January 9th, 2002, 07:04 PM
BSD the best option for web hosting?
A short question, is BSD the best platform for hosting web services (FTP/httpd/php/perl/mysql, considering allowing users access via sshd, starting from scratch)? If so which BSD would be best, given the (minimal) scenario above. Any comments on potential pitfalls for a first time hoster (as I would be)?
Thanks in advance,
January 9th, 2002, 07:18 PM
January 9th, 2002, 08:32 PM
I am starting with FreeBSD and I have gatered that FreeBSD is the best choice (for me)
January 9th, 2002, 08:57 PM
Mizzory - are you running a dedicated server for hosting? If so what kind of deal do you have and is it paying yet?
My main concern is getting 'cracked' straight off because I've allowed users shell access and missed something obvious in the meantime - still I suppose that's what learning's about
Perhaps I should give out free accounts first before charging for hosting services, see how it pans out.
January 10th, 2002, 03:42 AM
Yahoo, Hotmail, world largest ftp server company and others are running FreeBSD boxes, so FreeBSD is doing fine..
January 17th, 2002, 07:51 PM
check out OpenBSD
OpenBSD has the best track record for security. It is a bit more spartan than FreeBSD emphasising robustness and security over boatloads of features. The web design firm I work for uses OpenBSD on 3 out of 4 servers. (Some people just *need* linux.)
OpenBSD 3.0 comes with audited versions of ftpd, httpd, sendmail, and sshd. Making it very easy to use SSL if you are going to be hosting secure pages. Running MySQL and PHP is a breeze.
January 18th, 2002, 05:09 AM
OpenBSD 2.x is fine as well. But their decision to removed IP Filter made me migrate two OpenBSD boxes to NetBSD.
OpenBSD 3.0 comes with a very unstable/imature packet filter (pf). Personally, I think it needs another year to be ready. As a result, many OpenBSD have migrated to another OSes. I know Darren (author of IP Filter) has made a new version of ipf to run on obsd3.0. It's usable but not quite ready.
January 18th, 2002, 11:16 AM
He was asking about hosting not firewalling. All pf / ipf arguments aside, OpenBSD is great for that. And I'm running 2 pf boxes that have not given me any trouble (for the record )
January 18th, 2002, 11:45 AM
>> He was asking about hosting not firewalling
Since you brought up security, I was just telling people OpenBSD 3.0 is using a very imature packet filter. Imaturity doesn't necessary mean it's not secure, but likely unstable, which turns out to be the case, you'd know if you are on the mailing list. If the OS he is choosing can't give him stablility, it must not be a wise choice. Not to mention when FreeBSD can be configured as secure as OpenBSD. When it comes to stability, NetBSD would be the best choice on earth. I am not saying Open is not secure, it's just less stable than Free and Net. Don't forget, I'm still running two OpenBSD boxes.
January 18th, 2002, 12:10 PM
It seems to me that you are using pf's faults to talk smack on the whole OS. When this guy would have no user for pf anyway. But at least we agree it should be *BSD.
That's all I'm saying.
January 18th, 2002, 12:33 PM
>> you are using pf's faults to talk smack on the whole OS
Because OpenBSD community is getting smaller since the removal of ipf.
>> When this guy would have no user for pf anyway
Are you telling him not to use any packet filter at all? Why bother facing all these troubles when FreeBSD can compensate all the deficits of OpenBSD.
>> at least we agree it should be *BSD
Definitely. BTW, I made couple comments on the difference of BSDs couple months ago -> Differences in the *BSDs
January 18th, 2002, 04:47 PM
Feel I should mention that OpenBSD has never been unstable for me.
At least not when using requested deamons. (FTP/httpd/php/perl/mysql)
Had a few X crashed when I ran it on a LapTop, but I believe that had more to do with my poor WindowMaker config skills then the relative stability of the system as I almost never use X at all. Besides, it was only WindowMaker that chrashed, not the system itself.
I don't have any statistics or major comparison charts between Open and FreeBSD except my own use of the systems, so I have no real reference, but... for me, OpenBSD have never let me down and chrashed (Nor has FreeBSD).
Last edited by Fjodor; January 18th, 2002 at 04:50 PM.
January 19th, 2002, 05:06 AM
Apologies for lateness replying to this thread first off.
Well, this converstation has raised a few items of interest. Firstly phlux says that I might have no need for a packet filter - I would most certainly imagine using a packet filter at some point - security is most certainly an issue in web-hosting no?
Whilst I can appreciate that the need for a software firewall/filter may be negated by the use of a hardware solution, for a small hosting company would it not be too expensive to afford a hardware firewalling solution in the early days?
Further - on the matter of which types of BSD suit which circumstances best - are one of Open/NetBSD best for network security? What are the reasons for this and do those reasons make open/net bsd less suitable for a hosting platform?
Thanx in advance.
January 19th, 2002, 07:30 AM
The thing about IPF vs PF is that IPF has been around longer. When it comes to devices like packet filtering people tend to use the same arguments as with cryptography, which is, if a program has been around for a long time with no (or fixed) weaknesses it is more likely to be secure. PF is newer so it simply hasn't had the same amount of auditing. IPF is on the other hand well tested. On the other hand, like freebsd said, it's not to say PF is insecure, BUT we don't know that yet. Unfurtunally, none knows if something is secure until it's broken, and then we know it's not.
This is the right thing to look at security though, the more tests and audits it has gone through, the more likely it is to be secure.
So... IPF is more tested then PF, that's the short answer. IPF will compile on the new OpenBSD I think I read somewhere on their mailinglist... Haven't followed it as hard as I should, so this might be incorrect, but I think so.
Then, when it comes to OpenBSD vs FreeBSD vs NetBSD, to save myself from alot of wrighting, I direct you here for further reading:
Difference and similareties between NetBSD, FreeBSD and OpenBSD
January 19th, 2002, 12:08 PM
Cheers for that link fjodor, very interesting. So basically NetBSD is the one to go for if you want to run UNIX on some obscure platform (lol @ running NetBSD on Sega Dreamcast), OpenBSD is the one to go for if you want security by default and FreeBSD is the one if you want an easy life! Mmm tough choice.
In the context of this thread though, I suppose freebsd would be the best choice for webhosting but ensuring that a custom kernel configuration is built to add the default security settings viz-a-viz openbsd. I was mightily impressed by the 2terrabyte-in-one-day file transfer stats achieved by walnut creek on a single freebsd server. V impressive.