On 7/28/06, Matthew Fisch <matthew.fisch@xxxxxxxxx> wrote:
I'm currently consulting for a customer running 20,000 customers/domains on a few dozen zeus webservers sharing an nfs nas. The support contract with zeus has lapsed and I am comparing my options for moving over to apache in leu of renewing. A basic requirement of any webserver for this cluster is secure dynamic mass virtual hosting. mod_vhost_alias OR mod_rewrite seems to give me the ability to serve up pages from the nfs nas ie /var/www/virtual/d/r/dreamway.com/docs . This is basic mass virtual hosting. This works great for static content, but breaks down when customers want to run CGI/PHP, now we need suexec (or something) to make this secure. Unfortunately suexec is defined at the <VirtualHost> level and I see no way to incorporate it into a mass virtual hosting setup. I assume this is because suexec has no method of mapping domains to uids. Way back in apache 1.3 there was a third party addon mod_cgiwrap that did something like this (its now defunct).... and in apache 2.0 there was a partly written MPM 'perchild' that might have helped too .. which brings me to (less important) point # 2. Zeus has a 'perchild' type feature where the thread that serves up the client pages (the whole server) AND the CGI's SU to the user's uid. In addition to making CGI's secure, this also lets people 'own' their own content away from prying eyes of other users with access to the apache group. Does this functionality exist in apache and I just cant see it? Is there a better place to ask? Let me know, I'll be elevating this to the dev list shortly.
It would be relatively straightforward to hack suexec to launch cgi scripts with a different set of rules. Of course, you'd need to be very careful to make it secure (see all the warnings in the docs and source code). But if you have 20000 domains, you should be able to afford to hire a decent programmer. This is not something that would make it into the main apache httpd, because it would be impossible to do it in a flexible and secure way. Luckily, for one site, you don't need flexibility. With regard to serving 20000 hosts entirely under their own userids, I have never seen anything that could do that without severe sacrifices. Perchild and similar mpms keep a pool of processes/threads for each userid, which wouldn't work at that scale. The other secure alternative is to launch a new process for each request, but that is obviously horrible performance-wise. I don't know anything about zeus, but I suspect that they have made a major compromise either in performance or security to accomplish this. With regard to "elevating" this to the dev list, feel free. But make sure you've searched the archives of this list and the dev list for the dozens of other times this has been discussed. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx