[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: advice request for shared hosting and security issue

On Mon, Jun 24, 2013 at 11:37 AM, Thomas Goirand <zigo@debian.org> wrote:

Outch! Don't do that. dotdeb has, and I believe still is, a source of
troubles, with 2nd grade quality packages. You will have issues
upgrading. You will have bugs.

Yes, i learned it by experience.

I don't use php-fpm here. I use SBOX (which I both maintain as upstream
and as a Debian package). This is a cgi-bin wrapper. I use aufs to
provide a template for every site, so that I don't have too much
duplication. SBOX is in use using AddHandler & Action directive of
Apache. As I don't want to have my users write these in a .htaccess (and
therefore, bypass my security and the chroot), I have backported the
AllowOverrideList option of Apache 2.4 into Apache 2.2.

I haven't heard the SBOX wrapper.

All this works great so far. Every site is chrooted, and can benefits
from having a full system environment which I maintain using apt, though
each site can also customize the php.ini and so on. The only problem I
have is that AUFS isn't very stable, and sometimes crashes the whole
system (maybe about once a month or so...). Let's hope we have soon a
better union filesystem to work with. 

If you need more info on how I do all of the above (like where to get
the packages and how to do the setup), let me know.

If there is an howto for a sample vhost, it would be great.



Oğuz Yarımtepe

Reply to: