From owner-freebsd-questions@FreeBSD.ORG Mon Sep 5 13:18:26 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0AA3A1065670 for ; Mon, 5 Sep 2011 13:18:26 +0000 (UTC) (envelope-from pldrouin@pldrouin.net) Received: from ran.physics.carleton.ca (ran.physics.carleton.ca [134.117.14.34]) by mx1.freebsd.org (Postfix) with ESMTP id B828F8FC17 for ; Mon, 5 Sep 2011 13:18:25 +0000 (UTC) Received: from [192.168.1.107] (CPE0023695b905f-CM001a666aca96.cpe.net.cable.rogers.com [99.245.231.142]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ran.physics.carleton.ca (Postfix) with ESMTP id 6854139F95; Mon, 5 Sep 2011 09:18:23 -0400 (EDT) Message-ID: <4E64CC1D.90001@pldrouin.net> Date: Mon, 05 Sep 2011 09:18:21 -0400 From: Pierre-Luc Drouin User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4E644637.1030500@pldrouin.net> <20110905143102.68a797fa.freebsd@edvax.de> In-Reply-To: <20110905143102.68a797fa.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Polytropon Subject: Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2011 13:18:26 -0000 On 09/05/2011 08:31 AM, Polytropon wrote: > On Sun, 04 Sep 2011 23:47:03 -0400, Pierre-Luc Drouin wrote: >> Hi, >> >> so I have a friend who is looking for the best OS for a web server, that >> allows to configure services (I guess HTTP, PHP, MySQL and web content) >> and do the OS maintenance (OS& package updates, firewall configuration) >> without having to touch a shell. I was wondering if something like >> PC-BSD + CPanel would be the way to go. Would there be other BSD-based >> alternatives? I always do upgrades and configure services through the >> shell and I am not aware too much about the GUI alternatives... > There are webbased configuration tools that run on common > service combinations (like Apache + MySQL + PHP) that can > be installed. However _installing_ them requires a skilled > person who is able to administrate a server, which in turn > traditionally implies the ability to use the command line, > even if it's just for that "abstraction job". Well, this part is not an issue, as he will not be the one doing the initial install of the system > FreeBSD can be the OS running such a combination. > > PC-BSD primarily aims at desktop usage, so for example it > defaults to KDE, office applications, multimedia stuff and > all the things you traditionally won't want on a server. But all these can be removed quite easily I guess... > Software solutions that come to mind are CPanel or WebMin. > Maybe there are others? I'm not sure as I void those mostly > inflexible, error-prone, overcomplicated and dangerous > piles of bloat whenever possible. :-) How much security risk do these represent compared to using a Windows server? > For managing installed applications (ports), there are > KDE tools for that (at least _have been_ in the past, > not sure if they are still being maintained). Do the PC-BSD package management tools still require KDE? I though they were removing this dependency? > The system > cannot be updated by a GUI tool (why should it?), but > it should be a job of max. 30 minutes to create a Tcl/Tk > GUI wrapper for those things. Can PC-BSD OS be updated through a gui? > And firewall configuration: > I'm quite sure PC-BSD has something for that, except that > it probably won't give you the flexibility to automatically > change firewall rules depending on different kinds of > attacks the server will encounter. > > Please keep in mind: If you're running a web server, you're > part of the target group of thousands of "villains" across > the Internet who will happily exploit any weakness you are > presenting to them, depending on the services and software > you run. > > What's possible to run will also depend on what kind of > server you have. For example if you run a server without > any GPU, but PC-BSD depends on hardware-accellerated 3D > graphics for managing the firewall, then... you know. :-) > > There still is a question that your friend should give an > answer to himself: Wouldn't it be worth investing in basic > UNIX skills and command line operations to gain knowledge > and experience to professionally administer a server instead > of relying on abstracted layers of abstracted abstractions > that GUIs provide here, maybe paying with speed and security > loss? Well, I know that. I can try convincing him... Thanks!