Forums

Yeah, I’m down with the $5 price point. The only thing is… I want to host multiple sites on this with no problems. I think $5 is totally fine for someone running one site that doesn’t get a ton of traffic. However, I’m running 3-5 that don’t get a ton of traffic… which still would be fine on $5 but I’m sick of DO and thinking positively!!! Ha ha ha.

In all honesty, I’d be fine to deploy a Debian server. But, all of DO’s kernels are not current. That kind of worries me. Plus, I have serious question about how well they scrub each droplet when its destroyed. I’ve seen MANY sketchy things in that regard. Kind of makes you wonder if you’re inheriting malicious settings. I mean, I know how to lock down SSH and restrict root login and compartmentalize all things sensitive. That being said… I’m not a Linux EXPERT. I don’t know the bowels of the UNIX file system and kernel.

I’d kind of like to maybe go custom and try out Crunch Bang on a server. THAT seems AWESOME! You’d get the best of both worlds and philosophies. I’d like to play around with Pi Bang on the Raspberry Pi beforehand though.

Are there more pros than cons versus Apache?

Anecdotally, I find it to be faster as well. I mean… I haven’t benchmarked it but I use the LEMP stack in dev and production. You should give it a shot.

Maybe I can work this into my network:

I believe the latter does. I don’t personally use it though. htaccess I know for a fact does not run natively on Nginx. There’s a bunch of stuff on Github to convert certain things though.

But for example, the only thing I ever modified in htaccess was a snippet from boilerplate that enabled gzip. That’s really easy to set in Nginx. You just uncomment the line that turns it on in the config. Easy as pie.

@chrisburton

So, obviously Linux systems really excel at setting permissions for various users/applications. It provides really, really fine-grained control over who/what can access what/where.

You can relatively easily lock down Nginx so that it can only access what it needs to do its job. More than that, you can make it all owned by root, so that no one can really mess with ANYTHING, should they somehow gain access to your server via Nginx, i.e. through some public facing webpage. This, it would seem to me would be real convenient with WordPress.

Now, provided that you run a Linux server, which I’m pretty sure you do(CentOS?), you can probably do the same thing for Apache. The problem for me is that Apache is SO much bigger, with SO many more files and SO much more code. It’s much, much easier to totally lock down the handful of files that Nginx uses and set their permissions accordingly.

I plan on doing this today.

That’s not what I meant and I’m probably explaining it poorly and this is a mistype:

More than that, you can make it all owned by root

I meant to say that it’s chrooted. Anyway, the default user/group that owns the webserver in Arch is http, located at /srv/http. That’s where you’d put all your site files. That doesn’t change. Now, in this case, we would create a chrooted environment, i.e. $JAIL for all the files Nginx will need.

All the info is here:

https://wiki.archlinux.org/index.php/nginx#Installation_in_a_chroot

Beyond that, I’ve restricted root login and ONLY connect via SSH keys and took the time to verify the ECDSA key fingerprint before accepting the connect… so I know it’s clean.

Beyond all of that, I think I should be fine because I plan on serving mostly static pages. I’ll be using Node.js for Ghost, but I’ll make sure that’s properly compartmentalized as well.