So i am readying a Mac OS X Server (10.5.6) ready to serve out our web-pages, VLE, Support desk and email. But first i have a few questions.
1. I have currently set up the sites so that the DBs are on a different server from the Web front-ends. So each website (Joomla, Moodle, Support desk) has to connect back to another machine. Is this a good idea. The two servers won't be in the same location.
2. If the first answer is yes it's a good idea, then is it a good idea to use non-standard port numbers? For example moving MySQL's port number from 3306 to something else. Moving IMAP port numbers to something else? and SMTP? Is it worth the extra hassle of configuring?
4.MySQL Permissions for DB access. When configuring Joomla, Moodle etc. You create a user to connect to the DB to. What permissions should this user be given? Do they need all of them or only a select few?
3. The final one (I think). I have numerous sites hosted on the one server and all of them use a log in facility. To protect the passwords i am using SSL. Now the problem is Apache complains about using SSL in conjunction with Virtual Hosts. This is something i need to research. But if this is the case how can i use more than one SSL site on one server?
Hope you can help. I think that's everything...for now
Thanks in advance.
So SSL requires individual IP addresses for each site. Would this then allow me to use as many self-signed certs without errors appearing in the logs? The sites still work but i am unsure as to what issues/vulnerabilities could arise from keeping it this way.
Thanks for the advice so far though guys. Most appreciated.
You can have 1 SSL address like ssl.webserver.local then have subfolders so:
or you have have multiple SSL addresses like:
the second would require 3 (static) IPs
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON joomla.* TO 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword';
Some packages are more specific, such as PHPMyAdmin requires a user with very specific rights on the main mysql database, and has different rights on each table. Probably because it is the main mysql database and if you leave it too loose you could compromise the whole server.
Have you tried configuring different certificates for each location using <directory> in https.conf? (never tried it, but can't see why it wouldn't work.)
You could also use a wildcard certificate which would cover *.blah.com, makes things easier as well as cheaper assuming all your virtual hosts are of the format [host].blah.com.
The only way to use differing certificates based on some condition is to have different IP addresses (since these are lower in the OSI stack than the application layer).
Last edited by powdarrmonkey; 26th March 2009 at 03:21 PM. Reason: speeling
Jay (26th March 2009)
Didn't know that, but it explains a restriction we have with a reverse proxy solution that servers multiple sites. I assumed the host address was presented to the server in the initial handshake. (lesson for today, never assume.)
https://bombsrus.com/ for example.)
I just thought, you could also use one IP address with virtual hosts on multiple ports and therefore multiple SSL sites.
Sorry i haven't replied to any of these posts but i never got a mail saying there had been replies.
There are currently 1 users browsing this thread. (0 members and 1 guests)