Web-server-stack

From Funtoo
Jump to navigation Jump to search

Pre-install considerations

ssl

A CA signed certificate is a certificate that has been issued and signed by a publicly trusted certificate authority (CA).

Ssl wild card certificates can use the same certificate to cover several subdomain names. As in https://wiki.funtoo.org https://www.funtoo.org https://forums.funtoo.org can all use the same certificate. https://funtoo.org would not be covered under the wildcard. All that is required to setup a CA signed ssl certificate is an email on the server. Free ssl CA certificates are available through several certificate providers. Many web apps require you set your URL & will have problems if your URL is set to http://, rather than https:// when using ssl/tls.

StartCom CA no longer offers free ssl ca certificates as it is closed as of Jan. 1st, 2018, it doesn't issue any new certificate from StartCom name roots.

Unix Sockets vs TCP stack

Sockets have less overhead but can not be shared across jails, or to other machines. The TCP stack has more overhead but is far more flexible.

Email Servers

FTP Servers

It is common practice to use FTP servers to host files for downloading.

Webserver

Web servers come in several varieties. The most common stack is known as LAMP which stands for linux apache mysql php. Funtoo suggests setting up the web server stack by selecting the database first, then scripting language second, and web server 3rd.

Databases

mariadb is a drop in replacement for mysql

percona is a drop in replacement for mysql

  • No results

Languages

Web Servers


SSL Termination, Reverse Proxies, Caching, & load balancing

Reverse proxies are useful, some cache static data, and shuck out cached pages rather than hitting the web server. Some pass requests to backend nodes high availability clustering your website, some web servers have this functionality built in.

Post install

There are several considerations to take into account with a web server install, such as setting up an email server, setting up a firewall, firewalling web applications, and dynamically firewalling attackers.

Firewalls

Dynamic Firewalling

Webapp Security

Install mod_security on your web servers. See the open web app security project

Benchmarking

It's a good idea to benchmark your system, server, & websites. There are several tools to assist you in doing this.