Difference between revisions of "Talk:Shared webhosting"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Proxying)
(MySQL Socket Sharing)
 
(8 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
== Sharing mysql socket ==
 +
Wouldn't it be easier to just link the directory containing the socket using 'mount --bind'? Don't think that inode will change. [[Special:Contributions/62.195.200.207|62.195.200.207]] 16:39, 15 July 2011 (UTC)
 +
 +
== Linking to howto pages ==
 +
I probably did something stupid, but how can I link from the HOWTO's to this page?
 
--[[User:Hvdkamer|Hvdkamer]] 08:23, 2 August 2006 (EDT)
 
--[[User:Hvdkamer|Hvdkamer]] 08:23, 2 August 2006 (EDT)
I probably did something stupid, but how can I link from the HOWTO's to this page?
 
 
: If you want to link to the Category:HOWTO, you put it like this
 
: If you want to link to the Category:HOWTO, you put it like this
 
: <code><nowiki>[[:Category:HOWTO HOWTOs (i.e. this is link text)]]</nowiki></code>
 
: <code><nowiki>[[:Category:HOWTO HOWTOs (i.e. this is link text)]]</nowiki></code>
Line 21: Line 25:
 
== Proxying ==
 
== Proxying ==
  
I would suggest using [http://www.apsis.ch/pound/ Pound] as the Proxy Server running on your Frontend VE. Its a pretty lightweight and _fast_ Proxy. Besides proxying it does also support load balancing, failover and SSL.  I've been using it for various projects over the past few years, its proven to be pretty stable and reliable. --[[User:Torsten|Torsten] 14:51, 9th Nov 2006 (CST)
+
I would suggest using [http://www.apsis.ch/pound/ Pound] as the Proxy Server running on your Frontend VE. Its a pretty lightweight and _fast_ Proxy. Besides proxying it does also support load balancing, failover and SSL.  I've been using it for various projects over the past few years, its proven to be pretty stable and reliable. --[[User:Torsten|Torsten]] 14:51, 9th Nov 2006 (CST)
 +
 
 +
== MySQL Socket Sharing ==
 +
 
 +
2011-11-15 I had this issue using mysql :
 +
<pre>
 +
Could not connect to database: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 +
111115 22:05:40 [ERROR] Can't start server: Bind on TCP/IP port: Cannot assign requested address
 +
111115 22:05:40 [ERROR] Do you already have another mysqld server running on port: 3306 ?
 +
</pre>
 +
changing bind-address in /etc/mysql/my.cnf from
 +
bind-address          = 127.0.0.1
 +
to 
 +
  bind-address            = 10.100.100.220
 +
fixed it for us.  using ubuntu 11.10
 +
 
 +
:i had the same error message. my mistake was that i had no loopback-interface configured. adding
 +
auto lo
 +
iface lo inet loopback
 +
:to /etc/network/interfaces and restarting networking fixed it for me. (debian)
 +
------------
 +
 
 +
There's a good guide, using "mount --bind" available at http://sudhaker.com/2008/04/isolated-mysql-installation-openvz-cluster/, but I couldn't get it to work.
 +
Also the "ln /var/lib/vz/private/101/var/run/mysqld/mysqld.sock ..." mentioned in the article itself does not work for me: the mysqld.sock only appears in /vz/root/123, not /vz/private/123.
 +
Additionally, "mysql -u root -p -S /vz/root/123/var/run/mysqld/mysqld.sock" fails with:
 +
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/vz/root/1234/var/run/mysqld/mysqld.sock' (111)
 +
This is with Ubuntu Hardy (fixed kernel from Git).
 +
[[User:Blueyed|Blueyed]] 16:23, 28 April 2008 (EDT)
 +
 
 +
=== Decreased security ===
 +
Isn't sharing sockets blocking advantages promoted in <blockquote>"As an extra security measure you can use the internal IP-address as well."</blockquote>
 +
I'd actually would like to have mysql reject root user logins unless logging in from VE actually housing mysql server. That's impossible on using Unix sockets since it's always using "localhost" then, isn't it?

