levavie's picture

I am a new TKL user, a software architect and a previous shared hosting / dedicated hosting user, giving drupal and wordpress development services. While amazed by the performance, I find it hard to decide about the best configuration, and the number of servers needed.

Currently, I need to make the following decisions:

1. Add an SVN package to my existing appliance, or create a new appliance dedicated for SVN?

While amazed by the number of pricing options, I find it hard to find the price of a new appliance vs. the difficulty to configure SVN on an existing server.

2. Can I put all of my small websites on one appliance? Or should I move each one to a new appliance for security reasons? (I find it hard to configure users which have FTP access but not root access - even thought I use webmin to define them, and add them to the www-data and ssh groups, I get permission denied error when they try to login).

3. If I put all of my websites on one appliance, should I install multiple websites ? or use OpenVZ optimized builds? Will the micro server be enough for OpenVZ ?

Please advise

Thanks in advance,

Amnon

Forum: 
Jeremy Davis's picture

1. This one will depend on your grander plans. If your SVN server will have minimal users then you could host it within another server, or you could even consider self hosting it (as a VM or repurpose some old hardware for the job). 

2. You could host them all together, however I reckon you'll want a Small instance at least (if you plan on using AWS). In some respects I think it's ideal to host them separately so if one has issues it won't effect all the others, but it comes down to what will work best for you. There are pros and cons either way...

Security-wise, if you want to allow other users to connect via FTP IMO you're probably better off installing an alternative FTP server (such as vsftpd) and chroot jailing the users to their home dir. You can chroot jail users within SSH but it is trickier and has some idiosyncracies IIRC. They still then also have shell access (unless you disable this too). If you are the only one who will be admining the server then probably easiest to just use the root account and use key-pairs for login (with a really complex string password - or disable altogether for max security.

Not sure why you're having issues with alternative account logins...?

3. OpenVZ containers are great. But you can't use them with AWS AFAIK. You need a kernel that supports OVZ to run OVZ containers and AFAIK AWS don't allow you to install custom kernels (although I'd love it if I were wrong!!). So unless you wish to self host (using Proxmox or similar) as your hypervisor, then you'll need to either run each site as a separate AWS instance, or bundle them all together. Small low traffic sites may get away with running in a Micro instance (each), but if you are running multiples, then probably best to bundle them together in a Small instance to be on the safe side. If the sites aren't mission critical, you copuld always try onm a Micro instance and move them to a Small if that doesn't work out.

Add new comment