Artemido
04-23-2002, 01:57 PM
I'm working on setting up a web hosting company whose primary source of revenue will be virtual web hosting. First, I want to share my brainstorming on how to accomplish this with you, and then I'd like to ask a couple of questions. Keep in mind that my motivation for starting this business is to provide web hosting with features that would be attractive to small-medium sized businesses at McDonald's prices. So, many of my technical decisions have been made to minimize cost to both me and the subscribers, without (hopefully) undermining performance, scalability, reliability, and features. Let me know if I'm missing the boat here on things. I suspect that this post will be pretty lengthy, so I thank those, in advance, who can stick with it 'til the end...
After much reading and reviewing my past experiences with hosting, I've elected to use mod_vhost_alias to allow for dynamic setup of hosted customers. I have hosted websites (on a purely small scale) using name-based virtual hosts and the VirtualHost directives in the httpd.conf, so mod_vhost_alias is a new trick for me. In any case, the idea is to provision users automatically by attaching the user's selected uid to a vhost directory through intelligently selecting the next available IP address from a table that will be updated by the provisioning engine. Hence, a new user will always get the next available IP. I've elected to use IP-based virtual hosting for a couple of reasons. First, I understand that this will increase performance a great deal since DNS queries are no longer required. Second, I wish to allow customers the ability to do ssl.
Now, the SSL bit is my first speed bump, as I have next to ZERO experience with it. My idea is to make the user's website available through http://www.domain.com AND https://domain-com.hostingcompany.com. That way the user doesn't have to purchase a certificate and all that to have SSL capabilities; I can purchase a single wildcard certificate for hostingcompany.com and be completely setup for SSL. Since it is my understanding of SSL (actually, specifically https) that a single IP is required for every SSL host, that would seem to necessitate the use of IP-based virtual hosting. AND, since http runs on port 80 and https runs on port 443, will mod_vhost_alias be able to handle both ports? I'm guessing this will involve some level of trickery in DNS (i.e. www.domain.com is 208.133.44.2 and domain-com.hostingcompany.com is 208.133.44.2, but Apache is listening on both ports and pulls up the right htdocs when accessed at that address). Any part of this wrong so far?
Additionally, I would prefer to store all of my user authentication information in LDAP (not OpenLDAP, FWIW). This is for a couple of reasons, but the primary motivation is because my email solution is based heavily on LDAP, and I'd prefer /etc/passwd and LDAP to always have the same information. pam_ldap seems to do that trick quite well, but I am having trouble making it support multiple domains. The DIT that I'm going for would put users in domain.com in ou=People,o=domain.com,o=hostingcompany. pam_ldap only seems to support a single base dn and isn't smart enough to "dig" to find users in ou=People,o=domain.com if the base dn is set to o=hostingcompany. Anyone ever done anything like this? If so, would you care to share your level of success and/or horror stories.
Also, I'll be offering MySQL OR PostgreSQL access to my customers. Is the best way to do this to have a single server instance and give each user a dB to which they have complete control or will most users want to have multiple databases at their disposal? Can myphpadmin be taught to only give access to a specific dB or is the only way that it works is to give root access to the entire server instance?
Are FrontPage server extensions for UNIX still a security nightmare or have they been fixed somewhat since I last played with them back in 1997/98? A couple of my partner web developers have indicated that FP support is a must. My first response was to say that FP-enabled sites would only be hosted on win32 servers, but that plays havoc on my automated provisioning process. If they won't make my servers completely open to hostile attack and takeover, I'd like to have FP extensions available on my web hosting servers (which are RH Linux x86, btw). Is this bad?
And now I would like to ask a few questions (not that I haven't already, or anything...). First, I've selected DreamCost as my billing and accounting system. Any experiences there? I've selected agora.cgi as my shopping cart. Any stumbling blocks or overall evilness that I need to be aware of? I've chosen Authorize.net to provide CC gateway and merchant account services, mostly due to the fact that they are supported by DreamCost and agora.cgi. Good choice? I'm considering going with Apache 2.0 in lieu of 1.3.x. Will I run into any compability problems here? The one piece of software that I haven't selected is a good web-based control panel utility. I've looked at Webmin and web://cp, but my personal favorite continues to be cpanel. The problem with cpanel is its pricing structure, which I still don't actually understand. It seems like more money than I'd like to pay, but maybe I'm just reading things wrong. Anyone have any insight there? Also, bearing in mind that I already have a good administration interface to my email system, do I need anything so complete as cpanel, or are there better (less expensive) alternatives out there?
