On Dec 17, 2012 11:55 AM, "Paul Gideon Dann" <pdgiddie@gmail.com> wrote:
On Friday 14 Dec 2012 12:51:20 arnaud gaboury wrote:
currently following the Sun certified web component developer course, I want to set up a http web server @ home to practice. I plan to virtualize a Arch server on my Arch box.
Personally, I wouldn't bother virtualising. Certainly not just for
around with web servers. You could do that if you want to learn about virtualisation and security, though.
I know we can talk about pro/con for hours, but I am interested in knowing your advices about the following apps: -http server : Apache or Nginx (curious to test the later)
I a big Nginx fan. It's really light, simple to set up, and blazingly fast. There are some more advanced features that it lacks, but I very much doubt you'll need anything like that.
-container for my servlets : Tomcat ?
If you're using Java, Tomcat or Jetty seem to be your main options. I
the look of Jetty, but I have very limited Java deployment experience and haven't actually tried Jetty. I have used Tomcat, though, and found it a bit inflexible in its configuration for the particular app I was deploying. If you're going the Java route, you want to get this set up and working before you worry about Apache / Nginx.
-secure ftp server : ???
OpenSSH (SFTP?)
maybe a mail server: ???
Postfix has always served me well (forwarding on mail to root from cron jobs, sending out mail to users from apps, etc...) It's pretty easy to set up, but there's plenty of flexibility to play with if you want to customise it. Does your app need to send e-mail?
I guess ssh will be the best way to talk to the server.
Yes, always.
Maybe other stuffs I forgot?
If you're looking into security, think about a firewall. It gives you some extra reassurance that only specific traffic is going in and out. I like Shorewall.
What is the most common and simple way to secure the whole stuff without loosing too much responsiveness?
What are you thinking of, here? Arch doesn't come with any big security holes that anyone knows of, so it really depends on what you've installed and
playing like the
way you've configured it. If you want to go all-out, you could eventually look into AppArmor / SELinux, Tripwire, etc... I've always felt that was overkill for my work, so I've never tried them. I definitely wouldn't bother if you're just starting out.
Paul
Paul, a big thank for your very detailed list At least one clear answer. Until now, here is what I did: 1- virtualized arch on my Arch with qemu/libvrt 2-installed lighttpd (for a start, maybe easier than Nginx), tomcat7,openssh. Now my issue is to connect guest host to its domain naime. Did register public static IP to my domain naime seller. I am looking to avoid web - - > router ––> host ––> http guest server. I am scratching my head to figure out how to avoid the host forwarding. My router can assign the IP to one of the machine. Unfortunately, I did not use br0,bridge, but vibr0 on NAT and the router can't see the guest. The guest is getting its IP from host httpcd. Not a good way I think. It will generate too much forwarding. Any help would be appreciated. Regards