Latest revision as of 10:10, 19 March 2012

Sharing mysql socket[edit]

Wouldn't it be easier to just link the directory containing the socket using 'mount --bind'? Don't think that inode will change. 62.195.200.207 16:39, 15 July 2011 (UTC)

Linking to howto pages[edit]

I probably did something stupid, but how can I link from the HOWTO's to this page? --Hvdkamer 08:23, 2 August 2006 (EDT)

If you want to link to the Category:HOWTO, you put it like this
[[:Category:HOWTO HOWTOs (i.e. this is link text)]]
If you want your article to be included into HOWTO category, you put it like this (in any part of the article, usually at the end):
[[Category:HOWTO]]
--Kir 09:51, 2 August 2006 (EDT)

Rename?[edit]

I suggest renaming the article to something like "Application separation" or "Services separation" since this is what you actually describe :) --Kir 10:22, 2 August 2006 (EDT)

Go ahead if you think it describes the content better. I started to investigate OpenVZ because I had serious problems with shared hosting. The minimal servers (it is only a rough draft at this moment) are the solution to that. You could see this as application seperation, but for the end-user it is a "normal" webhosting account. Only he/she can do much more and can not break his/her prison :-) --Hvdkamer 10:28, 2 August 2006 (EDT)
May be to explain better my choice. After some serious problems with PHP (users who knew where an include with passwords lived, could see the content) I started to investigate the option of Apache threads with its own user credentials. That was the abonded project perchild. So there is not an easy technical solution. Also users hate safe_mode and open_basedir because it breaks there applications. They also want obscure CGI-scripts and all the things we administrators hate. I already used chrooted OpenSSH shell accounts. With the minimal servers I take that one step further. Now every user has total control (he/she can even be root) over his/her space.
If I had to do my research again, I think I would still start with "shared webhosting". Not "application seperation". I think that my term, although not exactly correct, will draw more people to this site. I think of it as "user seperation", but that is the whole point of OpenVZ? As said, its your Wiki, so change it if you think it is better :-) --Hvdkamer 10:40, 2 August 2006 (EDT)
I changed the introduction to give some examples of the problems shared webhosting is facing. I think that you now could see were it is going? I'm still in the process of setting up this server. So I thought to start this page while I'm working on it. Because if you do it weeks later, most subtle points are lost :-) --Hvdkamer 11:42, 2 August 2006 (EDT)

Proxying[edit]

I would suggest using Pound as the Proxy Server running on your Frontend VE. Its a pretty lightweight and _fast_ Proxy. Besides proxying it does also support load balancing, failover and SSL. I've been using it for various projects over the past few years, its proven to be pretty stable and reliable. --Torsten 14:51, 9th Nov 2006 (CST)

MySQL Socket Sharing[edit]

2011-11-15 I had this issue using mysql :

 Could not connect to database: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 111115 22:05:40 [ERROR] Can't start server: Bind on TCP/IP port: Cannot assign requested address
 111115 22:05:40 [ERROR] Do you already have another mysqld server running on port: 3306 ?

changing bind-address in /etc/mysql/my.cnf from

bind-address           = 127.0.0.1

to

 bind-address            = 10.100.100.220

fixed it for us. using ubuntu 11.10

i had the same error message. my mistake was that i had no loopback-interface configured. adding
auto lo
iface lo inet loopback
to /etc/network/interfaces and restarting networking fixed it for me. (debian)

There's a good guide, using "mount --bind" available at http://sudhaker.com/2008/04/isolated-mysql-installation-openvz-cluster/, but I couldn't get it to work. Also the "ln /var/lib/vz/private/101/var/run/mysqld/mysqld.sock ..." mentioned in the article itself does not work for me: the mysqld.sock only appears in /vz/root/123, not /vz/private/123. Additionally, "mysql -u root -p -S /vz/root/123/var/run/mysqld/mysqld.sock" fails with:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/vz/root/1234/var/run/mysqld/mysqld.sock' (111)

This is with Ubuntu Hardy (fixed kernel from Git). Blueyed 16:23, 28 April 2008 (EDT)

Decreased security[edit]

Isn't sharing sockets blocking advantages promoted in

"As an extra security measure you can use the internal IP-address as well."

I'd actually would like to have mysql reject root user logins unless logging in from VE actually housing mysql server. That's impossible on using Unix sockets since it's always using "localhost" then, isn't it?