sites made of static content without support for CGI's, mod_vhost_alias is by far the best approach. If you plan on doing anything more complex then you need to investigate in another setup. > I'm after a method that's scaleable, as neat as possible, and most of all as > secure as possible. Security is the largest concern. Customers always want the latest install of <name your product>. That's a tradeoff. > e.g. > > Where do people shove their content roots? It's a matter of taste. Some people do it under /apache, I do it under /usr/local/apache/domains, it depends. One great thing to do as pointed by A.Sleep is to have directory letters. For example: $ ls /apache a b c d .... $ ls /apache/a apple.com akamai.com .... > How do you securely allow individual sites to have CGI access? The same way you would secure a box where your users have shell accounts. CGI == Shell. SuExec is one way, CGIwrap is a little better. You need to control how your customers are uploading files. If you provide FTP access only, I suggest investigating in ProFTPd. It can take the quota management out of the file system which can greatly improve performances. It can also get the credentials (username/passwords) from LDAP or SQL. Chroot when it comes to FTP is a must. > Directory structures, permission structures, account structures etc etc It is a vast subject. A.Sleep was talking about stats. I have a different opinion when it comes to generating statistics. My tests and studies showed that only 20% of the customers look at their stats more than 3 times a week. To me, that means that generating stats on a daily basis is a waste of time. Therefore, I decided to generate stats on demand and to cache the output on drive until the end of the day. It may be worth thinking about. > Andrew Haim. -- http://dudle.linuxroot.org use Debian;
