Date: Tue, 06 Oct 1998 18:47:50 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Chris Shenton <chris@shenton.org> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: How to share accounts between mail/pop and web servers? Message-ID: <3.0.3.32.19981006184750.00f74c4c@207.227.119.2> In-Reply-To: <87soh1tzd2.fsf@absinthe.shenton.org> References: <Graeme Tait's message of "Tue, 06 Oct 1998 08:53:58 -0700"> <87hfxiv0r9.fsf@absinthe.shenton.org> <361A3D16.14B5@webcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:43 PM 10/6/98 -0400, Chris Shenton wrote: >Graeme Tait <U@webcom.com> writes: > >> Why not duplicate the box and split the users across boxes? That way if >> one box goes down, only half your users suffer. It's scalable, as for >> yet more users you just add another box, and you can load-balance the >> boxes easily for good utilization by allocating users appropriately. >> Configuration is the same from box to box, and having hardware spares is >> easy. The only thing that might connect the boxes is having them do >> secondary DNS for each other. > >Cuz sendmail and web stuff are big applications. I don't think their >size and resource consumption is terribly related to the number of >users (my customers, not outsiders hitting the web). Neither are all that "big" really. Depends on how much you are doing for each, but generally httpd will take up more memory on and sendmail has more disk IO. >But it would be a good idea for me to mirror the web stuff on the mail >server and the mail stuff on the web server just in case. How are you going to _reliably_ mirror mail, especially mailboxes. This has been discussed before and there wasn't any good answer. Search the hackers list. And before anyone answers about mirroring, I'm talking about at the OS level, not using variations with tar, scp, scripts, et all. >But frankly: I installed FreeBSD-2.1.5 two years ago and it's only >gone down once (unplanned) that I'm aware of. Not too shabby, and one >of the best advertisements I know of for FreeBSD versus other >platforms. About what I've seen. Very reliable even under heavy loads. Now you had the right idea to break out services: >I plan to split into two boxes: one for WWW and FTP, the other for >SMTP, POP, and IMAP. Not sure where I'm gonna run RADIUS yet, maybe >on both for redundancy. Don't know what you have for hardware and how much traffic each service will get, but here is a good outline plan: Considering that a 486 w/16-32MB and one disk can deal with DNS. These could also do secondary MX. RADIUS could also reside here and depending on if you do detailed accounting or the overall disk IO you may want another drive for that. Use the current 2 servers. One handling ftp and http, the other doing primary MX, POP, and IMAP. You end up with: server 1 - DNS (master), MX (secodnary), RADIUS (secondary) server 2 - DNS (slave), MX (secodnary), RADIUS (primary) server 3 - MX (primary), POP, IMAP server 4 - ftp, http Most important to customers is dialing in and mail. Should either auth server die, they still get in. Should the POP server fall over, _some_ mail may be lost, but any new mail will not bounce. We are not trying to be 100% redundant here, just covering some redundancy with minimal hardware and work in a way that is easy to manage. Is the ftp for web page or acutal ftp sites? Does this mean no user account telnet in general and no telnet for ftp/www clients? Regardless it is good to lump these together and do virtual hosting. This setup also means that no user accounts need be on the DNS/MX/RADIUS servers and access could be limited to strictly secure connections or console. As suggested by Gary, an alternate passwd file can be used on the mail server. Depending on the query load, RADIUS may want more power than a 486. The mail and ftp/web servers should have at least 64MB, IMHO. Personally I'd recommend feeding the web server memory until it consistantly leaves a decent amount free. This allows FBSD to do it's magic cache thing, well not magic, but it works well. That covers over-all load sharing for some services and some basic security in the over setup planning. Without going into detail both the mail and ftp/www servers should have more than one drive to spread disk IO. On the ftp/www server using one drive for the OS, one for the docs, and one for logging will go far. Did a bit more than 5M hits on a 486/66 w/32 with such a setup. The mail server should a drive for the OS, mailboxes, and spool. This allows for growth and I've not gone past the point where this needed changing. At little planning will extend the life of each server and adding more memory and disk is easy, depending on the needs of each service and system. And yeah there is a lot more that others and myself can add, but this gives a good idea of where to start. cheers! Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19981006184750.00f74c4c>