MandrivaUsers.org : Web and mail server - MandrivaUsers.org

Jump to content

  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Web and mail server Opinions needed

#1 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 31 March 2010 - 03:35 AM

If I wanted to set up one box for a mail/web server, should I use Apache/Postfix or would I be better to create virtual machines on the box for separate web and mail servers? What do you think?
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#2 User is offline   tux99 

  • Emperor Penguin
  • Group: Members
  • Posts: 611
  • Joined: 21-September 08

Posted 31 March 2010 - 12:25 PM

Separate virtual machines is a lot more admin overhead, but increases security (if done right).

Postfix is quite secure by itself and can even be run chrooted so isn't really a security concern.

Apache itself is quite secure too, but can be rendered insecure by flawed php scripts, so it depends how you use it.

Ultimately it comes down to security versus less admin overhead, only you can decide if your specific intended use needs the extra security or not.

This post has been edited by tux99: 31 March 2010 - 12:25 PM

Linux user since 1995 (Slackware 2.2), Mandrake/Mandriva user since 6.0, Redhat Certified Engineer (RHCE)
>>>LinuxTECH.NET<<<
Linux - Life in the Open without Walls or Windows
0

#3 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 31 March 2010 - 01:45 PM

I have a client who wants to move his web site and mail in-house. I want to change the site to a better package. His current site is one of those drop-down-lists-and-change sort of thing which is not very appealing, IMHO. I can but a template for 30-60 dollars and edit the code to customize it. I am concerned about security, but am not certain I need to go virtual.
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#4 User is offline   tux99 

  • Emperor Penguin
  • Group: Members
  • Posts: 611
  • Joined: 21-September 08

Posted 31 March 2010 - 06:36 PM

View PostIxthusdan, on 31 March 2010 - 01:45 PM, said:

I have a client who wants to move his web site and mail in-house.


If it's for a business and especially if the web site uses any of the popular CMS systems like Drupal, Yoomla, etc. then I would definitely use virtual machines or separate physical servers, since the risk that someone who hacks the web site also gains access to confidential business email is too high.
Linux user since 1995 (Slackware 2.2), Mandrake/Mandriva user since 6.0, Redhat Certified Engineer (RHCE)
>>>LinuxTECH.NET<<<
Linux - Life in the Open without Walls or Windows
0

#5 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 31 March 2010 - 08:45 PM

Although it may require more attention, it does seem that using virtual machines would be better, just to separate the web from the mail. I already administrate 3 servers for this client; one more box with 2 virtual servers would not be that big a deal.
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#6 User is offline   ianw1974 

  • Platinum
  • View blog
  • Group: Admin
  • Posts: 14,037
  • Joined: 09-March 05

Posted 02 April 2010 - 07:19 AM

I use Xen virtualisation and I have four virtual machines under here - Web Server, Mail Server, Proxy Server, Backup Server. I much prefer this, because if someone hacks my web server, then I can just kill the machine and reinstall a new one remotely. If it was installed as a normal server, I would have a problem meaning I would have to visit the site where the server is to reinstall a clean server.

So in reality, the virtual server will be less problematic in the event of an attack. Admin is the same, just that you have more servers to connect to but that is minimal.
Ian Walker

Light travels faster than sound. This is why some people appear bright until you hear them speak.........

Posted Image1 x systems installed with Debian (squeeze) x86_64 (Xen Server)
Posted Image1 x systems installed with Ubuntu Lucid (10.04 LTS) x86_64 (Laptop)
Posted Image1 x systems installed with Gentoo x86_64 (Desktop)

My Linux Solutions | Linux Systems Limited
0

#7 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 03 April 2010 - 12:18 PM

Ian, I really like the idea of administrating off-site as much as possible, and so do my clients. Obviously, a higher cost is incurred by them for on-site work. I am looking at the new Ubuntu server as a base for all of this. Any thoughts concerning the base system? (The only reason for choosing Ubuntu is no charge for updates, where as everyone else wants money for future updates. Ubuntu comes with the desired products, except I may need a better virtual set-up.)
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#8 User is offline   tux99 

  • Emperor Penguin
  • Group: Members
  • Posts: 611
  • Joined: 21-September 08

Posted 03 April 2010 - 12:40 PM

I always use CentOS (i.e. Redhat Enterprise Linux in all but the name) for servers, it's supported for a much longer time than the 2 years Ubuntu LTS releases are (unless you want to guarantee yourself an upgrade fee every two years ;)/> , but that wouldn't be my style).

This post has been edited by tux99: 03 April 2010 - 12:48 PM

Linux user since 1995 (Slackware 2.2), Mandrake/Mandriva user since 6.0, Redhat Certified Engineer (RHCE)
>>>LinuxTECH.NET<<<
Linux - Life in the Open without Walls or Windows
0

#9 User is offline   ianw1974 

  • Platinum
  • View blog
  • Group: Admin
  • Posts: 14,037
  • Joined: 09-March 05

Posted 03 April 2010 - 01:23 PM

I'm with tux99. My virtualised server environment comprises base system of CentOS 5 x86_64, with four virtual servers. One of which is Red Hat Enterprise Linux with subscription, the remainder are CentOS 5. All virtualised servers are 32 bit versions. All running under Xen.
Ian Walker

Light travels faster than sound. This is why some people appear bright until you hear them speak.........

Posted Image1 x systems installed with Debian (squeeze) x86_64 (Xen Server)
Posted Image1 x systems installed with Ubuntu Lucid (10.04 LTS) x86_64 (Laptop)
Posted Image1 x systems installed with Gentoo x86_64 (Desktop)

My Linux Solutions | Linux Systems Limited
0

#10 User is offline   Reiver_Fluffi 

  • Often misunderstood...
  • Group: Members
  • Posts: 2,210
  • Joined: 10-May 05

Posted 03 April 2010 - 03:54 PM

View Posttux99, on 03 April 2010 - 12:40 PM, said:

I always use CentOS (i.e. Redhat Enterprise Linux in all but the name) for servers, it's supported for a much longer time than the 2 years Ubuntu LTS releases are (unless you want to guarantee yourself an upgrade fee every two years ;)/> , but that wouldn't be my style).


That is factually incorrect, the LTS releases are supported for 3 years for UbuntuDesktop and 5 years for UbuntuServer.

Source: http://wiki.ubuntu.com/LTS
0

#11 User is offline   tux99 

  • Emperor Penguin
  • Group: Members
  • Posts: 611
  • Joined: 21-September 08

Posted 03 April 2010 - 04:51 PM

View PostReiver_Fluffi, on 03 April 2010 - 03:54 PM, said:

That is factually incorrect, the LTS releases are supported for 3 years for UbuntuDesktop and 5 years for UbuntuServer.

Source: http://wiki.ubuntu.com/LTS


Ok, didn't know that thanks for correcting me. I still wouldn't choose Ubuntu as a server (and not for a desktop either since on the desktop Mandriva is better), Redhat is the industry standard for Linux servers in a business environment and deservedly so, therefore CentOS (which is a free Redhat clone) is the best choice IMHO.

If it has to be a debian style distro then I would choose the original, i.e. Debian, rather than Ubuntu server.

This post has been edited by tux99: 03 April 2010 - 04:53 PM

Linux user since 1995 (Slackware 2.2), Mandrake/Mandriva user since 6.0, Redhat Certified Engineer (RHCE)
>>>LinuxTECH.NET<<<
Linux - Life in the Open without Walls or Windows
0

#12 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 03 April 2010 - 06:14 PM

I thank you all for your opinions. I will have a look at CentOS; I actually did not realize it was RedHat. I actually am considering Debian as well for the base system.
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#13 User is offline   paul 

  • Kimalicious
  • View blog
  • Group: Admin
  • Posts: 5,673
  • Joined: 07-September 02

Posted 05 April 2010 - 08:41 PM

my 15 or so virtual server run debian using kvm.

I have two remainig vmare boxes destined for the trash heap this year
0

#14 User is offline   Ixthusdan 

  • Platinum
  • Group: Platinum
  • Posts: 9,042
  • Joined: 17-September 02

Posted 07 April 2010 - 12:38 PM

Paul, ( and anyone) how many NICs do you use? The box I am building has 2. I am thinking that I would add a third NIC so that the server and both virtual servers would have their own networking link, and I would connect them directly to the router. Any benefit to this layout? Does it matter?
The people never give up their liberties but under some delusion. Edmund Burke, 1784
0

#15 User is offline   paul 

  • Kimalicious
  • View blog
  • Group: Admin
  • Posts: 5,673
  • Joined: 07-September 02

Posted 08 April 2010 - 12:04 AM

1 interface with vlan'ing . .see below.

requires a vlan capable (Managed) switch for tagging and detagging etc
/etc/network/interfaces (snippet)

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
	address 202.37.129.18
	netmask 255.255.255.0
	network 202.37.129.0
	broadcast 202.37.129.255
	gateway 202.37.129.1
	# dns-* options are implemented by the resolvconf package, if installed
	dns-nameservers 202.37.129.2 131.203.126.178
	dns-search interspeed.co.nz


auto virbr1022
iface virbr1022 inet manual
	bridge_ports eth0.1022
	bridge_stp off
	bridge_maxwait 5



host:~# ip add | grep 1022
34: virbr1022: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
35: eth0.1022@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP



0

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users