I don't know the details of the setup on our department, but I also run my own server at sage.mderickx.nl .
I use a combination of 3) and 5) on a debian system. And it has been running very stable (no problems since I configured the server about half a year ago). The reason why I also have apache is for it's virtualhost capabilities. This allows me to run both https://www.mderickx.nl and https://sage.mderickx.nl on the same server using the same ip adress. I'd say just use option 5) if sage is the only service on that server that needs port 443. I think it is a good idea to run sage on a priveleged port, since this makes it slightly harder to replace your sage notebook by a fake copy of your sage notebook to do evil things. That's why I don't like 6). Although I have the feeling that in practice 6 is just as secure as 5. A way more important security issue is that you really should use the server_pool option of the notebook() command, to specify that the notebook process (the sage server) and the worksheet process (the process that runs the calculations) run as a seperate user. This prevents the users on your system from being able to kill the server process. How to do this is all documented, just type: notebook? Thanks, Maarten Le mardi 31 juillet 2012 14:36:42 UTC+2, [email protected] a écrit : > > How have you installed sage for department or university? There are at > least six options: > > 1) Sage runs at port 8000 or similar. Users have to remember an url that > ends with :8000. > 2) Sage runs as root. Does not sound good. > 3) Set up Apache, use RewriteRules. Apache needs to be updated, might have > bugs. > 4) Set up lighthttpd. Maybe smaller web server got less bugs? > 5) Use authbind. Seems to work. Needs one extra component. > 6) Have iptables to redirect port 443 to (for example) 8000. > > I think that option 6 is best, but is there something more I should > consider before making decision? > > -- > Jori Mï¿œntysalo > -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-support URL: http://www.sagemath.org
