Re: recommended network/server layout for website, email, and backup hosting
On 1/11/07, John Schmidt <jaschmidt@uofu.net> wrote:
Hi,
I would like to host several low traffic web sites at my home with some older
computers (400 Mhz P2) that I have laying around. I would like to get some
recommendations on effective ways of setting up my set of computers that
would provide a web server, and email server and back up servers.
for low traffic servers, these machines are more than enough.
What really matters is the amount of memory and HD space and ofcause bandwidth.
These web sites would be publically accessible with low traffic volumes. In
addition, I forsee email hosting for each of the domains. I would not have
that many email accounts (not more than 10-20). I figured that exim with the
ability to do multiple hosting would suffice. I would probably set up a
couple of mailing lists as well using something like mailman. I would like to
set up my email server with imap, and pop cabilities for both the publically
accessible domains and my own personal email access. I would like to have a
couple of machines set up in my LAN that would be able to provide two
levelsof backups for my configurations, both internal LAN backups and DMZ
level backups (web server and email server).
For multidomain vitual mail hosting, you're far better off using
Postfix. It's much easier to configure and uses less resources than
exim.
Initially, I was thinking that I would put two machines in my DMZ zone, one
acting as a web server and one acting as an email server. My two backup
machines would be in my LAN along with my fileserver and another development
machine.
If its really low traffic, you can have all-in-one box.
Regarding server security (email and web server), I have the following
questions?
1. Because the machines are slow, would it be better to have the two machines
do some sort of load balancing or would it be better to have a separation of
responsibilities?
If its low traffic, your mahines doesnt need load balancing. P2 400 is
more than enough to handle the traffic.
2. Would it be better (security wise) to have my email server located in my
LAN and not in my DMZ zone and just tunnel port 25 traffic through?
ofcause but configuration is more complex in this approach. Besides,
Postfix in its defaut state (out of the box) is secure enough and with
proper configuration its virtually imposible to compromise.
3. I know nothing about DNS, and figured that I would let someone like
no-ip.com provide this service for me. Or would it be fairly straightforward
to do my own DNS hosting and combine two of my machines for doing primary and
secondary DNS with other responsibilities, i.e. email/DNS on one machine,
DNS/web server on another? Is it possible to have my DNS machines inside my
LAN, or is it necessary to have both primary and secondary DNS machines in my
DMZ for better security.
No-ip.com is for dynamic IP hosts. Since you have a static IP, you
dont need dynamic IP services.
If you dont want to maintain your own DNS use a free DNS service like
http://freedns.afraid.org. However, if you're going to maintaing your
own DNS, its far easier to keep the DNS on the DMZ. However, you'll
have to do some address translation/forwarding since you have only one
static IP.
4. For imap and pop stuff can the imap server be inside my LAN and access be
tunneled through as needed.
possible but more troublesome.
5. Should any server, i.e. mail, imap,pop, web be located in the DMZ zone so
if they are hacked, my internal LAN machines are safer?
Depends on how you configure your firewall and the PCs.
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.
Reply to: