LAMP. From the formulation of the problem to the start of a fail-safe service
Good day, Habr.
In the course of more than a heated discussion of the publication , the idea arose to describe an algorithm for constructing a typical solution from the phrase “We need a website” to the moment when this website, which has already begun to make a profit, is under attack and continues to work.
As practice shows, errors or oversights at the stage of choosing a hosting, basic distribution, installing and configuring server software and, to a considerable extent, programming style, can lead to an inoperative state of any project that during the demonstration to the customer worked very nicely and quickly .
How to protect yourself from such errors?
The answer is simple. You need to invite professionals to design. Either one wagon who knows everything and thoroughly, or a group of good specialists who know very well a separate aspect and are quite erudite in related aspects.
')
The purpose of this publication is to attempt to gather such a group, both for collegial discussion of the TK of the future system and for developing a set of recommendations for optimal settings at all levels, starting from the system core, ending probably php.ini.
For the work of the group, if such is collected, organized by the group habratest
In the comments to this post, please write only specific proposals.
We will move discussions to a group or organize a conference in Jabber.
According to the results, when and if such appear, we will find where to publish,
and to discuss the results, we will make a separate post on Habré.
No need to discuss the process of discussion itself ...
It is easy to say “let's start” ... And with what, in fact, shall we begin? And we begin with the understanding of their desires. What do we want to get as a result? For the phrase "site in the Internet" lies a very spreading tree of options.
And each branch conceals a set of technical and technological solutions that differ so much from the neighboring one that only one phrase determining the choice of a solution can change the cost of a project by orders of magnitude (not times, but orders!), Or lead to a complete inoperability of a project , or to the apparent performance, the consequence of which will be the inability to scale the service in case the value of the project turns out to be positive and the client tramples by the doorposts, and the service bends.
Fantasies, you say? Yes, fantasy. But this happened already, well, if not with us.
We will provide the ability to scale.
Similarly, we provide for a minimum (preferably zero) cost of license fees.
We also include immunity to viruses and the highest possible protection from unauthorized access at the operating system level.
An experienced system administrator will never get into situations from which a good system administrator easily emerges. We will try to summarize the knowledge of experienced administrators and organize backup with minimal effort.
And why, actually, LAMP ?
Recall that LAMP is Linux, Apache, MySQL, PHP ... But is this really the right set?
I'm not sure. Maybe in the end we will stop at this set. May be…
But there are alternatives, and from the point of view of ensuring maximum speed and maximum stability on minimal configurations of leased (virtual) servers, it may be these alternatives that turn out to be the optimal choice.
The answer to the fair question "Is this really what we need" can only be obtained as a result of testing. Competent, professional testing, with the prediction of the result and the analysis of compliance obtained predicted.
Well, as stated, the site, installed and configured according to the described recommendations, will be provided for DDoS by everyone.
I want to approach the question correctly.
That means:
1) Task setting. Description of the requirements for site sustainability.
2) Aggregated selection of values ​​that somehow change after a standard installation (mount options FS, sysctl, etc.).
3) Aggregated selection of software, that is, Nginx, Apache, Lighttpd, etc.
4) The reasoned settings of this software in the context of the maximum possible loads.
5) Agrumented protection algorithm in the context of possible attacks.
Not only DDoS, but also attacks on vulnerabilities in order to obtain local root, for example.
6) The method of logging system behavior. Plotting, notification of problems.
In the course of more than a heated discussion of the publication , the idea arose to describe an algorithm for constructing a typical solution from the phrase “We need a website” to the moment when this website, which has already begun to make a profit, is under attack and continues to work.
As practice shows, errors or oversights at the stage of choosing a hosting, basic distribution, installing and configuring server software and, to a considerable extent, programming style, can lead to an inoperative state of any project that during the demonstration to the customer worked very nicely and quickly .
How to protect yourself from such errors?
The answer is simple. You need to invite professionals to design. Either one wagon who knows everything and thoroughly, or a group of good specialists who know very well a separate aspect and are quite erudite in related aspects.
')
The purpose of this publication is to attempt to gather such a group, both for collegial discussion of the TK of the future system and for developing a set of recommendations for optimal settings at all levels, starting from the system core, ending probably php.ini.
For the work of the group, if such is collected, organized by the group habratest
In the comments to this post, please write only specific proposals.
We will move discussions to a group or organize a conference in Jabber.
According to the results, when and if such appear, we will find where to publish,
and to discuss the results, we will make a separate post on Habré.
No need to discuss the process of discussion itself ...
It is easy to say “let's start” ... And with what, in fact, shall we begin? And we begin with the understanding of their desires. What do we want to get as a result? For the phrase "site in the Internet" lies a very spreading tree of options.
And each branch conceals a set of technical and technological solutions that differ so much from the neighboring one that only one phrase determining the choice of a solution can change the cost of a project by orders of magnitude (not times, but orders!), Or lead to a complete inoperability of a project , or to the apparent performance, the consequence of which will be the inability to scale the service in case the value of the project turns out to be positive and the client tramples by the doorposts, and the service bends.
Fantasies, you say? Yes, fantasy. But this happened already, well, if not with us.
We will provide the ability to scale.
Similarly, we provide for a minimum (preferably zero) cost of license fees.
We also include immunity to viruses and the highest possible protection from unauthorized access at the operating system level.
An experienced system administrator will never get into situations from which a good system administrator easily emerges. We will try to summarize the knowledge of experienced administrators and organize backup with minimal effort.
And why, actually, LAMP ?
Recall that LAMP is Linux, Apache, MySQL, PHP ... But is this really the right set?
I'm not sure. Maybe in the end we will stop at this set. May be…
But there are alternatives, and from the point of view of ensuring maximum speed and maximum stability on minimal configurations of leased (virtual) servers, it may be these alternatives that turn out to be the optimal choice.
The answer to the fair question "Is this really what we need" can only be obtained as a result of testing. Competent, professional testing, with the prediction of the result and the analysis of compliance obtained predicted.
Well, as stated, the site, installed and configured according to the described recommendations, will be provided for DDoS by everyone.
I want to approach the question correctly.
That means:
1) Task setting. Description of the requirements for site sustainability.
2) Aggregated selection of values ​​that somehow change after a standard installation (mount options FS, sysctl, etc.).
3) Aggregated selection of software, that is, Nginx, Apache, Lighttpd, etc.
4) The reasoned settings of this software in the context of the maximum possible loads.
5) Agrumented protection algorithm in the context of possible attacks.
Not only DDoS, but also attacks on vulnerabilities in order to obtain local root, for example.
6) The method of logging system behavior. Plotting, notification of problems.
Source: https://habr.com/ru/post/149486/
All Articles