If there is a limit on the number of ports one machine can have and a socket can only bind to an unused port number, how do servers experiencing extremely high amounts (more than the max port number) of requests handle this? Is it just done by making the system distributed, i.e., many servers on many machines?
This is a Canonical Question about File Permissions on a Linux web server.
I have a Linux web server running Apache2 that hosts several websites. Each website has its own folder in /var/www/.
/var/www/contoso.com/
/var/www/contoso.net/
/var/www/fabrikam.com/
The base directory /var/www/ is owned by root:root. Apache is running as www-data:www-data. The Fabrikam website is maintained by two developers, Alice and Bob. Both Contoso websites are maintained by one developer, Eve. All websites allow users to upload images. If a website is compromised, the impact should be as limited as possible.
I want to know the best way to set up permissions so that Apache can serve the content, the website is secure from attacks, and the developers can still make changes. One of the websites is structured like this:
/var/www/fabrikam.com
/cache
/modules
/styles
/uploads
/index.php
How should the permissions be set on these directories and files? I read somewhere that you should never use 777 permissions on a website, but I don't understand what problems that could cause. During busy periods, the website automatically caches some pages and stores the results in the cache folder. All of the content submitted by website visitors is saved to the uploads folder.
This is a canonical question about capacity planning for web sites.
Related:
What are some recommended tools and methods of capacity planning for web sites and web-applications?
Please feel free to describe different tools and techniques for different web-servers, frameworks, etc., as well as best-practices that apply to web servers in general.
Lately, we've become aware of a TCP connection issue that is mostly limited to mac and Linux users who browse our websites.
From the user perspective, it presents itself as a really long connection time to our websites (>11 seconds).
We've managed to track down the technical signature of this problem, but can't figure out why it is happening or how to fix it.
Basically, what is happening is that the client's machine is sending the SYN packet to establish the TCP connection and the web server receives it, but does not respond with the SYN/ACK packet. After the client has sent many SYN packets, the server finally responds with a SYN/ACK packet and everything is fine for the remainder of the connection.
And, of course, the kicker to the problem: it is intermittent and does not happen all the time (though it does happen between 10-30% of the time)
We are using Fedora 12 Linux as the OS and Nginx as the web server.
Screenshot of wireshark analysis
Update:
Turning off window scaling on the client stopped the issue from happening. Now I just need a server side resolution (we can't make all the clients do this) :)
Final Update:
The solution was to turn off both TCP window scaling and TCP timestamps on our servers that are accessible to the public.
This is a Canonical Question about DNS/Hostnames resolution to IPs/Ports
Example 1
I'm running a web server on port 80 and another on port 87. I would like to use DNS so that www.example.com goes to port 87. How can I accomplish this using DNS only?
Example 2
I'm running a service on my server on a non-standard port. How can I get clients to connect to this non-standard port automatically? Can I use DNS? Is there some application specific support where DNS could indicate the IP and Port?
Example 3
Do some application protocols specifically support hostname awareness, and allow special actions to be taken based on this information? Are there other questions on Server Fault that cover some of these?
Commandeering: This question was originally asking about running IIS and Apache on the same server, but the same concepts can be applied to any server software receiving connections from clients. The Answers below describe the technical problems and solutions of using DNS and application protocol support to assign a port number for a client to connect.