[arch-general] need advices for the perfect web toolbox

arnaud gaboury arnaud.gaboury at gmail.com
Mon Dec 17 06:34:42 EST 2012

On Dec 17, 2012 11:55 AM, "Paul Gideon Dann" <pdgiddie at gmail.com> wrote:
> On Friday 14 Dec 2012 12:51:20 arnaud gaboury wrote:
> > currently following the Sun certified web component developer course,
> > I want to set up a http web server @ home to practice.
> > I plan to virtualize a Arch server on my Arch box.
> Personally, I wouldn't bother virtualising.  Certainly not just for
> around with web servers.  You could do that if you want to learn about
> virtualisation and security, though.
> > I know we can talk about pro/con for hours, but I am interested in
> > knowing your advices about the following apps:
> > -http server : Apache or Nginx (curious to test the later)
> I a big Nginx fan.  It's really light, simple to set up, and blazingly
> There are some more advanced features that it lacks, but I very much doubt
> you'll need anything like that.
> > -container for my servlets : Tomcat ?
> If you're using Java, Tomcat or Jetty seem to be your main options.  I
> the look of Jetty, but I have very limited Java deployment experience and
> haven't actually tried Jetty.  I have used Tomcat, though, and found it a
> inflexible in its configuration for the particular app I was deploying.
> you're going the Java route, you want to get this set up and working
> you worry about Apache / Nginx.
> > -secure ftp server : ???
> OpenSSH (SFTP?)
> > maybe a mail server: ???
> Postfix has always served me well (forwarding on mail to root from cron
> sending out mail to users from apps, etc...)  It's pretty easy to set up,
> there's plenty of flexibility to play with if you want to customise it.
> your app need to send e-mail?
> > I guess ssh will be the best way to talk to the server.
> Yes, always.
> > Maybe other stuffs I forgot?
> If you're looking into security, think about a firewall.  It gives you
> extra reassurance that only specific traffic is going in and out.  I like
> Shorewall.
> > What is the most common and simple way to secure the whole stuff
> > without loosing too much responsiveness?
> What are you thinking of, here?  Arch doesn't come with any big security
> that anyone knows of, so it really depends on what you've installed and
> way you've configured it.  If you want to go all-out, you could eventually
> look into AppArmor / SELinux, Tripwire, etc...  I've always felt that was
> overkill for my work, so I've never tried them.  I definitely wouldn't
> if you're just starting out.
> Paul

a big thank for your very detailed list
At least one clear answer.
Until now, here is what I did:

1- virtualized arch on my Arch with qemu/libvrt
2-installed lighttpd (for a start, maybe easier than Nginx),

Now my issue is to connect guest host to its domain naime. Did register
public static IP to my domain naime seller.
I am looking to avoid  web - - > router ––> host  ––> http guest server. I
am scratching my head to figure out how to avoid the host forwarding. My
router can assign the IP to one of the machine. Unfortunately, I did not
use br0,bridge, but vibr0 on NAT and the router can't see the guest. The
guest is getting its IP from host httpcd. Not a good way I think. It will
generate too much forwarding.

Any help would be appreciated.


More information about the arch-general mailing list