Re: AWS applications and domain hosting

Marius Amado Alves <amado.alves@xxxxxxxxxx> writes:

> This subject greatly interests me too, as I plan to deploy AWS-based
> websites soon. I'll add what little I know, and join the original
> poster in asking for help.
>
> As others have told, yes, domain and hosting are formally
> separate. But many hosts offer registration, e.g. Yahoo!, and often
> the package price beats buying the two things separately.

That's not my experience.

> Anyway, the information related to AWS belongs to the hosting part
> only.

Yes.

> I think that, unlike someone else said, a separate web server, or
> proxy (Apache), is neither required nor useful. The host system only
> has to open a port (?) to AWS sockets, right? And allow the
> AWS-based executable to run with the right
> parameters/permissions/ownership/priorities...

The benefit of running through a proxy are:

a) You don't have to implement plain handing out of static files
yourself.

b) Your daemon doesn't have to run as "root" (which is the case, if
you want it to bind directly to port 80 on the system).

And a side-effect of b) is that you may be able to get a cheaper
solution since you don't need a complete (virtual) computer just for
your site.

> It is these (currently, to me, slightly fuzzy) elements that I'd
> love to see well described.

In Unix you have to be "root" to act as a server on any port in the
range 0-1023. IIRC, Apache is started as "root", but downgrades its
privileges as soon as it has grabbed port 80. I don't know exactly
how it is done. Anybody who wants to put a service directly on the
network should understand how to run it with minimal privileges.

Although Apache isn't perfect, it is good enough for most of my needs,
so I can't see the point in reimplementing all of Apache, just because
I want to solve some particular problems which Apache can't handle.

Jacob
--
"You've got to build bypasses!"
.

Relevant Pages

  • Re: Hardening a Solaris system.
    ... > I know files that execute with root permissions by normal users (e.g. ... > I've set up a web server, running Apache, so are thinking about what I ... thing to leave enabled in here might be a backup port. ... there are security steps here. ...
    (comp.unix.solaris)
  • Re: Hardening a Solaris system.
    ... > I know files that execute with root permissions by normal users (e.g. ... > I've set up a web server, running Apache, so are thinking about what I ... thing to leave enabled in here might be a backup port. ... there are security steps here. ...
    (comp.security.unix)
  • Re: Hardening a Solaris system.
    ... > 1024, where it would not be necessary to start it as root, this would ... You can specify which port Apache uses by modifying httpd.conf. ... versions of Apache running (although given that one can modify ...
    (comp.security.unix)
  • Re: Hardening a Solaris system.
    ... > 1024, where it would not be necessary to start it as root, this would ... You can specify which port Apache uses by modifying httpd.conf. ... versions of Apache running (although given that one can modify ...
    (comp.unix.solaris)
  • Hacker problem...Takes down apache?
    ... It seems to be doing *something* to break Apache in an attempt ... When connecting to port 80 on the web server with a web browser a "page ... However sockstat still shows httpd listening on port ...
    (freebsd-questions)