Help creating a server to PROVIDE free, _good_ shared Drupal environments
Hi,
I would like to offer free Drupal hosting. Is there a handbook or a tutorial out there, with a list of "gotchas", "dos" and "donts" I could read? Or, do *you* have some experience about it?
(BTW, I am a "seasoned" Drupal module developer. I wrote Drigg, Extra Voting Forms and user_karma -- which are being ported to Drupal 6 as we speak. I am also a seasoned system administrator.)
The goal is to allow people to fill in a form, and bang, they have their own Drupal host setup and ready to go, for free. (And yes, that would include Drigg web sites).
Issues:
* Security. What should I do, to make sure that each environment doesn't interfere with the next one? What about PHP safe mode?
* Apache/PHP configuration. What are the gotchas here?
* Others...?
I am also a technical writer, and I promise I will write an howto at the end of the "journey". We'd like to launch in September... any help would he highly appreciated :-D
Bye!
Merc.
Hostmaster / Aegir
Check out Hostmaster / Aegir -- on groups, see http://groups.drupal.org/aegir. The projects here are http://drupal.org/project/hostmaster (the install profile) which relies on the hosting (http://drupal.org/project/hosting) and provisioning (http://drupal.org/project/provision) modules.
The way we run it in "mass" mode is to not offer file access at all (so no worries on PHP / security, or rather not at the shell level in any case).
The only "gotcha" is that the way to deploy this is with install profiles. So you would need to create a Drigg install profile, or what have you.
--
The future is Bryght at Raincity Studios
Other gotchas...
Hi,
Hummm I am not sure this is the right way to go for me...
1) Need for installation profile
2) Only Drupal 5.x supported
3) No stable release yet
4) Not sure this is the right tool for me
Plus, giving file access with a caged FTP server is not a problem. To execute PHP, people can always create a node type and have it set as "php code"... so you can't effectively prevent people to execute PHP code anyway.
Bye,
Merc.
just disable php
I highly suggest you simply disable the PHP mode. The http://drupal.org/project/paranoia module helps with this, but doesn't handle things like PHP evaluation in other modules (CCK or Views allow it, as do many others).
--
Growing Venture Solutions | Drupal Dashboard | Learn more about Drupal - buy a Drupal Book
Found this...
Hi,
I found this great post:
http://justinhileman.info/blog/2007/06/a-more-secure-drupal-multisite-in...
Could I use this, plus base_opendir in PHP, to create a nice, safe drupal hosting environment?
Bye!
Merc.
Issues:* Security. What
Issues:
* Security. What should I do, to make sure that each environment doesn't interfere with the next one? What about PHP safe mode?
* Apache/PHP configuration. What are the gotchas here?
* Others...?
Security - FreeBSD with apache, mysql & PHP running in a jail ( if you have more than one ip you can have more jails). Keep up to date on the OS and Drupal security updates. Run a Mysql backup script and you shouldn't need to worry. Lockdown Freebsd - http://www.bsdguides.org/guides/freebsd/security/harden.php. Enable the Mod_security module when you install apache.