Technical difficulties....

[Griffin NoName]

Me too. Few times last few days.

[ivor]

DreamHost and buy sites just don't go together.

[Griffin NoName]

Yeh - I hadn't bothered to mention it as had noticed similar probs with another DreamHost site at the same time....

Maybe they just need to rename the Dream part of their name?

[Sibling Chatty]

Me too. Few times last few days.

Me three. I just go take a nap, and it's all better when I get up again!

[ivor]

When I am a few paychecks into my new job I am getting business FIOS and a new server.  I start the 29th. 

[Opsa]

Yeay MB! You go, Duje!

[ivor]

DreamHost is just awful.  Everything else is worse or un-affordable.  Business FIOS and a new server should be the bomb-digity.  Dual 64 bit Xeons, Adaptec SATA II raid card with five 300Gb drives set for RAID V.

Any linux gurus out there?

It'll be shared with all my other sites but they don't get that much traffic.

[Griffin NoName]

Unix but not Linux.

[ivor]

It's about the same is it not?  I've played with Linux.  I have setup a shared hosting environment but I am not a guru.  It'd be good to have some help.

Do you know if there are any distros setup for shared hosting out of the box?  If there isn't it would be sweet to do that considering the availability of business FIOS and the price of dedicated hosting.

[Griffin NoName]

I've never explored differences between Linux and bare Unix. My unix is solid and extensive apart from I never patched the kernel. So theoretically Linux ought to be a doddle.

I don't know of any shared hosting environments out of the box, but I'd be surprised if there aren't any - theoretically. Are you talking about hosting your own sites on your own server? I have known a few people do this; don't underestimate the hassle and time it takes !!

[beagle]

I do code development on Linux and Windows and Solaris, but don't know a lot about web technologies on Linux (I worked for a web company until recently, but was on the Windows Server/IIS side).

I would have thought it'll be pretty similar to Solaris or other big Unixes for you (except you'll get to spend less time with fsck ). The installation of something like SuSe is much more automated and easy than most big Unixes I know, but unless you check the install screens carefully it might default to installing every bit of freeware ever written in a back bedroom.

The obvious stuff still applies, install the minimum stuff you need, patch it, check at CERT etc for known vulnerabilities, run the fewest daemons you can and use Iptables/Ipchains and/or a hardware firewall.
Use the automatic update program etc. As compared to Aix/Solaris etc you need to be aware that there will be stuff on the supplied disks with security holes in; e.g. three or four ftp servers of which hairy Linux gurus know never to use two (actually most would only ever use SSH, but you get the point).

I like Suse (though I liked it more before Novell took it over), but others favour Red Hat or Debian (the Linux flavour favoured by true Linux afficionados seems to change every month, and there are hundreds of them).

One thing to watch out for is that exotic hardware may not be supported for some time (until somebody keen writes the driver). More a problem with new graphics cards in desktops than with the sort of industry standard Xeon/Adaptec server hardware you describe.

You almost certainly know this already, but twin Xeon machines sometimes have fans that sound like an RB211 at full thrust. I wouldn't plan on keeping one in your living room.

[ivor]

The first server I ran was Fedora Core 4.  Fedora was pretty easy to setup and maintain.  Doing the weird stuff was an adventure to say the least.  I set up Samba once and actually got it working.  What a nightmare, but I don't need that stuff.

I need a firewall which I may run on a separate machine.  I need Apache, PHP, MySQL and SFTP.  All that I have done, but it would be nice to have a second set of eyes on it.  I guess I need X11 so someone else can look at it.  I've done that to.  Is X11 secure over the Internet?  Maybe we need VPN too.

I have run a bunch of different distros of Linux and they all install a lot of junk.  It's pretty easy to un-select it all.

My last server had big noisy fans.  I placed the server on the other side of the house so I wouldn't bother me.  After a while you kind of tune it out.

I don't like Suse much since they are in bed with Micro$oft now.

There's no hurry to get off DreamHost.  I'll get everything setup to our liking and then switch one of my other sites over to the new server and see how it goes.  My sites are constantly under attack by hackers according to the logs so any security problems should be readily evident.

[beagle]

I'd be very wary of using X11 over the internet outside of a VPN or similar. I might be out of date, but it was always considered a forest of security problems, and in my last place they wouldn't put it on public servers at all, even if outside access was blocked by the firewall.
Maybe someone here is more up to date on this.

Yep, I always found Samba a pain to set up; generally pinched the samba.conf (or is it smb.conf?) from a working machine and nudged it in the right direction.

In my experience the security area that tends to get most overlooked is SQL Insertion, but I'm sure all your PHP is beautifully executed using stored procedures, as of course is my web stuff (cough).

I used to use Bob Toxen's book "Real World Linux Security", but don't know if it's still considered a standard.

[ivor]

X11 on VPN should be fine.  I'll block it at the firewall so it can't get out except in VPN.

Most all the stuff here is third party. I keep up with the updates.  There's not a lot going on here.

I'll have to check out that book.  Thanks for the tip!

I think I will use this Linux distro:

http://www.ubuntu.com/products/whatisubuntu/serveredition

[beagle]

I've heard good things about it, but not used myself.

My Linux experience is mainly code development on SuSE, and use of Exim as a MTA front-end for a Windows Server domain Exchange environment (the thought of connecting Exchange directly to the internet through ISA server scared the willies out of me, both products being so complicated I never felt totally confident you could be sure they  were locked down). Call me paranoid; Watchguard firewall with automatic intrusion detection to iptables firewall to Exim, rejecting many mime types and running three commercial virus engines and clamav and Spamassassin, to Microsoft ISA server to Exchange running another virus checker.