adventures in free software
Geek heavy post: ignore freely.
In screwing around with my colocated server running OpenBSD, things have come along quite nicely. I've got postfix and dovecot working together to send, receive, and make available mail (all encrypted via SSL or TLS, and for the most part run as unprivileged users in a chroot environment). I'm putting OpenBSD's spamd grey- and black-listing to good use cutting down spam, and I've even got a FastCGI Perl program I wrote running so that my three or so users can easily change their mail password without having a shell account (that page is also SSL-encrypted). I keep meaning to put the code up for others to see... soon, surely.
Speaking of FastCGI, I've got a web server set up I'm pretty proud of. The straight up socket connectivity, SSL negotiation, etc. is handled by lighttpd, which runs in a chroot environment and talks via TCP to various other FastCGI processes. With the exception mentioned above, that's currently a bunch of PHP instances, all in their own chroot environment specific to their hosted domain and running as a user specific to that domain.
Finally, I've got a fairly standard and uninteresting install of PostgreSQL providing a database back-end.
On top of that groundwork I'm running phpBB2 for my brother, a Serendipity blog, RoundCube web mail, and phpPgAdmin to ease database administration. It's been a bit of work finding web applications that support PostgreSQL, but I don't particularly want to run MySQL. So far it's been worth it; I chose Serendipity almost entirely based on the fact that Word Press doesn't support PostgreSQL, and it turns out that in general I prefer s9y to WP anyway.
Finally, I've gotten to the point where I don't have a very good feel for how loaded the system is, what will happen if my blog gets more popular, that kind of thing. So now I'm looking into Zabbix for real-time monitoring (as jeramey recommended), again in part because the most common real-time monitoring system - Cacti - only supports MySQL. I'm also using
All that software, provided for free, letting me do whatever I want... that's pretty cool. I can't really imagine how much it would cost to use commercial software for all those parts. It's also given me the freedom to hack when needed; at pretty much every point along the way I've had to make minor changes and patches to make everything work the way I want.
For lighttpd's spawn-fcgi, I got a reliance on bash in the chroot removed (although someone else wrote the code, I highlighted the problem). I wrote a new markup plugin for Serendipity based on HTML Purifier that lets comments have 'safe' HTML, helped fix a "pretty URL" bug, and improved the LiveJournal importer to import comments (specifically, using the XML generated by jbackup.pl.
Now, for Zabbix, I'm contributing to the brand new OpenBSD port, created literally a few days before I decided to look at Zabbix. As it exists at the time of this writing, I've contributed one (non-security-related) buffer overflow fix, and I'm working on making the port support MySQL or PostgreSQL flavors (right now there are no flavors, only MySQL support). I intended to include SQLite3 in that list, but the web front-end to Zabbix appears to use the "alpha-quality" php-sqlite3 library and not the PHP.net-supported (and pre-existing OpenBSD port) SQLite3 PDO driver.
It's been fun getting to this point, a weird mix of C, PHP, and systems administration. It also hasn't been fast; this has been stuff I've worked on in my spare time over the last year at least - maybe more.
In screwing around with my colocated server running OpenBSD, things have come along quite nicely. I've got postfix and dovecot working together to send, receive, and make available mail (all encrypted via SSL or TLS, and for the most part run as unprivileged users in a chroot environment). I'm putting OpenBSD's spamd grey- and black-listing to good use cutting down spam, and I've even got a FastCGI Perl program I wrote running so that my three or so users can easily change their mail password without having a shell account (that page is also SSL-encrypted). I keep meaning to put the code up for others to see... soon, surely.
Speaking of FastCGI, I've got a web server set up I'm pretty proud of. The straight up socket connectivity, SSL negotiation, etc. is handled by lighttpd, which runs in a chroot environment and talks via TCP to various other FastCGI processes. With the exception mentioned above, that's currently a bunch of PHP instances, all in their own chroot environment specific to their hosted domain and running as a user specific to that domain.
Finally, I've got a fairly standard and uninteresting install of PostgreSQL providing a database back-end.
On top of that groundwork I'm running phpBB2 for my brother, a Serendipity blog, RoundCube web mail, and phpPgAdmin to ease database administration. It's been a bit of work finding web applications that support PostgreSQL, but I don't particularly want to run MySQL. So far it's been worth it; I chose Serendipity almost entirely based on the fact that Word Press doesn't support PostgreSQL, and it turns out that in general I prefer s9y to WP anyway.
Finally, I've gotten to the point where I don't have a very good feel for how loaded the system is, what will happen if my blog gets more popular, that kind of thing. So now I'm looking into Zabbix for real-time monitoring (as jeramey recommended), again in part because the most common real-time monitoring system - Cacti - only supports MySQL. I'm also using
All that software, provided for free, letting me do whatever I want... that's pretty cool. I can't really imagine how much it would cost to use commercial software for all those parts. It's also given me the freedom to hack when needed; at pretty much every point along the way I've had to make minor changes and patches to make everything work the way I want.
For lighttpd's spawn-fcgi, I got a reliance on bash in the chroot removed (although someone else wrote the code, I highlighted the problem). I wrote a new markup plugin for Serendipity based on HTML Purifier that lets comments have 'safe' HTML, helped fix a "pretty URL" bug, and improved the LiveJournal importer to import comments (specifically, using the XML generated by jbackup.pl.
Now, for Zabbix, I'm contributing to the brand new OpenBSD port, created literally a few days before I decided to look at Zabbix. As it exists at the time of this writing, I've contributed one (non-security-related) buffer overflow fix, and I'm working on making the port support MySQL or PostgreSQL flavors (right now there are no flavors, only MySQL support). I intended to include SQLite3 in that list, but the web front-end to Zabbix appears to use the "alpha-quality" php-sqlite3 library and not the PHP.net-supported (and pre-existing OpenBSD port) SQLite3 PDO driver.
It's been fun getting to this point, a weird mix of C, PHP, and systems administration. It also hasn't been fast; this has been stuff I've worked on in my spare time over the last year at least - maybe more.