- Joined
- Jul 29, 2007
- Messages
- 134
- Reaction score
- 301
Over the many years of developing WebEngine CMS for MuOnline servers one of my primary goals when dealing with clients was to make sure they stopped using XAMPP for their production websites and moved to Linux.
WebEngine CMS is a hobby for me, coding a couple of hours a day on a project I started many years ago helps me strengthen my programming skills and clears my mind. Slowly but steadily every day I am getting closer to achieving my goal with my project, which is to create a CMS and micro-framework that is easy to install, rich in features for experienced and non-experienced coders, reliable and fast website for Mu servers.
Through the years, many people have asked me why I don’t give full support to those running the CMS in Windows, specifically XAMPP. The reason is very simple, quoting directly from XAMPP’s Wikipedia page and their website:
XAMPP is meant to be used as a development tool, not intended to be used for production websites! This statement comes directly from XAMPP’s website, Wikipedia’s page and from many other programming/development websites where people have asked about it.
Fact is, it is completely possible to make XAMPP a fully secured platform for production websites, but it’s a complete loss of time as you would have to do it every time you needed to upgrade your web services. While I understand that using it in the same server where you have your MuOnline server helps you save a few bucks by not having to pay for a web hosting account or VPS, in the long-term you are putting your server at risk.
Having your website in the same server as your MuOnline server is probably the worst idea ever. No matter how good and secure any website is, you should always consider it to be an open door for hackers to come in and mess up with your server and database, so always keep an eye on it and monitor as much as you can. By hosting your website in an external server you can easily block all its access to your database in case of emergency, plus if some kid decides to DDoS your site, it’s only your site that will go down and not your entire server. While it is possible to target the attack to your servers directly, most of the times these attacks are targeted at your website.
So, what alternative do I recommend?
My primary recommendation is to get a VPS and install the web services you need individually. Some of you might think this is way too difficult, but with little practice you can master it in no time. Cost wise, you can find VPS providers for insanely cheap and with excellent infrastructure, such an example would be RamNode with VPS servers starting from $5 dollars a month. By using a VPS you are in full control over all the services installed in your webserver, this translates to better security and performance.
Now, you might think that having to manage every aspect of the VPS through SSH with commands is just something you don’t want to deal with, well, there are plenty of system administration interfaces for Unix out there, the one I always use and recommend is Webmin. With Webmin you can fully manage your server through a super clean and simple interface, do all the necessary monitoring to keep your websites safe at all times.
If you just don’t want to deal with commands and stuff you can always go for a web hosting (shared) account that will allow you to connect to your database through port 1433 remotely, which most if not all of the hosts out there allow it if you just nicely ask them to whitelist your server IP.
Lastly, if you are not familiarized with how all this web stuff works then create a virtual machine using software like VirtualBox and get yourself a copy of CentOS 7 and try installing a production server. This is great for practicing and making sure everything works the way you want it to. Heck, even installing Apache and PHP individually in windows will be better than going with XAMPP in case you totally don’t want to go with Linux.
The point of this little essay of mine is to enlighten you to go for the better options out there. In my opinion, what makes a server fail is the lack of dedication. And if you’re just in no way capable of properly managing your web services then get someone who can, someone you can trust will do a quality work for you and not just do it for a quick buck.
I hope this helps you with your future projects!
Resources:
VirtualBox
CentOS (VirtualBox ready)
Webmin Installation:
Installing Apache & PHP:
ConfigServer Security & Firewall Installation:
SELinux Rewrite Permissions:
SELinux Allow HTTPD Network Connect:
CentOS 7 Opening a Firewall Port:
Webmin Virtual Hosts Tutorial:
Services:
RamNode:
IntoVPS:
NFO Servers:
CrocWeb (shared-hosting):
SoftSysHosting (shared, vps):
References:
WebEngine CMS is a hobby for me, coding a couple of hours a day on a project I started many years ago helps me strengthen my programming skills and clears my mind. Slowly but steadily every day I am getting closer to achieving my goal with my project, which is to create a CMS and micro-framework that is easy to install, rich in features for experienced and non-experienced coders, reliable and fast website for Mu servers.
