f



web server: "reduced network" or "end user" with zones?

I'm thinking about setting up a little web server (extremely low 
traffic, no critical content and the machine will be dedicated to this 
single task).

My initial thought was to install the "reduced network" set and add the 
coolstack.  I've done this and it's all working fine.  I admin the 
machine over a tip connection since there is no sshd or much of anything 
else on the machine, having used the "reduced network" installation 
option.  This seems like a pretty tidy and fairly secure setup.

But, I've been reading about zones and it would seem like a viable 
option.  I would be inclined to "upgrade" to an end user installation 
(or possibly add the zone packages manually) to add zone capability.

This would allow me to set up a web zone and another zone to administer 
the box.  So, I could ssh into it, etc.  This would also seem pretty 
tidy and fairly secure.

I think zones would be cool but, given my stated requirements, would it 
make my life easier over using the bare minimum "reduced network" setup?

Any thoughts?

Thank you,
-- 
HZ
0
Hank
5/11/2007 5:30:48 AM
comp.unix.solaris 26025 articles. 2 followers. Post Follow

2 Replies
527 Views

Similar Articles

[PageSpeed] 57

On 2007-05-11, Hank Zoeller <bogusaddress@dontbothernotvalid.com> wrote:
> I'm thinking about setting up a little web server (extremely low 
> traffic, no critical content and the machine will be dedicated to this 
> single task).
>
> My initial thought was to install the "reduced network" set and add the 
> coolstack.  I've done this and it's all working fine.  I admin the 
> machine over a tip connection since there is no sshd or much of anything 
> else on the machine, having used the "reduced network" installation 
> option.  This seems like a pretty tidy and fairly secure setup.
>
> But, I've been reading about zones and it would seem like a viable 
> option.  I would be inclined to "upgrade" to an end user installation 
> (or possibly add the zone packages manually) to add zone capability.

Hmm, you need a fair amount of extra stuff.   My installations are
usually SUNWCreq plus a bunch of others; if you use SUNWCreq you will
need to add at least SUNWCssh, SUNWzoner, SUNWzoneu, SUNWlur, SUNWluu,
SUNWluzone and probably SUNWj5rt for what you describe.

> I think zones would be cool but, given my stated requirements, would it 
> make my life easier over using the bare minimum "reduced network" setup?

So the answer to that is probably "yes" unless you're prepared to run
through a little trial and error loop.

Ceri
-- 
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere
0
Ceri
5/11/2007 7:56:04 AM
Hank Zoeller wrote:
> I'm thinking about setting up a little web server (extremely low 
> traffic, no critical content and the machine will be dedicated to this 
> single task).
> 
> My initial thought was to install the "reduced network" set and add the 
> coolstack.  I've done this and it's all working fine.  I admin the 
> machine over a tip connection since there is no sshd or much of anything 
> else on the machine, having used the "reduced network" installation 
> option.  This seems like a pretty tidy and fairly secure setup.
> 
> But, I've been reading about zones and it would seem like a viable 
> option.  I would be inclined to "upgrade" to an end user installation 
> (or possibly add the zone packages manually) to add zone capability.
> 
> This would allow me to set up a web zone and another zone to administer 
> the box.  So, I could ssh into it, etc.  This would also seem pretty 
> tidy and fairly secure.
> 
> I think zones would be cool but, given my stated requirements, would it 
> make my life easier over using the bare minimum "reduced network" setup?
> 
> Any thoughts?
> 
> Thank you,

Skip the zones. Keep the reduced networking setup. Add only the ssh and 
any other packages you need. Use ipfilter to restrict ssh logins. Add 
Disk Suite to mirror the drives.

I have a web server and a mail relay server setup like this and love it. 
Just my two cents. Sure the zone option would be fun, just depends how 
much time you have on your hands to redo it.
0
Roger
5/12/2007 3:05:51 AM
Reply: