Answer the question
In order to leave comments, you need to log in
How to secure a web server running Ubuntu?
Hello,
I am deploying a web server, sites will be running in php and python. I think to put a bunch of apache + nginx. So I thought about security - what is the best thing to do? use classic chroot or docker, any other suggestions? What pitfalls can be? Thanks a lot for any advice. Ubuntu 12.04 x64 system
Answer the question
In order to leave comments, you need to log in
To begin with, I did not understand why Apache was there, I apologize for the offtopic. PHP can be run through the same php-fpm, python through uwsgi.
If the case, then:
Docker, according to the developers in a distant beta, and they ask not to use it in production.
Chroot does not provide the required level of security.
Yes, and it is not clear what to protect from whom to begin with. From docker and chroot, I would probably look in the direction of lxc and for one thing I would take an interest in the work of selinux, maybe that's enough.
Do not forget to start all services from different users and distribute different rights on the file system. Ideally, of course, a separate site in a separate container. Communication with nginx - through sockets.
@deemytch , thanks for the answer, but can you elaborate. Well, or links where you can read about it all.
@ptchol , yes, I had no doubt that @stavinsky 's answer was correct . The fact is that there is very little information on the correct configuration (security + performance). I would like a manual, which would be like a standard or something.
I would be grateful if you provide some links to see how everything should be.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question