web hosting with ubuntu server
I’m thinking about doing series of how-to style articles on more technical subjects, here are some thoughts on a starting point: how to install and use Ubuntu Server, with AnyHosting as a case study.
AnyHosting currently uses Ubuntu Server (LTS) on a Rimuhosting.com virtual host. Ubuntu is very easy to install and use as a desktop, but if you haven’t done administration purely from the command line then Server can be a bit daunting. There are excellent starter guides and forums on the Ubuntu website.
Services
The following external services are provided (description followed by Ubuntu package name) :
- web server - apache2
- SMTP(+SSL) email server - postfix
- IMAP/POP(+SSL) email server - courier
- FTP - proftpd
Additionally, there are some internal services running, which are not visible from the internet (blocked by the “iptables” firewall):
- Database - mysql
- Monitoring/auto-recovery service - monit
- Automatic installation of security updates - cron-apt
- Log monitoring and reporting -
logwatchlogcheck - Append-only network backups - rsync
Security
All unused ports are blocked. Any connection attempts are logged and reported. FTP and email services authenticate against the database, so clients do not need system or shell accounts.
For shared hosting, Apache is configured to proxy to chrooted installs which users have access to (as discussed previously). This is not as secure as having a real separate VM or better yet a separate machine for each web hosting client, but therein lies the dilemma of low-cost shared hosting versus moderate-to-high priced dedicated hosting.
The primary goal is to protect legitimate users from eachother; protecting the system from unauthorized intrusion (and detecting such intrustion) probably deserves it’s own series of articles, however the last few services listed in the “Services” section above should give some clues.
EDIT 01/14/08 18:33 PST - logcheck, not logwatch
Tags: how to, howto, server, ubuntu, web hosting
