| Latest revision |
Your text |
| Line 1: |
Line 1: |
| − | == Sharing mysql socket ==
| + | --[[User:Hvdkamer|Hvdkamer]] 08:23, 2 August 2006 (EDT) |
| − | Wouldn't it be easier to just link the directory containing the socket using 'mount --bind'? Don't think that inode will change. [[Special:Contributions/62.195.200.207|62.195.200.207]] 16:39, 15 July 2011 (UTC)
| |
| − | | |
| − | == Linking to howto pages ==
| |
| | I probably did something stupid, but how can I link from the HOWTO's to this page? | | I probably did something stupid, but how can I link from the HOWTO's to this page? |
| − | --[[User:Hvdkamer|Hvdkamer]] 08:23, 2 August 2006 (EDT)
| |
| | : If you want to link to the Category:HOWTO, you put it like this | | : If you want to link to the Category:HOWTO, you put it like this |
| | : <code><nowiki>[[:Category:HOWTO HOWTOs (i.e. this is link text)]]</nowiki></code> | | : <code><nowiki>[[:Category:HOWTO HOWTOs (i.e. this is link text)]]</nowiki></code> |
| Line 15: |
Line 11: |
| | I suggest renaming the article to something like "Application separation" or "Services separation" since this is what you actually describe :) --[[User:Kir|Kir]] 10:22, 2 August 2006 (EDT) | | I suggest renaming the article to something like "Application separation" or "Services separation" since this is what you actually describe :) --[[User:Kir|Kir]] 10:22, 2 August 2006 (EDT) |
| | | | |
| − | : Go ahead if you think it describes the content better. I started to investigate OpenVZ because I had serious problems with shared hosting. The minimal servers (it is only a rough draft at this moment) are the solution to that. You could see this as application seperation, but for the end-user it is a "normal" webhosting account. Only he/she can do much more and can not break his/her prison :-) --[[User:Hvdkamer|Hvdkamer]] 10:28, 2 August 2006 (EDT)
| + | Go ahead if you think it describes the content better. I started to investigate OpenVZ because I had serious problems with shared hosting. The minimal servers (it is only a rough draft at this moment) are the solution to that. You could see this as application seperation, but for the end-user it is a "normal" webhosting account. Only he/she can do much more and can not break his/her prison :-) |
| − | | + | --[[User:Hvdkamer|Hvdkamer]] 10:28, 2 August 2006 (EDT) |
| − | :: May be to explain better my choice. After some serious problems with PHP (users who knew where an include with passwords lived, could see the content) I started to investigate the option of Apache threads with its own user credentials. That was the abonded project perchild. So there is not an easy technical solution. Also users hate safe_mode and open_basedir because it breaks there applications. They also want obscure CGI-scripts and all the things we administrators hate. I already used chrooted OpenSSH shell accounts. With the minimal servers I take that one step further. Now every user has total control (he/she can even be root) over his/her space.
| |
| − | | |
| − | :: If I had to do my research again, I think I would still start with "shared webhosting". Not "application seperation". I think that my term, although not exactly correct, will draw more people to this site. I think of it as "user seperation", but that is the whole point of OpenVZ? As said, its your Wiki, so change it if you think it is better :-) --[[User:Hvdkamer|Hvdkamer]] 10:40, 2 August 2006 (EDT)
| |
| − | | |
| − | ::: I changed the introduction to give some examples of the problems shared webhosting is facing. I think that you now could see were it is going? I'm still in the process of setting up this server. So I thought to start this page while I'm working on it. Because if you do it weeks later, most subtle points are lost :-) --[[User:Hvdkamer|Hvdkamer]] 11:42, 2 August 2006 (EDT)
| |
| − | | |
| − | == Proxying ==
| |
| − | | |
| − | I would suggest using [http://www.apsis.ch/pound/ Pound] as the Proxy Server running on your Frontend VE. Its a pretty lightweight and _fast_ Proxy. Besides proxying it does also support load balancing, failover and SSL. I've been using it for various projects over the past few years, its proven to be pretty stable and reliable. --[[User:Torsten|Torsten]] 14:51, 9th Nov 2006 (CST)
| |
| − | | |
| − | == MySQL Socket Sharing ==
| |
| − | | |
| − | 2011-11-15 I had this issue using mysql :
| |
| − | <pre>
| |
| − | Could not connect to database: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
| |
| − | 111115 22:05:40 [ERROR] Can't start server: Bind on TCP/IP port: Cannot assign requested address
| |
| − | 111115 22:05:40 [ERROR] Do you already have another mysqld server running on port: 3306 ?
| |
| − | </pre>
| |
| − | changing bind-address in /etc/mysql/my.cnf from
| |
| − | bind-address = 127.0.0.1
| |
| − | to
| |
| − | bind-address = 10.100.100.220
| |
| − | fixed it for us. using ubuntu 11.10
| |
| − | | |
| − | :i had the same error message. my mistake was that i had no loopback-interface configured. adding
| |
| − | auto lo
| |
| − | iface lo inet loopback
| |
| − | :to /etc/network/interfaces and restarting networking fixed it for me. (debian)
| |
| − | ------------
| |
| | | | |
| − | There's a good guide, using "mount --bind" available at http://sudhaker.com/2008/04/isolated-mysql-installation-openvz-cluster/, but I couldn't get it to work.
| + | May be to explain better my choice. After some serious problems with PHP (users who knew where an include with passwords lived, could see the content) I started to investigate the option of Apache threads with its own user credentials. That was the abonded project perchild. So there is not an easy technical solution. Also users hate safe_mode and open_basedir because it breaks there applications. They also want obscure CGI-scripts and all the things we administrators hate. I already used chrooted OpenSSH shell accounts. With the minimal servers I take that one step further. Now every user has total control (he/she can even be root) over his/her space. |
| − | Also the "ln /var/lib/vz/private/101/var/run/mysqld/mysqld.sock ..." mentioned in the article itself does not work for me: the mysqld.sock only appears in /vz/root/123, not /vz/private/123.
| |
| − | Additionally, "mysql -u root -p -S /vz/root/123/var/run/mysqld/mysqld.sock" fails with:
| |
| − | ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/vz/root/1234/var/run/mysqld/mysqld.sock' (111)
| |
| − | This is with Ubuntu Hardy (fixed kernel from Git).
| |
| − | [[User:Blueyed|Blueyed]] 16:23, 28 April 2008 (EDT)
| |
| | | | |
| − | === Decreased security ===
| + | If I had to do my research again, I think I would still start with "shared webhosting". Not "application seperation". I think that my term, although not exactly correct, will draw more people to this site. I think of it as "user seperation", but that is the whole point of OpenVZ? As said, its your Wiki, so change it if you think it is better :-) |
| − | Isn't sharing sockets blocking advantages promoted in <blockquote>"As an extra security measure you can use the internal IP-address as well."</blockquote>
| + | --[[User:Hvdkamer|Hvdkamer]] 10:40, 2 August 2006 (EDT) |
| − | I'd actually would like to have mysql reject root user logins unless logging in from VE actually housing mysql server. That's impossible on using Unix sockets since it's always using "localhost" then, isn't it? | |
