Support

gkulewski · #1 09-14-2008, 06:18 AM

Hello,

I would be glad to see one nice feature (mainly) for those running shared hosting environments.

The goal is to run whole httpd process with UID and GID of the user owning the content. Not only suEXEC and similar hacks. That way user does not have to give additional permissions and the whole setup should be much more secure.

Implementation? I guess main process running under some global user plus "spawner" process running as root plus (max) one process per user (that only exists when it is needed). The global process receives connection and transparently proxies it (preferably via UNIX socket) to the user process (based for example on virtual host or path) that is spawned by "spawner" if it does not exist. IMHO implementation should be rather simple if you have all the rest.

Also, Gentoo ebuild/overlay would be nice. And of course open sourcing the free edition would be even nicer!

Not speaking about some price reduction of paid versions since my hosting in Poland is too small to afford paid version in it's current state. Especially that it is spread into several VPSes over several servers. Maybe some day when it will get bigger... But I am not sure, especially with the level of competition on current hosting market you must cut the prices not make them bigger. But anyway - there are customers who are big enough to pay and there are many small who simply don't have that big revenues. Giving them the free version for free makes your product well tested, well known and better.

Thanks!

mistwang · #2 09-15-2008, 07:16 AM

Thank you for the suggestion.

LSWS' architecture is a single process event-driven non-blocking server for the maximum performance and scalabilities, what you described cannot apply. suEXEC should be good enough as we only need to worry about the security of CGI script, for static content it should be fine to be served from one process.

Our VPS pricing is very affordable, should be affordable for even small hosting companies, and the benefits should be worth a lot more than what being paid. Our past experiences tell us that offering something free will not help much.

gkulewski · #3 09-15-2008, 09:00 AM

Quote:

Originally Posted by mistwang

Thank you for the suggestion.

LSWS' architecture is a single process event-driven non-blocking server for the maximum performance and scalabilities, what you described cannot apply.

I am using similar setup I described right now with lighttpd (also event driven and single process) and it works very well. The only problem is that lighttpd does not have all the features you have and that this setup (proxy) is configured by hand statically not automatically. But I am sure (I am professional Linux system programmer so I know what I am talking about) that it is technically possible to implement the spawner to be automatic and transparent and to kill/die processes for users not currently needed.

Also I tested that processing the request two times instead of one (the first pass to proxy it, the second to serve) does not increase latency or decrease performance too much.

mistwang · #4 09-15-2008, 09:47 AM

What you want is in the mind of event-driven and perfork server, it has serious scalability issue, imagine when you want to put 2000 accounts on one server, there is going to be too many processes, and forking processes frequently is not a good idea either.

We will stick with our current architecture, on the security side, you only need to have all static content readable by the user ID that web server run as, you can even use role based security, no need to worry about User/Group that own the document root of each web site.

gkulewski · #5 09-15-2008, 10:23 AM

Quote:

Originally Posted by mistwang

What you want is in the mind of event-driven and perfork server, it has serious scalability issue, imagine when you want to put 2000 accounts on one server, there is going to be too many processes, and forking processes frequently is not a good idea either.

If we have 2000 active accounts at once (during say 1-2 minute window) then we are going to die even with suEXEC and only way to survive is to disable all such features.

But on typical hosting we may have 2000 accounts but we have say 20 active during one time. If so we can enable suEXEC or my idea and selectively spawn and kill processes when needed (still max is one httpd per user).

I don't know how big lsws process is but lighttpd is < 1MB of RAM. And PHP with accelerator is usually between 5MB and 50MB. So I would say if you can do suPHP then you can do suHTTPD as well.

But I accept your decision to stay with your current architecture.

mistwang · #6 09-15-2008, 11:06 AM

suHTTPD need a httpd process for serving static contents, and need to start twice amount of processes even for pure PHP dynamic content comparing suPHP. It is a pretty big scalability issue.

I think your lighttpd solution may not able to go beyond couple hundred accounts.