>> does anyone know what is THE most efficient way to run apache? Is there
>> basically a very thin and secure version of "linux with apache" which is
>> optimised for a dedicated machine?
>My purpose would be to have several front end servers for load balancing
>purposes. They would only need to run Apache, PHP (with various
>extensions) and a postgresql database client.
Yep, separate processing and storage. As there's not much you can do
to split up the database into multiple machines, that's where your
bottleneck is going to be. But as the database machine only has the
database, the bottleneck isn't too close.
Quote:>If no one else has a better solution, the three that I had considered
>are: RedHat kickstart. It takes a little work to get going, but once
>done is pretty easy. You simply create a kickstart boot disk and then
>use the standard redhat install cd. You choose exactly what you want
>and let it do the partitioning and everything for you. The benefits of
>RedHat are that it's very easy to maintain. Another benefit is that
>it's very up-to-date. Unfortuatnely, it's main disadvantage is that
>often, it's too up-to-date.
Hmm.. I'd recommend that you also specify the partitioning at least to
some extent in kickstart. The drawback here is still the horrendous
jungle of dependencies; it's amazing what all you'll need to drop out
to really keep the installation slim.
Quote:>Debian apt-get. The default install of debian (potato, haven't tried
>woody) is very minimal. It provides the bare essentials then you add to
>it what you need. The only problem is that I don't know of a way to do
>auto-installs which is a feature I would like.
I'm surpsired to hear about the lack of auto-installs -- I don't have
experience with Debian, but had thought that there'd be some kind
of replication mechanism.
You might wish to take a look at Gentoo. It should be slim to start
with. But then, it apparently also is more up-to-date than RedHat.
But after all, RH isn't too bad. Considering the minimum disk sizes you
get nowadays, you can do more-or-less full install without a worry. And
there's still ample room for your data and web apps. Just get your own
things into a partition of their own -- this makes OS upgrades a lot
The optimisation needed is mostly to find all places where you can turn
functionality off. Disable most all automation and services, and there
you should have a pretty good server. Limit network accessibility with
iptables (both incoming and outgoing!), and it's already rather secure.
Local security can be increased by uninstalling setuid things you don't
use (or turning off setuid bits where you're certain they aren't needed,
if uninstalling is not an option - f.ex. due to dependencies). Then just
keep up-to-date with security advisories related to those components you
do run (Apache, PHP, possibly SSL, others?), and you should fare just
fine - of course supposing you don't open holes of your own with the
WWW server-side programs (PHP etc).
Wolf a.k.a. Juha Laiho Espoo, Finland
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)