On Dec 17, 2012 11:55 AM, "Paul Gideon Dann" <pdgiddie@xxxxxxxxx> wrote: > > On Friday 14 Dec 2012 12:51:20 arnaud gaboury wrote: > > currently following the Sun certified web component developer course, > > I want to set up a http web server @ home to practice. > > I plan to virtualize a Arch server on my Arch box. > > Personally, I wouldn't bother virtualising. Certainly not just for playing > around with web servers. You could do that if you want to learn about > virtualisation and security, though. > > > I know we can talk about pro/con for hours, but I am interested in > > knowing your advices about the following apps: > > -http server : Apache or Nginx (curious to test the later) > > I a big Nginx fan. It's really light, simple to set up, and blazingly fast. > There are some more advanced features that it lacks, but I very much doubt > you'll need anything like that. > > > -container for my servlets : Tomcat ? > > If you're using Java, Tomcat or Jetty seem to be your main options. I like > the look of Jetty, but I have very limited Java deployment experience and > haven't actually tried Jetty. I have used Tomcat, though, and found it a bit > inflexible in its configuration for the particular app I was deploying. If > you're going the Java route, you want to get this set up and working before > you worry about Apache / Nginx. > > > -secure ftp server : ??? > > OpenSSH (SFTP?) > > > maybe a mail server: ??? > > Postfix has always served me well (forwarding on mail to root from cron jobs, > sending out mail to users from apps, etc...) It's pretty easy to set up, but > there's plenty of flexibility to play with if you want to customise it. Does > your app need to send e-mail? > > > I guess ssh will be the best way to talk to the server. > > Yes, always. > > > Maybe other stuffs I forgot? > > If you're looking into security, think about a firewall. It gives you some > extra reassurance that only specific traffic is going in and out. I like > Shorewall. > > > What is the most common and simple way to secure the whole stuff > > without loosing too much responsiveness? > > What are you thinking of, here? Arch doesn't come with any big security holes > that anyone knows of, so it really depends on what you've installed and the > way you've configured it. If you want to go all-out, you could eventually > look into AppArmor / SELinux, Tripwire, etc... I've always felt that was > overkill for my work, so I've never tried them. I definitely wouldn't bother > if you're just starting out. > > Paul Paul, a big thank for your very detailed list At least one clear answer. Until now, here is what I did: 1- virtualized arch on my Arch with qemu/libvrt 2-installed lighttpd (for a start, maybe easier than Nginx), tomcat7,openssh. Now my issue is to connect guest host to its domain naime. Did register public static IP to my domain naime seller. I am looking to avoid web - - > router ––> host ––> http guest server. I am scratching my head to figure out how to avoid the host forwarding. My router can assign the IP to one of the machine. Unfortunately, I did not use br0,bridge, but vibr0 on NAT and the router can't see the guest. The guest is getting its IP from host httpcd. Not a good way I think. It will generate too much forwarding. Any help would be appreciated. Regards
