How to secure a web server running Ubuntu?

N

Niko True2014-02-18 16:03:23

Nginx

Niko True, 2014-02-18 16:03:23

Hello,
I am deploying a web server, sites will be running in php and python. I think to put a bunch of apache + nginx. So I thought about security - what is the best thing to do? use classic chroot or docker, any other suggestions? What pitfalls can be? Thanks a lot for any advice. Ubuntu 12.04 x64 system

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

stavinsky, 2014-02-18
@stavinsky

To begin with, I did not understand why Apache was there, I apologize for the offtopic. PHP can be run through the same php-fpm, python through uwsgi.
If the case, then:
Docker, according to the developers in a distant beta, and they ask not to use it in production.
Chroot does not provide the required level of security.
Yes, and it is not clear what to protect from whom to begin with. From docker and chroot, I would probably look in the direction of lxc and for one thing I would take an interest in the work of selinux, maybe that's enough.

D

Dmitry, 2014-02-19
@deemytch

Do not forget to start all services from different users and distribute different rights on the file system. Ideally, of course, a separate site in a separate container. Communication with nginx - through sockets.

N

Niko True, 2014-02-19
@buloshnik

@deemytch , thanks for the answer, but can you elaborate. Well, or links where you can read about it all.
@ptchol , yes, I had no doubt that @stavinsky 's answer was correct . The fact is that there is very little information on the correct configuration (security + performance). I would like a manual, which would be like a standard or something.
I would be grateful if you provide some links to see how everything should be.