Difference between pages "How to Dev" and "Web-server-stack"

Revision as of 13:55, January 18, 2015

Pre-install considerations

ssl

Ssl wild card certificates can use the same certificate to cover several subdomain names. As in https://wiki.funtoo.org https://www.funtoo.org https://forums.funtoo.org can all use the same certificate. https://funtoo.org would not be covered under the wildcard, so Threesixes (talk) suggests using http://domain.tld as a http navigation splash page directory. All that is required to setup a ca signed ssl certificate is an email on the server. https://www.startssl.com offers free ssl ca certificates, though there are several other certificate providers. Many web apps require you set your URL & will have problems if your URL is set to http://, rather than https://

sockets vs tcp stack

Sockets have less overhead but can not be shared across jails, or to other machines. Tcp stack has more overhead but is far more flexible.

Email Servers

mail-mta/postfix <-- suggested
No results
No results
No results
No results

FTP Servers

It is common practice to use FTP servers to host files for downloading.

net-ftp/vsftpd <-- suggested
net-ftp/proftpd
No results
No results

Webserver

Web servers come in several varieties. The most common stack is known as LAMP which stands for linux apache mysql php. Threesixes (talk) suggests setting up the web server stack by selecting the database first, then scripting language second, and web server 3rd.

Databases

dev-db/mysql

mariadb is a drop in replacement for mysql

dev-db/mariadb <-- suggested

percona is a drop in replacement for mysql

No results

No results
dev-db/sqlite

Languages

dev-lang/php <-- suggested
dev-lang/perl
No results

Web Servers

SSL Termination, Reverse Proxies, & load balancing

Reverse proxies are useful, some cache static data, and shuck out cached pages rather than hitting the web server. Some pass requests to backend nodes high availability clustering your website, some web servers have this functionality built in.

www-servers/nginx
No results
No results <-- suggested for ssl termination & load balancing
www-servers/varnish <-- suggested for caching to reduce power consumption & reduce the need of constantly rebuilding pages
net-proxy/squid

Post install

There are several considerations to take into account with a web server install, such as setting up an email server, setting up a firewall, firewalling web applications, and dynamically firewalling attackers.

Firewalls

Dynamic Firewalling

app-admin/sshguard <-- suggested
No results

Webapp Firewalls

Apache has an option for webapplication firewalling. as far as Threesixes (talk) can tell this passes login errors & excessive site fuzzing to logs for fail2ban/sshguard to deal with. https://github.com/nbs-system/naxsi is a web app firewall for nginx.

Benchmarking

It's a good idea to benchmark your system, server, & websites. There are several tools to assist you in doing this.

http://toolbar.netcraft.com/site_report?url=undefined#last_reboot
http://gtmetrix.com/
http://www.showslow.com/
http://yslow.org/
http://getfirebug.com/
app-admin/apache-tools
No results
No results
No results
No results
No results
No results
No results

