Talk:Shared webhosting

From OpenVZ Virtuozzo Containers Wiki
Revision as of 16:39, 15 July 2011 by 62.195.200.207 (talk)
Jump to: navigation, search

Sharing mysql socket

Wouldn't it be easier to just link the directory containing the socket using 'mount --bind'? Don't think that inode will change. 62.195.200.207 16:39, 15 July 2011 (UTC)

Linking to howto pages

I probably did something stupid, but how can I link from the HOWTO's to this page? --Hvdkamer 08:23, 2 August 2006 (EDT)

If you want to link to the Category:HOWTO, you put it like this
[[:Category:HOWTO HOWTOs (i.e. this is link text)]]
If you want your article to be included into HOWTO category, you put it like this (in any part of the article, usually at the end):
[[Category:HOWTO]]
--Kir 09:51, 2 August 2006 (EDT)

Rename?

I suggest renaming the article to something like "Application separation" or "Services separation" since this is what you actually describe :) --Kir 10:22, 2 August 2006 (EDT)

Go ahead if you think it describes the content better. I started to investigate OpenVZ because I had serious problems with shared hosting. The minimal servers (it is only a rough draft at this moment) are the solution to that. You could see this as application seperation, but for the end-user it is a "normal" webhosting account. Only he/she can do much more and can not break his/her prison :-) --Hvdkamer 10:28, 2 August 2006 (EDT)
May be to explain better my choice. After some serious problems with PHP (users who knew where an include with passwords lived, could see the content) I started to investigate the option of Apache threads with its own user credentials. That was the abonded project perchild. So there is not an easy technical solution. Also users hate safe_mode and open_basedir because it breaks there applications. They also want obscure CGI-scripts and all the things we administrators hate. I already used chrooted OpenSSH shell accounts. With the minimal servers I take that one step further. Now every user has total control (he/she can even be root) over his/her space.
If I had to do my research again, I think I would still start with "shared webhosting". Not "application seperation". I think that my term, although not exactly correct, will draw more people to this site. I think of it as "user seperation", but that is the whole point of OpenVZ? As said, its your Wiki, so change it if you think it is better :-) --Hvdkamer 10:40, 2 August 2006 (EDT)
I changed the introduction to give some examples of the problems shared webhosting is facing. I think that you now could see were it is going? I'm still in the process of setting up this server. So I thought to start this page while I'm working on it. Because if you do it weeks later, most subtle points are lost :-) --Hvdkamer 11:42, 2 August 2006 (EDT)

Proxying

I would suggest using Pound as the Proxy Server running on your Frontend VE. Its a pretty lightweight and _fast_ Proxy. Besides proxying it does also support load balancing, failover and SSL. I've been using it for various projects over the past few years, its proven to be pretty stable and reliable. --Torsten 14:51, 9th Nov 2006 (CST)

MySQL Socket Sharing

There's a good guide, using "mount --bind" available at http://sudhaker.com/2008/04/isolated-mysql-installation-openvz-cluster/, but I couldn't get it to work. Also the "ln /var/lib/vz/private/101/var/run/mysqld/mysqld.sock ..." mentioned in the article itself does not work for me: the mysqld.sock only appears in /vz/root/123, not /vz/private/123. Additionally, "mysql -u root -p -S /vz/root/123/var/run/mysqld/mysqld.sock" fails with:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/vz/root/1234/var/run/mysqld/mysqld.sock' (111)

This is with Ubuntu Hardy (fixed kernel from Git). Blueyed 16:23, 28 April 2008 (EDT)

Decreased security

Isn't sharing sockets blocking advantages promoted in

"As an extra security measure you can use the internal IP-address as well."

I'd actually would like to have mysql reject root user logins unless logging in from VE actually housing mysql server. That's impossible on using Unix sockets since it's always using "localhost" then, isn't it?