FreeBSD for webserver?
Paul Schmehl
pschmehl_lists at tx.rr.com
Wed Jul 23 15:56:30 UTC 2008
--On Wednesday, July 23, 2008 11:06:30 +0200 VeeJay <maanjee at gmail.com> wrote:
> Really good contribution....
>
> I would of course go with ports but have a question in mind....
>
> What should be installation sequience?
>
> 1. Apache 2.2.9
> 2. MySQL 5.1.26
> 3. PHP 5.2.6
Install Apache before you install php. Mysql doesn't matter. The default
installs of all three should be fine unless you're doing something unusual.
You'll also need to install php-extensions. Run "make config" first and decide
which ones you need to have installed (after installing php5 of course.)
> And are there any options you guys would like to suggest to avoide for
> performance or security reasons?
>
Setup mysql to listen on localhost only *or* to not listen on tcp at all and
use unix sockets instead. Mysql, by default, comes with four accounts with
blank passwords; root at FQHN, root at localhost, ""@FQHN and ""@localhost (yes,
that's "blank" @.) Remove all those accounts except root at localhost and then
set a very good password for root. Create *new* and separate accounts for
*every* database you create and grant only the rights needed to perform the
task. Most applications only need select, insert, update and delete. Test it
with those and add other rights if necessary.
Install portaudit and aggressively update when security issues are found in any
of the apps on your server. Do not enable any services that are not needed to
do the job, and restrict access to ssh to only those networks and accounts that
really need access.
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
More information about the freebsd-questions
mailing list