Uber Configuration

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Uber Configuration

Post by Ollie Saunders »

I've hired someone for my server config job now. He seems really good so I'm happy -> :D
Anyway this is the spec I'm giving him the job, I'm not really sure on some of the details, he will advise me but what about you guys? I'm sure you have thoughts on this. Is this [s]the perfect[/s] any good as a server configuration :P ?
  • Security tight Apache configuration with site enabling/disabling.
  • Choose a version of Apache and justify your choice. Making sure it is using no threading. Is there any advantage to compiling from source here?
  • Apache Mods: mod_rewrite, mod_alias, mod_auth, mod_deflate, mod_ssl (and anything else these need to work)
  • Any other mods that may be useful?
  • A template Apache .conf used for each domain for the purpose of selective security slackening and per-domain configuration.
  • Each domain's (vhost) document root called 'www'
  • Ability to add subdomains easily
  • Automated script for the creation of new domains. You'll see "for each domain" things down this list so that's why I figure this is necessary.
  • Subversion server that I do all my development work off of. Working over https
  • Subversion repository for each domain.
  • Each domain has a checkout of the relevant repository that can be updated easily.
  • Above three points make up my deployment solution.
  • Perhaps a bash script: "updatesite sitename". would navigate to the domain's dir and do svn update.
  • Each domain should have an FTP user has read/write access to that domain and its subdomains (or possibly separate user for that, whatever is easiest) only
  • Main FTP user that can read only from a less restrictive base dir
  • Anonymous FTP account that can read only from a designated directory for shared content
  • Ability to add new FTP users that have limited disk space quota and restricted to one particular dir once again. Read/write of course.
  • FTP user for browsing the PHP include path
  • MySQL configured to use UTF-8 by default. Only v5 supports this.
  • Standard MySQL user: for each database. With no ability to drop, alter or create.
  • Admin MySQL user: for each database with full permissions. with a very strong pass obviously. Other security measures?
  • Script that creates new databases, possibly via the script is the only way a database can be created that creates the admin and standard users.
  • Way of getting standard MySQL user credientals into PHP scripts. I don't particularly want to type cleartext passwords in my scripts. I understand there are ways of doing this.
  • Command line MySQL client
  • ssh on alternate port as you mentioned
  • PHP 5.2 with APC
  • PHP extensions: GD, mHash, XSL, MySQL, MySQLI, PDO (with MySQL driver), mbstring
  • PHP compiled from source. Could you give me a list of configuration options please.
  • Ability to recompile and update PHP easily with PECL extensions for example.
  • Backup: I think we may need to discuss this a bit more first. Configuration, subversion checkouts and database (as frequently as daily I think).
  • Restoration: Do whatever you can to make restoration of backups easy.
  • Document all details of how things are setup and where important files are. Use comments in configuration files, you do not need to comment what each directive does by brief comments as to why you have used them and how they fit into the overall solution are helpful.
  • Nice apache logs would be good, I'm open to suggestions here.
  • PHP errors, at least, should go to a per-domain file --- readible from domain specific FTP user
  • Optional Extra: Lucene would be nice. Never installed or used it before but I could be useful as some stage.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Imho, writing up disaster scenarios (and how to recover from them) is what makes a configuration an 'Uber configuration'... As long as you don't have these, i wouldn't consider a configuration to be ideal..
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I thought disaster scenarios were par for the course.

Not sure I'd recommend a SVN repository for each domain. On a different note, it may be a good idea to look into using dynamic DNS however. :) On backup issues, I would recommend RAID 5 or better. I would also recommend a separate server for testing/development. Whether those two are on separate servers is debatable, but I certainly wouldn't do development on the production server.

For kicks or testing, you could set MySQL to run in ANSI mode and/or also install PostgreSQL too.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

disaster scenarios right ok. Will do. Umm what are they?
Not sure I'd recommend a SVN repository for each domain.
why's that then?
On a different note, it may be a good idea to look into using dynamic DNS however.
A dynamic ip? I don't think that is something I can do with my host.
On backup issues, I would recommend RAID 5 or better.
Again my host is in control of such things.
I would also recommend a separate server for testing/development.
Yep this is production only I still have my own (very low spec 100 quid) dev server at home.
Whether those two are on separate servers is debatable, but I certainly wouldn't do development on the production server.
No no, nor would I.
you could set MySQL to run in ANSI mode
What does that do then?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

ole wrote:disaster scenarios right ok. Will do. Umm what are they?
Flooding, hurricane/tornado, earth quake, fire, bombing, possibly even nuclear war.
ole wrote:
Not sure I'd recommend a SVN repository for each domain.
why's that then?
Well for one the SVN server should only be on the development server and push out from that to the production server. Next, it's often easier to manage one repository instead of many.
ole wrote:
On a different note, it may be a good idea to look into using dynamic DNS however.
A dynamic ip? I don't think that is something I can do with my host.
No, a DNS server that performs dynamic lookups in the domains it's serving instead of some ~static file. There are other ways to accomplish the same effect but it allows you to rapidly add or remove domains and subdomains as it will always be up-to-date.
ole wrote:
On backup issues, I would recommend RAID 5 or better.
Again my host is in control of such things.
Ah, I didn't see anything about being hosted.
ole wrote:
you could set MySQL to run in ANSI mode
What does that do then?
ANSI mode will make MySQL behave inline with the ANSI standards so it will throw errors for less standard code. I'm assuming you are wanting the code to be fairly portable. The more ANSI your queries are often helps in portability.
Post Reply