What is the difference between application server and web server?

What are the good ways to set up the production server of a php/mysql based decent website/web-application?

Its already evident that to run the php/mysql based website require to run/Install the minimum - Apache HTTP Server/ Mysql /PHP Interpreter/ PHPMyAdmin on a hosted server e.g. A server from DigitalOcean. I would like to know the answer from an expert/experienced web-master, who hosted decent websites to a server and installed/setup/configured the required things to run the server professionally e.g. MySql/phpmyadmin installed for database. (Other than this - do we need to set up some specific configuration ?, or do we need to install some monitoring tool e.g. nagios etc as well, or do we need to install query-cachce kind of things e.g memcahce) [Similarly what we need to consider on security or http server or whatever we think]
Answer:

I generally run a setup script on my servers once I've installed the OS. I've pulled the most relevant commands to run for this answer. Please note, your choice of OS does matter - these will work on CentOS but not Ubuntu. Any text in curly braces {like this} means you can choose your own value for that part of the command. Assuming you're logged in as root, you'll first want to set a password. Make sure it's strong (at least 20 characters, include symbols, numbers, etc.): passwd Next, add a superuser to perform administrative tasks without being logged in as root: adduser {adminuser} passwd {adminuser} nano /etc/sudoers The sudoers file allows you to specify accounts that can run privileged commands. Add tthis line somewhere in the file: {adminuser} ALL=(ALL) ALL Next, increase the security of your SSH server. Open the settings file: nano /etc/ssh/sshd_config Find and change the following settings to the values below: Port {any number that isn't the default port, like 101} PermitRootLogin no MaxAuthTries 3 UseDNS no AllowUsers {adminuser} Save the file, then restart the SSH service to apply the new settings. If you don't have direct access to the server console, make sure you can log in as {adminuser} before you change the settings. service sshd restart Also, once you've changed the settings, open a new window and connect as {adminuser} using whatever new port number you picked. Cool, now it's time to update the software on your server, and install the necessary packages to run PHP sites: yum update yum install gcc make vsftpd httpd php php php-bcmath php-dba php-devel php-fpm php-gd php-imap php-intl php-ldap php-mbstring php-pecl-apc php-pecl-memcache php-mysql php-process php-pspell php-recode php-snmp php-soap php-tidy php-xml php-xmlrpc php-zts mysql mysql-devel mysql-server openssl sendmail system-config-firewall-tui You'll probably want to be able to upload files via FTP. Update your FTP server config: nano /etc/vsftpd/vsftpd.conf Update and uncomment the following settings: anonymous_enable=NO local_enable=YES chroot_local_user=YES Save the settings, and make sure the FTP server will start up when the server starts: chkconfig vsftpd on service vsftpd restart You may notice we installed a firewall package for the server. Configure it so it only allows the connections needed for a web server: system-config-firewall-tui Make sure the following ports are enabled: HTTP (Port 80) HTTPS (Port 443) SSH (random port we configured earlier) FTP (Port 21) Time for MySQL! PHPMyAdmin introduces unnecessary vulnerabilities, in my opinion. It's better to learn how to run SQL commands. Again, make sure the password for root is strong (AND different from the OS password) chkconfig --levels 235 mysqld on service mysqld start mysql -u root SET PASSWORD FOR 'root'@'localhost' = PASSWORD('{new password}'); SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('{new password}'); SET PASSWORD FOR 'root'@'{server hostname}' = PASSWORD('{new password}'); DROP USER ''@'localhost'; DROP USER ''@'{server hostname}'; exit; We're in the home stretch. Time to set up Apache. As yet another layer of security, we're going to create a new user just to run the web server processes, that doesn't have administrative access to anything. That way, if someone finds a security hole in your website, we can minimize the amount of damage they do and prevent them from taking over the entire server. rpm -Uvh http://repo.webtatic.com/yum/centos/5/latest.rpm yum install --enablerepo=webtatic httpd-itk service httpd stop nano /etc/sysconfig/httpd Add the following line to the config file: HTTPD=/usr/sbin/httpd.itk Edit this other config file: nano /etc/httpd/conf/httpd.conf Make sure the following lines are uncommented: ServerTokens prod NameVirtualHost *:80 Add the following line to Section 3 of the same config file: Include httpd-vhosts.conf Save and exit. Now we're going to add a virtual host and limited user to run it with: useradd {webuser} passwd {webuser} useradd -s /sbin/nologin vhost-{webuser} mkdir /home/{webuser}/public_html mkdir /etc/httpd/logs/{website domain} chown {webuser}:vhost-{webuser} /home/{webuser}/public_html chmod 751 /home/{webuser} chmod o-rwx /etc/httpd/logs/{website domain} chown {webuser}:vhost-{webuser} /etc/httpd/logs/{website domain} chmod o-rwx /etc/httpd/logs/{website domain} ln -s /home/{webuser}/public_html /var/www/html/{website domain} touch /etc/httpd/conf/httpd-vhosts.conf nano /etc/httpd/conf/httpd-vhosts.conf In this config file, you'll want to add a separate virtual host for each website you want to run. Here's the basic template to add: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/html/{website domain}" <Directory "/var/www/html/{website domain}"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory> <IfModule mpm_itk_module> AssignUserId vhost-{web user} vhost-{web user} </IfModule> ServerName {website domain} ServerAlias www.{website domain} ErrorLog "logs/{website domain}/error_log" CustomLog "logs/{website domain}/access_log" common </VirtualHost> And now... everything should just work. Make sure when uploading files via FTP, you're using the limited {webuser} account, so they have proper permissions. This doesn't cover adding a MySQL user/DB or setting up an SSL certificate, or backups. It also assumes that you JUST want to use this server for web hosting and will handle email and DNS elsewhere (which is probably a good practice anyways. You don't want this server to be the single point of failure for your entire business.) As far as monitoring (Nagios) and performance (memcached), it's really up to you. They're not required per se, but probably a good idea for peace of mind and optimized page loading. Hope that helps!

Was this solution helpful to you?

Other answers

I don't know if there is a standard way of setting up a production server. I am just sharing what I do for my customers and also to ensure the highest uptime for their Web application. I have only recently started using Amazon AWS, my production sites are hosted on a EC2 machine with the standard LAMP installed with the required modules for the web applications. All ports are firewalled except for 80, obviously to host the applications. Periodic backup using tar was uploaded to S3 and archived to Glacier after a period such as 30 days. I also used nagios to monitor the web server to periodically check for acceptable web response and MySQL query response.

Kong Jin Jie

I know it drives people crazy to hear this... but it really does matter exactly what you are doing with it. It matters what you are allowed to do by the your host... is it a virtual box or a real box? You'll probably need email. If you don't set it up on a fully functional domain... i.e. reversing correctly and all that... you'll need to arrange to relay it somewhere. What kind of traffic do you anticipate? I would tail the logs. I'm sure I can think of some more stuff... but... *shrug* Make it a point to shut down any port you aren't suing. Turn off FTP... Telnet... for sure. Use ssh.

Max Jones

Related Q & A:

How do I set up windows 03 server as a server?Best solution by Yahoo! Answers
What are some good ways for 11 year olds to earn money?Best solution by Yahoo! Answers
What are some good ways to gain confidence?Best solution by Quora
What are some good ways to advertise a business?Best solution by ChaCha
What are some good ways to make money fast without a job?Best solution by Quora

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.