|Web Server Recommendation|
| 3:07 pm on Jun 30, 2010 (gmt 0)|
I'm coding a Web application in PHP/MySQL. I'm going to need to host my own Web server. What Operating System do you recommend?
- buy Red Hat Enterprise?
- Download Fedora
- Use some other flavor of Linux? If so, which one?
Would you recommend...
- I build my own system
- Get a Dell server
- Ger an HP server
- Any other recommendation?
I'm not that good with Linux. I work with a few Linux servers but when I want to know how to do something or fix a problem I just google it. I would like to know what flavor of Linux I will use so I can buy some books about it and learn as much as I can. I don't want to be hosting a Web Server that people will use and then run into problems I don't know how to solve.
Is there a Linux book you would recommend?
| 3:46 pm on Jun 30, 2010 (gmt 0)|
Configuring your own server from scratch with both hardware and software is quite a job. It is easy to make mis-configurations which leave security holes in your system. An alternative is to use a server pre-configured by a hosting company. Hosting companies often offer managed servers where they do all the maintenance work, or some sort of hands-on service where the administration of the server is your responsibility, but the hosting company will be available to help.
If you nevertheless want to go for your own server, first determine what type of hardware you need. How many processing power, how many disk space, and which level of redundancy. When building your own server you are more or less on your own. If something fails, the datacenter where you have placed your server often won't have spare parts available. So you should either choose a brand with a known reputation in service and parts availability, or use entirely products which will be available for a number of years to come. Redundancy of disks, power supplies etc may reduce the chances that your hardware fails, but won't eliminate failure. Some sort of hardware recovery plan is therefore necessary.
Another important factor is power consumption. Data centers often only offer a fixed amount of power per server in their rack. You should either choose a server configuration which stays within that limit, or be prepared to pay for over-usage of power.
If you go for a brand like Dell or HP, you should check their support website to see which hardware drivers they offer for Linux. Often they will only support certain Linux distributions and versions. It is best to stick with those recommended versions to be sure that updates of the drivers will be available for you. One exception is Red Hat Enterprise. If this distribution is supported by your hardware manufacturer, you can also choose the same version number of the CentOS distribution. CentOS and Red Hat are compatible at low level, the main difference is the the way support is available.
| 3:58 pm on Jun 30, 2010 (gmt 0)|
Why own a server?
You can get good rental gear cheap these days that comes with 2000GB/mo (or more) of bandwidth, often cheaper than a colo, and in the event your server has some critical failure or drops dead, they'll slap a new box online same day for no charge.
If you own/colo the box you foot all the costs and then when the box fails, it sits there until you go fix it and/or buy a new one. No benefit whatsoever from the hosting admin staff and your investment just ages until it's worthless.
If you don't want to mess with managing domains, email and all the other junk with the potential to screw up Apache security, adding a control panel like Plesk or cPanel will make life a breeze.
I currently use a rented dual Xeon server with Red Hat Enterprise for easy updates and a control panel so the server comes completely setup and ready to run, no fuss, no muss.
I don't use their backups, I have scheduled nightly FTP backups to my local PC so if the hosting center itself ever goes down (anything is possible) that I can restore to anywhere.
| 4:09 pm on Jun 30, 2010 (gmt 0)|
I own my own server that is namebrand (dell). Raid hard drives, memory maxed out, dual power supplies, etc.
And I have another identical server sitting in my office on a shelf in case a critical component in the live server dies.
This lets me maintain control over hardware and ensures if I want to move hosting providers I can simply physically move my server.
BUT - that level of ownership these days provides no additional benefits in terms of administration, costs, hosting, bandwidth,or pretty much anything else you're likely to care about. You can get the same or better in almost every respect by going with a virtual hosting company, plus they'll look after the hardware for you (which is likely to be more redundant than you can do on your own).
And I've had to learn a lot through the years, spent a lot of time learning linux admin, doing upgrades, managing the basic platform, when it's got nothing to do with how I earn money. It's not unlike taking a mechanics course just so you can drive your car to work every day. Do you really need to know how to test the compression in your engine? Do you really want to take the time to learn how, as well as take the time to do it? So much easier to take the car into the shop and have them figure out any problems.
| 4:20 pm on Jun 30, 2010 (gmt 0)|
Why own a server? Well, this Web application I'm talking about it's a subscription based application, where clients pay a monthly fee to use. If my application gets a few hundred customers or maybe even a few thousand customers, it will bring very good income. Now if I hire a Web hosting company they will take notice of its success and if there is just ONE dishonest person working for that company they can just copy my application.
I also don't like the idea of having to manage a server and update security patches and take measures for power outtages, etc, etc, etc. But I think it is a necessity to manage my own server. Don't you think?
| 4:21 pm on Jun 30, 2010 (gmt 0)|
|This lets me maintain control over hardware and ensures if I want to move hosting providers I can simply physically move my server. |
It also means when the server goes south at 3AM you have to drag yourself out of bed and go fix the hardware yourself vs. picking up the phone and going back to bed ;)
It also means you have to locate nearby meaning you can't just pick and choose data centers around the world for strategic placement away from earthquakes, hurricanes, ice storms, etc. and/or use multiple data centers for peering and rapid rollover in the event of failure.
I used to own, never again.
| 4:34 pm on Jun 30, 2010 (gmt 0)|
I am somewhere in between, have one brandname server in a colocation datacenter and rented servers in others. The rented servers are used for critical stuff where I need the hardware assistance of the hosting company for quick repairs, the colocated server was built with special hardware requirements and would be way too expensive if I had to hire that configuration. I am prepared for long down times though if a hardware failure arises.
In this case with a subscription based model, uptime guarantee seems an important item, probably more important than the chance that a dishonest member of the hosting company will copy the site and monetize it.
| 4:51 pm on Jun 30, 2010 (gmt 0)|
>>I'm not that good with Linux.
doesn't sound to me like you are best suited to running your own server!
however i had my own server once, on which i ran debian which was very easy to use and i learnt very quickly so it is certainly do-able!
however the effort and stress of owning was too much for me, now i rent a RHEL box from one of the big hosting companies, also a hardware firewall etc and for me it is so much easier to get them to manage it.
| 4:52 pm on Jun 30, 2010 (gmt 0)|
|I also don't like the idea of having to manage a server and update security patches and take measures for power outtages, etc, etc, etc. But I think it is a necessity to manage my own server. Don't you think? |
No, I don't think.
Back in the heyday of the web, finding decent providers was a nightmare. I bought managed hosting pre 2000 and it was unreal - regular downtime, no answer at tech support. One site would get DDOS, we'd all be offline for a day. The control obtained by maintaining your own hardware allowed one to bypass useless tech support when sites went offline - which they did regularly.
To control that, I bought my own servers, and to ensure maximum control I eventually built my own mini-datacenter. Had them dig up the street and run fibre down the road (seriously). Bought and maintained firewalls/routers, etc. Tens of thousands, to ensure control.
But times have changed. Most sites never go down, most hosting companies are good to excellent. And with economies of scale, hosting companies are now far cheaper than you can do yourself.
I pay a set fee per month to colo my server in a high end data center. For a two month colo fee, I just paid a whole year for a virtual server - with unlimited domains, a couple of IP's - in the same datacenter, from the very guys that run the datacenter. And one of those control panels. If my colo goes offline, I look after it myself. If my virtual server goes offline, the guys I normally call to fix things? They fix it themselves. I have the same datacenter and feed, the same tiering, power backups etc. I also have daily automated backups. And I expect that my virtual server is likely to be actually installed across a number of servers simultaneously so if a server fails, my site doesn't blink.
Now my servers are a few years old. I bought well equipped back then so they still run more than fine. But someday I'm going to have to rebuild. That means a couple of grand min. in hardware, plus install linux, move my sites over, test, probably a two week stressful job. These are all things I have done numerous times in years past, and I can assure you they take weeks of headaches - it never goes smoothly.
I've also had 10+ years of maintaining my own linux servers so I've got a rough handle on how to do things. Nevertheless, I'm still no expert - I still have to pay for external support a number of times a year.
Or, I could let someone else do all that, and spend my day selling stuff that makes me money.
| 4:54 pm on Jun 30, 2010 (gmt 0)|
And to summarize, if I was starting fresh today, I would only go with a virtual hosting company. No way would I colocate for anything less than enterprise class. Let the mechanics keep the cars running, I'm busy driving the car to sales appointments. I don't have an hour to change the oil every 3K miles.
| 2:51 am on Jul 1, 2010 (gmt 0)|
Ok I understand what you guys mean. My main concern is someone copying my Web application. I've been working months on it and will take me a few more months to finish coding my Web based application and it would be very sad that someone can just copy it. We all know dishonesty is everywhere, even in the best companies. I currently host my Websites with MediaTemple but I'm worried that if my Web application happens to be successful someone might take advantage of it.
(Let's say the Web application it's kinda like 37signals.com, freshbooks.com or box.net)
Wouldn't you be worried about this?
| 3:28 am on Jul 1, 2010 (gmt 0)|
The value of a website is not just the code it runs on. It is also the domain name, the marketing you do to make it successful, etc. As an example, many thousands of sites run on Wordpress, Drupal, phpBB or other generally available software. But only few of them are really successful and make a lot of money. There is much more in the equation than just the application. Just copying the code doesn't therefore make a new competitor.
| 5:16 am on Jul 1, 2010 (gmt 0)|
My main concern is someone copying my Web application.
