Tuesday, October 30, 2012

Re: Help me choose OS for django server

> First, is this a good idea? Do you think I can do this securely using
> the django, apache, and lighttpd docs? or am I asking for trouble?
> What are the major security issues I need to be aware of when
> administering a server?
This depends on your specific security requirements. If you're mainly
concerned with protecting your server and website from unwanted
tampering, then the important things are 1) only allow connections to
ports you're using (HTTP) and restrict access via SSH to your IP or a
local network; 2) make sure the software you're using is secure (the
ones you mention are good; though I think Apache is vulnerable to a type
of DDOS attack: http://en.wikipedia.org/wiki/Slowloris); 3) check your
own code; Django is good about security but that doesn't mean you can't
build an insecure application with it; 4) choose good passwords, etc.
and if you're particularly concerned, consider using keys for your SSH
connection.

> Also, if I go this route, I'll need to choose an OS. I'm running a
> production server (just Apache + mod_wsgi) using my Arch Linux box,
> but I don't think arch is the best idea. I'm sorta trying to decide
> between CentOS and Ubuntu. Leaning toward CentOS, but just a little
> worried it might be missing some of the packages I need. I've never
> used CentOS before. Any advice?
I've used both and haven't noticed much difference for the things I do.
I would recommend nginx in place of lighttpd (better maintained), and if
you're using either of those, Apache isn't necessary (though you will
need a WSGI server, such as Gunicorn).

_Nik

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment