Date: Wed, 23 Jul 2008 10:56:29 -0500 From: Paul Schmehl <pschmehl_lists@tx.rr.com> To: VeeJay <maanjee@gmail.com>, FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD for webserver? Message-ID: <C8D01BDEBE1DFC1A4EB6DF87@utd65257.utdallas.edu> In-Reply-To: <2cd0a0da0807230206m4ebcf99eif6d069cb096d7632@mail.gmail.com> References: <2cd0a0da0807221305r5ae70309w4313dbea62d3fdf0@mail.gmail.com> <2cd0a0da0807230206m4ebcf99eif6d069cb096d7632@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Wednesday, July 23, 2008 11:06:30 +0200 VeeJay <maanjee@gmail.com> wrote: > Really good contribution.... > > I would of course go with ports but have a question in mind.... > > What should be installation sequience? > > 1. Apache 2.2.9 > 2. MySQL 5.1.26 > 3. PHP 5.2.6 Install Apache before you install php. Mysql doesn't matter. The default installs of all three should be fine unless you're doing something unusual. You'll also need to install php-extensions. Run "make config" first and decide which ones you need to have installed (after installing php5 of course.) > And are there any options you guys would like to suggest to avoide for > performance or security reasons? > Setup mysql to listen on localhost only *or* to not listen on tcp at all and use unix sockets instead. Mysql, by default, comes with four accounts with blank passwords; root@FQHN, root@localhost, ""@FQHN and ""@localhost (yes, that's "blank" @.) Remove all those accounts except root@localhost and then set a very good password for root. Create *new* and separate accounts for *every* database you create and grant only the rights needed to perform the task. Most applications only need select, insert, update and delete. Test it with those and add other rights if necessary. Install portaudit and aggressively update when security issues are found in any of the apps on your server. Do not enable any services that are not needed to do the job, and restrict access to ssh to only those networks and accounts that really need access. -- Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C8D01BDEBE1DFC1A4EB6DF87>