Uber Configuration
Posted: Fri Jan 12, 2007 5:04 am
I've hired someone for my server config job now. He seems really good so I'm happy -> 
Anyway this is the spec I'm giving him the job, I'm not really sure on some of the details, he will advise me but what about you guys? I'm sure you have thoughts on this. Is this [s]the perfect[/s] any good as a server configuration
?
Anyway this is the spec I'm giving him the job, I'm not really sure on some of the details, he will advise me but what about you guys? I'm sure you have thoughts on this. Is this [s]the perfect[/s] any good as a server configuration
- Security tight Apache configuration with site enabling/disabling.
- Choose a version of Apache and justify your choice. Making sure it is using no threading. Is there any advantage to compiling from source here?
- Apache Mods: mod_rewrite, mod_alias, mod_auth, mod_deflate, mod_ssl (and anything else these need to work)
- Any other mods that may be useful?
- A template Apache .conf used for each domain for the purpose of selective security slackening and per-domain configuration.
- Each domain's (vhost) document root called 'www'
- Ability to add subdomains easily
- Automated script for the creation of new domains. You'll see "for each domain" things down this list so that's why I figure this is necessary.
- Subversion server that I do all my development work off of. Working over https
- Subversion repository for each domain.
- Each domain has a checkout of the relevant repository that can be updated easily.
- Above three points make up my deployment solution.
- Perhaps a bash script: "updatesite sitename". would navigate to the domain's dir and do svn update.
- Each domain should have an FTP user has read/write access to that domain and its subdomains (or possibly separate user for that, whatever is easiest) only
- Main FTP user that can read only from a less restrictive base dir
- Anonymous FTP account that can read only from a designated directory for shared content
- Ability to add new FTP users that have limited disk space quota and restricted to one particular dir once again. Read/write of course.
- FTP user for browsing the PHP include path
- MySQL configured to use UTF-8 by default. Only v5 supports this.
- Standard MySQL user: for each database. With no ability to drop, alter or create.
- Admin MySQL user: for each database with full permissions. with a very strong pass obviously. Other security measures?
- Script that creates new databases, possibly via the script is the only way a database can be created that creates the admin and standard users.
- Way of getting standard MySQL user credientals into PHP scripts. I don't particularly want to type cleartext passwords in my scripts. I understand there are ways of doing this.
- Command line MySQL client
- ssh on alternate port as you mentioned
- PHP 5.2 with APC
- PHP extensions: GD, mHash, XSL, MySQL, MySQLI, PDO (with MySQL driver), mbstring
- PHP compiled from source. Could you give me a list of configuration options please.
- Ability to recompile and update PHP easily with PECL extensions for example.
- Backup: I think we may need to discuss this a bit more first. Configuration, subversion checkouts and database (as frequently as daily I think).
- Restoration: Do whatever you can to make restoration of backups easy.
- Document all details of how things are setup and where important files are. Use comments in configuration files, you do not need to comment what each directive does by brief comments as to why you have used them and how they fit into the overall solution are helpful.
- Nice apache logs would be good, I'm open to suggestions here.
- PHP errors, at least, should go to a per-domain file --- readible from domain specific FTP user
- Optional Extra: Lucene would be nice. Never installed or used it before but I could be useful as some stage.