If that's your main concern you should never put it online.
If someone else likes it, they'll try to clone it.
Nothing you can do to stop that.
However, I wouldn't worry about my host stealing my code and if you are seriously paranoid about it put in a "ping home" alert that contacts your machine every hour so if they turn it on from another server it will alert you immediately.
That's how us paranoids roll :)
| 6:03 am on Jul 1, 2010 (gmt 0)|
You could encrypt the code. that way it will be a lot harder for someone to steal your idea.
| 6:37 am on Jul 1, 2010 (gmt 0)|
|coding my Web based application and it would be very sad that someone can just copy it |
Welcome to the REAL WORLD.
If a browser can show it, we know it. Obfuscation only goes so far. If paranoid DON'T DO THE WEB! Otherwise, put project on line and milk it as far as it can go, then DMCA anyone trampling in your garden. Paraphrasing: "No Gain if no Pain..."
| 11:30 am on Jul 1, 2010 (gmt 0)|
@tangor, he is talking about server side code which is never sent to the browser.
@imagined, very few people write code that is worth going to great lengths to protect. How much effort would it really take to clone it? Also, if it is co-located other people will have physical access to it, which will make it very hard to protect. You really need to have it on your own premises.
As far as OS goes, I would say, Red Hat, Centos, Debian or Ubuntu LTS depending on your needs (RHEL has commercial support, Ubuntu Lucid has more recent versions of software, Centos is RH free so you can opt for commercial license and support later, Debian has a good community and a long support cycle). Not Fedora for a server, I think.
Have you made up your mind about server software, monitoring, deployment, etc?
| 1:32 pm on Jul 1, 2010 (gmt 0)|
Thank you all for your comments. I have read every post. There is severals pros and cons for "own server" VS "host company" I will have to consider.
@incrediBill can you expand on "ping home"? I googled it to find out what it was but came up with nothing.
@graeme_p I haven't made up my ming about server software, monitoring and deploying. I started this thread to get a general idea of the OS since I'm still programming the Web application, there is a lot to code. Once I'm almost done coding it, I will start looking more closely into the specifics of the server. For now, all I know it's I will need Apache 2.2, some flavor of Linux, PHP 5+ and MySQL; the monitoring software, firewall and everything else I do the research later.
| 1:38 pm on Jul 1, 2010 (gmt 0)|
I used what used to be DSVR and now is Demon Virtual servers.
[edited by: tedster at 6:45 pm (utc) on Jul 2, 2010]
[edit reason] removed link [/edit]
| 6:55 am on Jul 2, 2010 (gmt 0)|
You might find that your requirements narrow your choice of distro a bit.
I do not know about the platform you are using, but I recently chose Ubuntu Lucid for a VPS because it had the same Python and Postgres versions as my Mandriva desktop (RHEL and Debian have older versions) on which I had being developing, and it has a long support cycle (recently launched and what Ubuntu call a "Long Term Support" version).
"ping home" would be something on the lines of coding a regular request to server or site you control. You log those, so you have a record of all IPs your app is installed on.
@Mark. Looks expensive, does not look like a real virtual server (which these days would mean a VPS), and I thought we were not allowed to make recommendation on hosting here.
| 10:11 am on Jul 2, 2010 (gmt 0)|
Hi graeme_p just tried to remove it but not permitted. Too long perhaps.
| 6:46 pm on Jul 2, 2010 (gmt 0)|
No problem - I got it.
| 7:04 am on Jul 3, 2010 (gmt 0)|
|@tangor, he is talking about server side code which is never sent to the browser. |
This is true... but the RESULTS of that server side code is delivered. :) And if the result is something "new" then folks will figure out how it was done... and if not the same implementation will find another way to do the same thing.
All you have to do is show something. Somebody will steal it.
| 3:38 pm on Jul 3, 2010 (gmt 0)|
Your application WILL be copied/replicated if it's successful, that's just the name of the game. Sorry, but most of us can look at client-side results and have a general idea on what's going on server-side.
| 1:51 pm on Jul 4, 2010 (gmt 0)|
Have you ever heard of a web hosting employee engaging in that kind of theft? That's not a rhetorical question, I'm really asking. It might be worth doing a web search to look for any such reports.
The reason I ask is that based on how you describe your linux skills, the probability seems very high that your self-built server will get hacked, maybe multiple times before you get the hang of it.
Someone who hacks the server will have access to all your web application source code as well as anything else on the server, and a hacker is more likely to make use of that info than a web hosting employee.
So although you initially posed the choice as being between a low-risk option (web hosting) vs. no-risk (self-hosted), it may be that the risk of self-hosting is really quite high.