I suppose that's about it. Thanks much for your time and attention, and I look forward to any advice you might be able to offer.
After much reading and reviewing my past experiences with hosting, I've elected to use mod_vhost_alias to allow for dynamic setup of hosted customers. I have hosted websites (on a purely small scale) using name-based virtual hosts and the VirtualHost directives in the httpd.conf, so mod_vhost_alias is a new trick for me. In any case, the idea is to provision users automatically by attaching the user's selected uid to a vhost directory through intelligently selecting the next available IP address from a table that will be updated by the provisioning engine. Hence, a new user will always get the next available IP. I've elected to use IP-based virtual hosting for a couple of reasons. First, I understand that this will increase performance a great deal since DNS queries are no longer required. Second, I wish to allow customers the ability to do ssl.
Now, the SSL bit is my first speed bump, as I have next to ZERO experience with it. My idea is to make the user's website available through http://www.domain.com AND https://domain-com.hostingcompany.com. That way the user doesn't have to purchase a certificate and all that to have SSL capabilities; I can purchase a single wildcard certificate for hostingcompany.com and be completely setup for SSL. Since it is my understanding of SSL (actually, specifically https) that a single IP is required for every SSL host, that would seem to necessitate the use of IP-based virtual hosting. AND, since http runs on port 80 and https runs on port 443, will mod_vhost_alias be able to handle both ports? I'm guessing this will involve some level of trickery in DNS (i.e. www.domain.com is 208.133.44.2 and domain-com.hostingcompany.com is 208.133.44.2, but Apache is listening on both ports and pulls up the right htdocs when accessed at that address). Any part of this wrong so far?
Additionally, I would prefer to store all of my user authentication information in LDAP (not OpenLDAP, FWIW). This is for a couple of reasons, but the primary motivation is because my email solution is based heavily on LDAP, and I'd prefer /etc/passwd and LDAP to always have the same information. pam_ldap seems to do that trick quite well, but I am having trouble making it support multiple domains. The DIT that I'm going for would put users in domain.com in ou=People,o=domain.com,o=hostingcompany. pam_ldap only seems to support a single base dn and isn't smart enough to "dig" to find users in ou=People,o=domain.com if the base dn is set to o=hostingcompany. Anyone ever done anything like this? If so, would you care to share your level of success and/or horror stories.
Also, I'll be offering MySQL OR PostgreSQL access to my customers. Is the best way to do this to have a single server instance and give each user a dB to which they have complete control or will most users want to have multiple databases at their disposal? Can myphpadmin be taught to only give access to a specific dB or is the only way that it works is to give root access to the entire server instance?
Are FrontPage server extensions for UNIX still a security nightmare or have they been fixed somewhat since I last played with them back in 1997/98? A couple of my partner web developers have indicated that FP support is a must. My first response was to say that FP-enabled sites would only be hosted on win32 servers, but that plays havoc on my automated provisioning process. If they won't make my servers completely open to hostile attack and takeover, I'd like to have FP extensions available on my web hosting servers (which are RH Linux x86, btw). Is this bad?
And now I would like to ask a few questions (not that I haven't already, or anything...). First, I've selected DreamCost as my billing and accounting system. Any experiences there? I've selected agora.cgi as my shopping cart. Any stumbling blocks or overall evilness that I need to be aware of? I've chosen Authorize.net to provide CC gateway and merchant account services, mostly due to the fact that they are supported by DreamCost and agora.cgi. Good choice? I'm considering going with Apache 2.0 in lieu of 1.3.x. Will I run into any compability problems here? The one piece of software that I haven't selected is a good web-based control panel utility. I've looked at Webmin and web://cp, but my personal favorite continues to be cpanel. The problem with cpanel is its pricing structure, which I still don't actually understand. It seems like more money than I'd like to pay, but maybe I'm just reading things wrong. Anyone have any insight there? Also, bearing in mind that I already have a good administration interface to my email system, do I need anything so complete as cpanel, or are there better (less expensive) alternatives out there?
I suppose that's about it. Thanks much for your time and attention, and I look forward to any advice you might be able to offer.