As part of some house-keeping I've been checking over my systems and ensuring they're all tickity-boo for the past couple of days.
One thing that I'm getting increasingly tempted by is converting my kvm guest to a 64-bit system.
I've not quite sold myself on the prospect of what will be a fair amount of downtime, but I'm 90% there.
I do think that a lot of my setup needs an overhaul, for example:
- Running all my websites under www-data is beginning to worry me.
- Running services as root is beginning to make me more and more paranoid.
One possible plan is to wipe my system, and then restore data from backups. A perhaps saner approach is divide my guest into two smaller ones, and migrate services over one by one (e.g. website1, website2, .. websiteN, email, etc).
For the moment I've taken a complete dump of my existing guest, and I'm running it with an IP in the 10.0.0.0/24 range on my desktop. That's at least given me a clear idea of the amount of work involved.
I'm still a little unclear on how best to manage running N websites with the intention they'll each run under their own UID. I guess it comes down to having a few instances of nginx/lighttpd/apache and then proxy from *:80 to the actual back-end. Precisely which mixture of services to use is a little overwhelming. Though at some point soon I need to start enabling IPv6 support, and that changes things a little.
(Not least because nginx has no IPv6 support present in the Lenny release - I've got a backported package which I run on the Debian Administration website.)
It's possible I could hack mod_vhost_alias to redirect/proxy to a local port based upon the virtual hostname present in the request - that's pretty trivial and I've already done something similar for work purposes. Though something like that should presumably already exist? I would expect a map of some form:
That has to be about the minimum necessary information to make the decision; a pair of vhost name & local destination.
/me googles some..
OK quick update I've added local users for some of my sites, and now have them running under thttpd.
skx:/etc/thttpd# ls -ltr /home/www/ | tail -n 4
drwxr-sr-x 4 s-static s-static 4096 Jan 15 01:41 static.steve.org.uk
drwxr-sr-x 5 s-openid s-openid 4096 Feb 16 21:31 openid.steve.org.uk
drwxr-sr-x 6 s-images s-images 4096 Feb 16 21:52 images.steve.org.uk
drwxr-sr-x 5 s-packages s-packages 4096 Feb 16 22:03 packages.steve.org.uk
That seems to work well, with a small wrapper script to start N instances of thttpd instead of a single one. Minor issues are that I'm using mod_proxy to forward requests to the thtpd instances running upon the loopback - and it was initially logging 127.0.0.1 as the source IP. A quick patch later all is well.
I'll leave it running a couple of the simple sites for the next few days and see if it kills children. If it does I'll convert the rest.
Probably will aim to have nginx in front of thttpd, instead of Apache, but this way I don't have to worry about mod_rewrite rules just yet.
ObFilm: Cruel Intentions
Tags: amd64, apache, arch, i386, ipv6, lenny, lighttpd, nginx