Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Tips for hosting a web server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Tips for hosting a web server

Till now I have used only premade solutions for local development such as XAMPP or free web hosting solutions, but now I want to put down the foundation for my website on one of my VPS.

As such I'd like to ask for some basic tips on setting up a simple nginx server (on debian/ubuntu environment):

  • Should I use /var/ or /srv/ or /home/user/ for the www folder?
  • Install on host or in a docker container?
  • If in docker, bind www and conf paths to host or to a named volume? How do I handle access permissions?
  • Single daemon/container with vHosts or reverse proxy container/dameon + slaves?

Thank you in advance.

Comments

  • Why not use VestaCP ?

  • deadbeefdeadbeef Member
    edited December 2016

    @Robotex said:

    • Should I use /var/ or /srv/ or /home/user/ for the www folder?

    Zero difference, except for /home/$user which you should avoid, unless you are really setting this up for multiple users to have their own homepages.

    • Install on host or in a docker container?

    I use both. I prefer docker in general, although for really low end machines with no swap, I go the host route.

    • If in docker, bind www and conf paths to host or to a named volume? How do I handle access permissions?

    One volume container A, one nginx container B , one ssh container C.

    A: VOLUMES ["$WEBROOT", "$SITES-ENABLED", "$WHTEVERELSE"]
    B: --volumes-from A
    C: --volumes-from A

    Setup the users/permissions on C and expose the SSH port on host (-p 2201:22).

    Make sure C and B use the same base image (for the user ids to match)

    Done.

    • Single daemon/container with vHosts or reverse proxy container/dameon + slaves?

    I do what I described above on a per tenant basis. No problem to do it 1 set for multiple tenants as long as you do it securely. But why bother with that and not launch MOAR containers? ;)

    Edit: I put another reverse proxy in-front to route the traffic to the respective nginx container.

    Thank you in advance.

    You're welcome.

    Thanked by 1Robotex
  • @Miketomy said:
    Why not use VestaCP ?

    I'm not familiar with administration control panels, it looks nice but does it take over the system? Like, can I manually edit some settings such as paths in .conf files without screwing up the CP? Also does it have restrictions to allow only localhost access it (ex. through ssh tunnel)? I don't like to have an another unnecessary attack surface so that would repel me from using any CP.

    @deadbeef said:
    One volume container A, one nginx container B , one ssh container C.

    Do you know if there is any script or command that automatically shuts down the container C after its SSH connection closed or after X hours?

    But why bother with that and not launch MOAR containers? ;)

    Well one reason might be the many configuration files to manage :)

    Thanks!

  • @Robotex said:
    Do you know if there is any script or command that automatically shuts down the container C after its SSH connection closed or after X hours?

    Why would you want to do that? And how will it spawn to receive a connection at an arbitrary future time? It's too much complexity for no benefit.

  • @deadbeef said:

    @Robotex said:
    Do you know if there is any script or command that automatically shuts down the container C after its SSH connection closed or after X hours?

    Why would you want to do that? And how will it spawn to receive a connection at an arbitrary future time? It's too much complexity for no benefit.

    Because working on Wi-Fi, sometimes I lose connection to the host or simply forget when in a hurry that I have an open ssh connection.
    My thought is to run container C only when I need to make changes and keep it shutdown otherwise.

  • Hi Robotex,

    For local development i am recommended ISPConfig control panel or VestaCP above XAMPP.

    Create a VM with Docker or VirtualBox and install ISPConfig or VestaCP.

    Regards,

  • =/ can't even put web folders on here without Cloudflare blocking my post.

  • @sin said:
    =/ can't even put web folders on here without Cloudflare blocking my post.

    Lol I was describing how to DISABLE root ssh and blam.

    Thanked by 1sin
  • Just wanted to give a shout-out, however you decide to setup your box, be sure to check out @Raymii 's excellent Cipherli.st guide on securing nginx, apache, ssh, etc!

    Thanked by 2Robotex Ndha
  • RobotexRobotex Member
    edited December 2016

    Well I just gave VestaCP a try in a docker container and I must say that despite the nice informative panel, it does too much more than what I really need since it supposes I will install a DNS, mail, cron etc all stuff that I don't need.

    For local development i am recommended ISPConfig control panel or VestaCP above XAMPP.

    It's not for local development, I suppose I didn't explain it well in the first post but it's for a personal website.

    =/ can't even put web folders on here without Cloudflare blocking my post.

    I can feel you, I had to separate www and /var/ for that same reason.

    how to DISABLE root ssh

    That's the first thing I do everytime I deploy a new VPS

    be sure to check out Raymii 's excellent Cipherli.st guide on securing nginx, apache, ssh, etc!

    Thanks! Will keep it for reference once I get to the step of setting up certificates

    By the way, I think I will play more with docker and see if I can set something up using the composer, maybe starting with something like this

        web:
            image: nginx
            ports:
                - "80:80"
                - "443:443"
            volumes:
                - nginx-www:/usr/share/nginx/
                - nginx-cfg:/etc/nginx/
    
  • Use default/general one, less pain and troubleshooting when upgrade from repo or sources.

  • @Robotex said:
    Well I just gave VestaCP a try in a docker container and I must say that despite the nice informative panel, it does too much more than what I really need since it supposes I will install a DNS, mail, cron etc all stuff that I don't need.

    You can choose what VestaCP installs. https://vestacp.com/#install

Sign In or Register to comment.