@@ Line 1: / Line 1: @@
-= How to 'dev' =
-__NOTITLE__
-{{fancytip|This page will continue to be updated with development-related information... thanks for your interest :)}}
+== Pre-install considerations ==
+=== ssl ===
+Ssl [http://en.wikipedia.org/wiki/Wildcard_certificate wild card certificates] can use the same certificate to cover several subdomain names.  As in https://wiki.funtoo.org https://www.funtoo.org https://forums.funtoo.org can all use the same certificate.  https://funtoo.org would not be covered under the wildcard, so [[User:Threesixes|Threesixes]] ([[User talk:Threesixes|talk]]) suggests using http://domain.tld as a http navigation splash page directory.  All that is required to setup a ca signed ssl certificate is an email on the server.  https://www.startssl.com offers free ssl ca certificates, though there are several other certificate [http://en.wikipedia.org/wiki/Certificate_authority#Providers providers].  Many web apps require you set your URL & will have problems if your URL is set to http://, rather than https://
-This page serves as the official introduction on how to collaborate with our community and help to improve Funtoo Linux.
+=== sockets vs tcp stack ===
+Sockets have less overhead but can not be shared across jails, or to other machines.  Tcp stack has more overhead but is far more flexible.
-== Introduction ==
+=== Email Servers ===
+* {{Package|mail-mta/postfix}}  <-- suggested
+* {{Package|mail-mta/ssmtp}}
+* {{Package|mail-mta/exim}}
+* {{Package|mail-mta/sendmail}}
+* {{Package|mail-mta/nullmailer}}
-Thanks for your interest in helping out with Funtoo Linux! Funtoo Linux has existed for several years, and we've been using git since the beginning of the project, but have played with various approaches on how to develop Funtoo Linux in a collaborative fashion. Some approaches have worked, some haven't, and I (Daniel) and others like to periodically experiment with different approaches, so these methods are likely to change in the future.
+=== FTP Servers ===
+It is common practice to use FTP servers to host files for downloading.
-== How to Develop -- The Quick Summary ==
+* {{Package|net-ftp/vsftpd}} <-- suggested
+* {{Package|net-ftp/proftpd}}
+* {{Package|net-ftp/pure-ftpd}}
+* {{Package|net-ftp/qshare}}
-Okay, so you want to get involved. How do you do it? Well, here's how we want you to start:
+== Webserver ==
+Web servers come in several varieties.  The most common stack is known as LAMP which stands for linux apache mysql php.  [[User:Threesixes|Threesixes]] ([[User talk:Threesixes|talk]]) suggests setting up the web server stack by selecting the database first, then scripting language second, and web server 3rd.
-* First, you need to actually ''use'' Funtoo Linux in some capacity.
+=== Databases ===
-* {{CreateAccount}}
+* {{Package|dev-db/mysql}}
-* Help in the [http://forums.funtoo.org forums].
-* Find things that need fixing on [https://bugs.funtoo.org the bug tracker], and submit fixes for them.
-* If you have a new ebuild, then create an issue on [https://bugs.funtoo.org the bug tracker] for it.
-* Testing things and finding bugs is also a form of help.
-* Help us document stuff on the wiki. See [[Help:Funtoo Editing Guidelines|How to 'wiki']].
-* Hang out in <tt>#funtoo</tt> on freenode and chat with us.
-* Learn more about ebuilds by reading our [[Developer Guide]]. Ask questions.
-* [[Compare Forked Packages To Gentoo]], find one that needs updating, and ask us how to help.
-If you start doing a good amount of this, you will get noticed and plugged in to our development efforts in a short amount of time.
+mariadb is a drop in replacement for mysql
+* {{Package|dev-db/mariadb}} <-- suggested
-Now that you have the big picture, let's start by doing a quick overview of Funtoo infrastructure and how it (currently) relates to Funtoo Linux development.
+percona is a drop in replacement for mysql
+* {{Package|dev-db/percona-server}}
-== bugs.funtoo.org ==
+* {{Package|dev-db/postgresql-server}}
+* {{Package|dev-db/sqlite}}
-Currently, [https://bugs.funtoo.org bugs.funtoo.org] serves as the center of operations for all development. If you're going to collaborate with us, then you should definitely {{CreateAccount}} and familiarize yourself with our bug tracker. We try to ensure that ''all'' work in Funtoo Linux has a corresponding issue opened on the bug tracker, so there is some reference for someone to look to find out ''why'' some change was made.
+=== Languages ===
+* {{Package|dev-lang/php}} <-- suggested
+* {{Package|dev-lang/perl}}
+* {{Package|dev-lang/python}}
-== The Wiki ==
+=== Web Servers ===
+* {{Package|www-servers/apache}}
+* {{Package|www-servers/cherokee}}
+* {{Package|www-servers/nginx}} <-- suggested
+* {{Package|www-servers/tengine}}
+* {{Package|www-servers/lighttpd}}
-You are currently reading the wiki, and it is becoming a more and more important part of development. We currently have the ability to define wiki pages for [[:Category:Ebuilds|Ebuilds]], which are used as official documentation for the ebuild. Documentation is a very important part of Funtoo Linux development, and you're strongly encouraged to read about [[Adding an Ebuild to the Wiki]]. Developers who write good documentation gain much respect :)
-== git.funtoo.org ==
+=== SSL Termination, Reverse Proxies, & load balancing ===
+Reverse proxies are useful, some cache static data, and shuck out cached pages rather than hitting the web server.  Some pass requests to backend nodes high availability clustering your website, some web servers have this functionality built in.
-All of our master git repositories exist on [http://git.funtoo.org git.funtoo.org].
+* {{Package|www-servers/nginx}}
+* {{package|net-misc/stunnel}}
+* {{package|www-servers/pound}} <-- suggested for ssl termination & load balancing
+* {{Package|www-servers/varnish}} <-- suggested for caching to reduce power consumption & reduce the need of constantly rebuilding pages
+* {{Package|net-proxy/squid}}
-== GitHub ==
+== Post install ==
+There are several considerations to take into account with a web server install, such as setting up an email server, setting up a firewall, firewalling web applications, and dynamically firewalling attackers.
-We have mirrors of all our git repositories on [http://github.com/funtoo GitHub]. When we push to a repository on git.funtoo.org, it automatically pushes the change to the corresponding repo on GitHub, too.
+=== Firewalls ===
+* {{Package|net-firewall/nftables}}
+* {{Package|net-firewall/iptables}} <-- suggested
+* {{Package|net-firewall/firewalld}}
+* {{Package|net-firewall/ufw}}
-This has historically created some confusion, because we don't really (right now) do active development on GitHub, using pull requests. If you have an improvement to Funtoo Linux, we want you to open a bug on our [https://bugs.funtoo.org bug tracker]. However, I am hoping that this will change - see {{Bug|FL-1322}}. But for now, if you create an issue or a pull request on GitHub, we probably won't see it in a timely manner.
+=== Dynamic Firewalling ===
+* {{Package|app-admin/sshguard}} <-- suggested
+* {{Package|net-analyzer/fail2ban}}
-== The Git Repositories Themselves ==
+=== Webapp Firewalls ===
-One important thing to understand about Funtoo Linux is that the git tree you receive when you type <tt>emerge --sync</tt> is what I call a ''transport tree'' -- it is used to deliver updates to you, but it is not used for development. Our main <tt>/usr/portage</tt> tree can be seen at http://git.funtoo.org/ports-2012/tree or http://github.com/funtoo/ports-2012 is generated using automated scripts which take the Gentoo Portage tree, various funtoo overlays, and several other overlays and combine them into a unified tree. We generate an updated commit for our transport tree every 4 hours.
+Apache has an option for webapplication firewalling.  as far as [[User:Threesixes|Threesixes]] ([[User talk:Threesixes|talk]]) can tell this passes login errors & excessive site fuzzing to logs for fail2ban/sshguard to deal with.
+https://github.com/nbs-system/naxsi is a web app firewall for nginx.
-=== Development Trees ===
+=== Benchmarking ===
+It's a good idea to benchmark your system, server, & websites.  There are several tools to assist you in doing this.
-The repositories that we actually do development in are:
+* http://toolbar.netcraft.com/site_report?url=undefined#last_reboot
+* http://gtmetrix.com/
-{{#ask:[[Category:Repositories]] [[Repository Type::Development Tree]]
+* http://www.showslow.com/
-|? Repository ID}}
+* http://yslow.org/
+* http://getfirebug.com/
-[[Repository:Funtoo Overlay|funtoo-overlay]] is where nearly all of the core Funtoo forked ebuilds live. This tree is maintained by senior Funtoo staff and the BDFL, and also contains stuff like our [[Funtoo 1.0 Profile]] system, and the actual scripts that are used to generate our main "transport" tree that users receive.
+* {{Package|app-admin/apache-tools}}
+* {{Package|app-benchmarks/sysbench}}
-[[Repository:Funtoo LDAP Overlay|The Funtoo LDAP]] and [[Repository:Funtoo GNOME Overlay|GNOME]] overlays are examples of development trees where Funtoo staff have collected a bunch of ebuilds that were cluttering up funtoo-overlay, and placed them in their own repository to improve organization. These are treated as extensions of funtoo-overlay.
+* {{Package|app-benchmarks/phoronix-test-suite}}
+* {{Package|app-benchmarks/iozone}}
-[[Repository:Funtoo Plex Overlay|The Plex overlay]] and [[Repository:Funtoo DeaDBeeF Overlay|DeaDBeeF]] overlays are examples of overlays that are maintained by independent developers, and these overlays are hosted in these developers' GitHub accounts. We have added these overlays to our merge script, so any updates made to these GitHub repositories are automatically pulled into our transport tree.
+* {{Package|app-benchmarks/piozone}}
+* {{Package|app-benchmarks/siege}}
-So as you can see, there is quite a bit of flexiblity in how updates can be added to our tree. Senior staff can work on the funtoo-overlay, others can work on the more independent GNOME and LDAP overlays, and (mostly) independent developers can happily maintain ebuilds in their own independent overlays, hosted on GitHub.
+* {{Package|app-benchmarks/ramspeed}}
+* {{Package|app-benchmarks/jmeter}}