Through the years, many people have asked me why I don’t give full support to those running the CMS in Windows, specifically XAMPP. The reason is very simple, quoting directly from XAMPP’s Wikipedia page and their website:
Officially, XAMPP's designers intended it for use only as a development tool, to allow website designers and programmers to test their work on their own computers without any access to the Internet. To make this as easy as possible, many important security features are disabled by default. XAMPP has the ability to serve web pages on the World Wide Web. A special tool is provided to password-protect the most important parts of the package. –Wikipedia
XAMPP is not meant for production use but only for development environments. XAMPP is configured to be open as possible to allow the developer anything he/she wants. For development environments, this is great but in a production environment, it could be fatal. –Apachefriends
XAMPP is meant to be used as a development tool, not intended to be used for production websites! This statement comes directly from XAMPP’s website, Wikipedia’s page and from many other programming/development websites where people have asked about it.
Fact is, it is completely possible to make XAMPP a fully secured platform for production websites, but it’s a complete loss of time as you would have to do it every time you needed to upgrade your web services. While I understand that using it in the same server where you have your MuOnline server helps you save a few bucks by not having to pay for a web hosting account or VPS, in the long-term you are putting your server at risk.
Having your website in the same server as your MuOnline server is probably the worst idea ever. No matter how good and secure any website is, you should always consider it to be an open door for hackers to come in and mess up with your server and database, so always keep an eye on it and monitor as much as you can. By hosting your website in an external server you can easily block all its access to your database in case of emergency, plus if some kid decides to DDoS your site, it’s only your site that will go down and not your entire server. While it is possible to target the attack to your servers directly, most of the times these attacks are targeted at your website.
So, what alternative do I recommend?
My primary recommendation is to get a VPS and install the web services you need individually. Some of you might think this is way too difficult, but with little practice you can master it in no time. Cost wise, you can find VPS providers for insanely cheap and with excellent infrastructure, such an example would be RamNode with VPS servers starting from $5 dollars a month. By using a VPS you are in full control over all the services installed in your webserver, this translates to better security and performance.
Now, you might think that having to manage every aspect of the VPS through SSH with commands is just something you don’t want to deal with, well, there are plenty of system administration interfaces for Unix out there, the one I always use and recommend is Webmin. With Webmin you can fully manage your server through a super clean and simple interface, do all the necessary monitoring to keep your websites safe at all times.
If you just don’t want to deal with commands and stuff you can always go for a web hosting (shared) account that will allow you to connect to your database through port 1433 remotely, which most if not all of the hosts out there allow it if you just nicely ask them to whitelist your server IP.
Lastly, if you are not familiarized with how all this web stuff works then create a virtual machine using software like VirtualBox and get yourself a copy of CentOS 7 and try installing a production server. This is great for practicing and making sure everything works the way you want it to. Heck, even installing Apache and PHP individually in windows will be better than going with XAMPP in case you totally don’t want to go with Linux.
The point of this little essay of mine is to enlighten you to go for the better options out there. In my opinion, what makes a server fail is the lack of dedication. And if you’re just in no way capable of properly managing your web services then get someone who can, someone you can trust will do a quality work for you and not just do it for a quick buck.
I hope this helps you with your future projects!
Resources:
VirtualBox
You must be registered to see links
CentOS (VirtualBox ready)
You must be registered to see links
Webmin Installation:
You must be registered to see links
Installing Apache & PHP:
You must be registered to see links
ConfigServer Security & Firewall Installation:
You must be registered to see links
SELinux Rewrite Permissions:
You must be registered to see links
SELinux Allow HTTPD Network Connect:
You must be registered to see links
CentOS 7 Opening a Firewall Port:
You must be registered to see links
Webmin Virtual Hosts Tutorial:
You must be registered to see links
Services:
RamNode:
You must be registered to see links
IntoVPS:
You must be registered to see links
NFO Servers:
You must be registered to see links
CrocWeb (shared-hosting):
You must be registered to see links
SoftSysHosting (shared, vps):
You must be registered to see links
References:
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
-
You must be registered to see links
Last edited: