Donald M.

Hi, if you're fascinated by the way to produce an online hosting service, visit https://eweb.net. As a matter of reality, solely the lazy one failed to indite the subject of virtual net hosting. It's smart. The dangerous issue is that almost all of the data is extremely infirm structured and has no respect to the particular superior, safe and big virtual net hosting. This text describes the way to produce a completely operating system from scratch. TASKS
- produce the foremost productive and at the identical time secure webhosting
- enable mod_php to make files on behalf of the user, and not with net server rights
- defend users from one another
- defend the system from user intrusion
- defend the system from intrusion from outside
GENERAL theme OF HOSTING BUILDING
As an online server, we are going to use Apache one. 3 with the mod_php module and therefore the ability to run cgi scripts, because the hottest among webmasters. Software package - MySQL five. 1.
For "advanced" shoppers, we are going to give the gcc compiler to be used. Don't be afraid to grant the user access to the compiler - on a properly organized system, whether or not there's a compiler, nothing can break. We tend to are building a properly organized system, therefore the entire code complicated are at the user's disposal.
To reduce the load on Apache, install Associate in Nursing accelerated proxy server. From its a few years of observe, the foremost appropriate accelerator at the instant is nginx - a stable and high-quality multifunctional net server / accelerator.
Thus, at first, the request from the user goes to the nginx accelerator, that waits to receive all data and proxies the information to Apache solely when it's absolutely received. This we tend to scale back the load on Apache, that methodes every request in an exceedingly separate significant process.
For actually safe work, it's necessary that the programs at the positioning of every consumer run from their user. For CGI scripts, this task is solved by configuring suexec. The PHP module, that by definition is an element of Apache, runs with the rights of the user from that the net server is running. There's an alternate victimization suphp, however it masses the system abundantly and so this theme isn't applicable for mass net hosting.
We can opt for a compromise option: PHP will work as Associate in Nursing Apache module, and that we can give security with the settings of the classification system and therefore the PHP module.
It remains to unravel the last drawback, namely, the creation of files once mod_php works with the rights of the user United Nations agency owns the positioning, and not with the rights of the net server. Touching on the manual for the mount command, from that it follows that to inherit the owner once making objects within the directory, you need to mount the partition with the suiddir possibility.
FTP access ought to be provided solely through virtual users. This demand is thanks to the {very fact|the actual fact} that FTP passwords are transmitted in Associate in Nursing unencrypted kind and are very simple to intercept. To eliminate the chance of intrusion into the system via SSH, intercepting the positive identification for FTP and virtual users are required - not existing within the system, therefore, useless for a possible hacker.
Remember, all services collected in one place is nothing quite a check machine. In an exceedingly real configuration, capable of coupling thousands of queries per second, the MySQL server should air a separate machine. The identical applies to the nginx accelerator. Making an attempt to place everything along on one physical server can dramatically scale back the speed of the whole code complicated thanks to too high load on the disk system.