On Mon, Mar 08, 2010 at 03:17:29PM -0500, daniel wrote: > We're currently running about 15 rails, php and coldfusion apps with the > number growing almost weekly. As much as possible, each app gets its own > VM (or two) and is proxied to an outward facing web server. I use > running xen on centos. Not my first choice, but it is OK behind pf. With > a little scripting, I can create a VM and deploy an app in under 5 > minutes. > Learn about fastcgi and nginx, ditch the vm. your performance will go UP, and you will be about as secure. (and you won't have to figure out what memory to allocate for each vm).
With fastcgi and nginx, it's really easy to run each app as a separate user. Unless you fuck up really badly, a compromise in your app WON'T compromise the whole machine. And heck, you could probably ldap your userbase or something, and have the convenience of having the same accounts work on each of those apps.
