[arch-general] need advices for the perfect web toolbox

Mon Dec 17 06:34:42 EST 2012

On Dec 17, 2012 11:55 AM, "Paul Gideon Dann" <pdgiddie at gmail.com> wrote:
>
> On Friday 14 Dec 2012 12:51:20 arnaud gaboury wrote:
> > currently following the Sun certified web component developer course,
> > I want to set up a http web server @ home to practice.
> > I plan to virtualize a Arch server on my Arch box.
>
> Personally, I wouldn't bother virtualising.  Certainly not just for
playing
> around with web servers.  You could do that if you want to learn about
> virtualisation and security, though.
>
> > I know we can talk about pro/con for hours, but I am interested in
> > knowing your advices about the following apps:
> > -http server : Apache or Nginx (curious to test the later)
>
> I a big Nginx fan.  It's really light, simple to set up, and blazingly
fast.
> There are some more advanced features that it lacks, but I very much doubt
> you'll need anything like that.
>
> > -container for my servlets : Tomcat ?
>
> If you're using Java, Tomcat or Jetty seem to be your main options.  I
like
> the look of Jetty, but I have very limited Java deployment experience and
> haven't actually tried Jetty.  I have used Tomcat, though, and found it a
bit
> inflexible in its configuration for the particular app I was deploying.
 If
> you're going the Java route, you want to get this set up and working
before
> you worry about Apache / Nginx.
>
> > -secure ftp server : ???
>
> OpenSSH (SFTP?)
>
> > maybe a mail server: ???
>
> Postfix has always served me well (forwarding on mail to root from cron
jobs,
> sending out mail to users from apps, etc...)  It's pretty easy to set up,
but
> there's plenty of flexibility to play with if you want to customise it.
 Does
> your app need to send e-mail?
>
> > I guess ssh will be the best way to talk to the server.
>
> Yes, always.
>
> > Maybe other stuffs I forgot?
>
> If you're looking into security, think about a firewall.  It gives you
some
> extra reassurance that only specific traffic is going in and out.  I like
> Shorewall.
>
> > What is the most common and simple way to secure the whole stuff
> > without loosing too much responsiveness?
>
> What are you thinking of, here?  Arch doesn't come with any big security
holes
> that anyone knows of, so it really depends on what you've installed and
the
> way you've configured it.  If you want to go all-out, you could eventually
> look into AppArmor / SELinux, Tripwire, etc...  I've always felt that was
> overkill for my work, so I've never tried them.  I definitely wouldn't
bother
> if you're just starting out.
>
> Paul

Paul,
a big thank for your very detailed list
At least one clear answer.
Until now, here is what I did:

1- virtualized arch on my Arch with qemu/libvrt
2-installed lighttpd (for a start, maybe easier than Nginx),
tomcat7,openssh.

Now my issue is to connect guest host to its domain naime. Did register
public static IP to my domain naime seller.
I am looking to avoid  web - - > router ––> host  ––> http guest server. I
am scratching my head to figure out how to avoid the host forwarding. My
router can assign the IP to one of the machine. Unfortunately, I did not
use br0,bridge, but vibr0 on NAT and the router can't see the guest. The
guest is getting its IP from host httpcd. Not a good way I think. It will
generate too much forwarding.

Any help would be appreciated.

Regards