Re: [vserver] apache security / Cookbook Vservers / vserver system usage

About this list Date view Thread view Subject view Author view Attachment view

From: Jon Bendtsen (
Date: Fri May 10 2002 - 03:47:42 EDT

Justin M Kuntz wrote:
> John,
> Thanks for the reply. Indeed, my intent is to have dual security at suexec
> and vserver levels for the "Shared Apache" method. It sounds like you are
> doing "Partitioned Apache" so that each customer right now gets their own
> Apache and vserver. Definitely that seems to be the more straightforward
> approach when it is not necessary to share IPs between many customers.

You can even do this partitioning even when you share a single ip.
What you do is that you use a reverseproxy in apache, and run that
server on the real ip, then you just "get" the files from the customers
server, which could use a 10.x.y.z ip. You can even run the reverse
apache inside a vserver.

> What OS are you running? Red Hat 7.2, SuSE 7.3, etc? Are you using
> ReiserFS or ext3? I am trying to decide right now which filesystem is
> safest to use with vserver... I really like ReiserFS but I thought I read
> earlier in the mailing list archive that the unification and immutable
> features aren't supported on Reiser. One of my associates did some testing
> and felt that ext3 wasn't mature enough or had some problems relative to
> Reiser.

I'm using ext3 anywhere i can get to it. At home i have my vserver
on ext3, but i dont do unification. At work i have trouble with a
filesystem, but not my ext3 filesystems. Work is not yet running in a

> I'd love to hear your experience. Incidentally, we are using the
> IDE hardware RAID controllers for RAID 10 support on
> our Linux boxes across 4 drives. For about $300 this is a good investment,
> although it does rquire in vserver's case for a recompiled kernel to be
> made. No big deal - but I just wanted to offer that advice.

Yeah, i like them as well, though i would like to have their hotswap hd
cases as well.


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT