Hi guys,

I've just been given the task of developing and hosting a technical blog for all the sales guys etc within our company. I can either stick it on my domain controller (which I *realy really* don't want to do) or I need to figure out how to do it on a Linux box, with full directory security and about 200 authenticated logins.

Here's the catch. I've installed Apache a grand total of once. Never had any time to do anything more than install it, and now I find that I've got to have it fully secured against external attacks. I don't even know where to begin looking.

If anyone has any suggestions or information, please let me know? I'm more than a little stressed, since they've (apparently) already announced it will be functional tomorrow. As such, please don't reply with stuff like "hahaha! You're screwed" or "just tell them 'no'" because it's just not going to happen. Feel free to add comments like this, but only if you can post some useful info too?

Thanks and regards,
Ges.

will it have external access? or internal only ?

If internal only I'd install RHEL or CentOS and then do apache/php/mysql ( can usually get a suitable combo out of a yum package ). You can use samba/kerberos to do authentication to ADS, that'll give you fileshare via ADS, and can do SSH auth via ADS there too. I believe there's some apache modules to do .htaccess via ADS once kerberos is set up correctly too. Hopefully whatever blogging tools you use will also be able to.

If external I'd refuse to do it in such a short timeline.

You can actually install PHP with IIS. It's not _ideal_ however, if your Linux skill set is not as strong as your windows skills and given that you will need security setup and _worst_ of all you need this done yesterday then I'd recommend it.

Get PHP 5.0 for IIS though, I found anything less than that it's really sucks.

This way, you can also get a module for PHP (LDAP - this comes default with PHP distro however, you will need to enable it in php.ini file). Then you can have authentication interface with your DC (not that you need PHP to run windows to do this BTW) to save from double handling of authentication and users having to remember 2 sets of passwords etc. And of course being on all windows box, your dir security can exactly matched your current requirement.

PHP IIS ISAPI Module
http://au3.php.net/get/php-5.2.1-win32-installer.msi/from/a/mirror

Integrating Active Directory with PHP
http://www.developer.com/lang/php/article.php/3100951

We have successfully deployed our own PHP + W2k3 +IIS6 on both our dev server and client live server (very busy commercial website) so I don't think 200 people will really sweat it. Best of all, 99% of the PHP code, blogs etc will work with this configuration. However, you may need to hack the code a little to get it to work 100% in some instances.

Good luck

Get CentOS/RHEL, install PHP+MYSQL+APACHE and then you can use MediaWiki with LDAP authentication as your blogging type software.

LDAP Authentication

Couple of advantages is that it's a Wiki and Wiki's rock, LDAP auth is handled by the application, no need to mess with Samba/PAM/KRB, Apache config is easy, Wiki provides history tracking of pages and so on.

Thanks for the quick responses guys.. yes, this will be publicly accessible (hence the authenticated logins and directory security). I've been told that the powers that be don't want it tied into AD. Moreover, I can't install it on a windows box, because the only one I have access to (that isn't off-limits for other applications) is my domain controller..

There's no way in hell I'm putting an external website on my PDC.


Basically what it boils down to, is that I'm about to be f***ed sideways with something large and jagged.

php on IIS6 can be painful (I found that the installers php.ini is somehow "corrupt" or something, just copy the recommended ini and edit it.

yes, this will be publicly accessible (hence the authenticated logins and directory security). I've been told that the powers that be don't want it tied into AD.

What I said + OpenLDAP. Stick it all on the one box and you have a working solution with authenticated logins.

And Obes is right, oh so right. When I was at WebCentral I headed up the addition of PHP to the product offering and spent many months installing and configuring PHP on IIS5/6 boxes, it was painful all the way.

gee ges, you'd wanna be on some biiiig money, otherwise i'd be jumping ship right about now...

Thanks Tic,

It will be interesting learning another OS in this timeframe, but that looks like the best solution for it. Currently, my entire linux experience is with Ubuntu.

Now all I need to do is hope that my connection doesn't flake out during the download :)

Cheers,
Ges

Np, there should be a bajillion and one FAQ/HowTos available to do this sort of stuff. The LAMP side of things almost come pre-installed for you so it's just a matter of configuring OpenLDAP, adding objects and then setting up the Wiki software.

gee ges, you'd wanna be on some biiiig money, otherwise i'd be jumping ship right about now...

Sub $50k still :(

Believe me, I'm considering it. :) It's not so much that I don't enjoy the work, but either give me a much longer timeframe or double my salary.

**rest of this post deleted by original poster, for sounding like an idiot** :)

last edited by Gesthemene at 11:13:52 22/Mar/07

I would be demanding your manager sign something taking full responsibility for any problems that could arise because of this system. Otherwise you could end up being the fall guy for someone elses stupid decisions...

However, anyone looking for a network admin? I'm probably worth about $80k, but would consider anything over $55k depending on the position and company ;)

I take what I just said back. If you're worth $80k you shouldn't experience any difficulty installing and securly configuring this system inside of 24 hours, in fact I wonder why you even felt the need to post about such a simple task on QGL.

Eds already suggested that, Stinky :) It's a no-go in this timeframe. :(

Doode sounds like you're about right saying you're f***ed sideways. You cannot be expected to learn and entirely different OS in such short time and to keep it 100% secure. Do what TicMan said, IMO that's a great suggestion.

I take what I just said back. If you're worth $80k you shouldn't experience any difficulty installing and securly configuring this system inside of 24 hours, in fact I wonder why you even felt the need to post about such a simple task on QGL.

Because that figure is based on certain positions I've applied for recently which fall within the scope of what I'm currently doing. This is why there was a "probably" in there :P

Then again, they were more the management aspects of my position, not so much the hardcore admin side. :)

Besides, my skills are in Windows, not Linux (at this stage) :)

Cheers,
Ges

Gesthemene, can you answer a couple of questions first.

1. Do you have a budget?
2. If you can put aside the need to host it immediately, or to learn an OS, could you build the actual blog pages quickly?

Rule of Thumb....get it working, then sort out the other problems later. If you had a temporary hosting option (outside of your company) that gave you the flexibility to use different coding options (php, ASP etc), where all you had to do was upload the files, would that get you out of trouble? You could bring it online quickly, then sort out the local hosting options and transfer it over at a later date. All your boss needs to know is that it is online, people will see it, and you can then develop it as you go. If you need some advice or assistance in the hosting area, let me know.

FB

1. Do you have a budget?

Negative :( No funds, not additional hardware, basically I have to make do with what I've already got.

2. If you can put aside the need to host it immediately, or to learn an OS, could you build the actual blog pages quickly?

Possibly.. At this stage, given the time restrictions, I've got another guy here working on the content. I'm largely expecting him to grab an opensource blogging tool like Movable Type (as an example)

Rule of Thumb....get it working, then sort out the other problems later.

hehehe.. my brother said the same thing, almost verbatim :)

If you had a temporary hosting option (outside of your company) that gave you the flexibility to use different coding options (php, ASP etc), where all you had to do was upload the files, would that get you out of trouble? You could bring it online quickly, then sort out the local hosting options and transfer it over at a later date.

Quite possibly.. but without a budget and authorisation to host it externally, the chances of me getting this approved are non-existent :(

All your boss needs to know is that it is online, people will see it, and you can then develop it as you go. If you need some advice or assistance in the hosting area, let me know.

Unfortunately, my boss is a little more clued in than that. He wants to see the setup etc hosted on our systems at the end of the day. :(

Ok...forget the budget for the time being. If I was able to provide a temporary hosting option, and you were able to get permission to host it externally for a short period of time to get it working.....how would you set your site up?

Do you have a domain for the business? If not, what address were you planning to use for the blog?

I am a host, so I can provide you with a temporary hosting option with ftp access, but it would be short-term (just to give you a little bit extra time to sort things out). Therefore, what I suppose you need to ask yourself, is whether you can get permission to host it externally until you can sort out a local hosting option. If you use MSN or Yahoo, PM your addy and I will add you for instant chat to get us out of the threads.

FB

I would just do a LAMP install of Ubuntu Server.

Well as I know nothing about this sort of thing, all I can do is wish you the best of luck... If you fail I'l shout you a beer at the Paddo some time, if you succeed beers are on you!

Thanks Chits :)

Kinda got it done.. turns out, all the user authentication stuff they needed done couldn't be. Here's a quick outline of the exchange between me and my boss:


Me: "Do you have the list of users who need accounts created?"
Boss: "No, I thought you would have that"
Me: "Umm.. this was YOUR project, you just dumped me in the s*** about it. You need to get this list, 'cos there's no way in hell I'm doing it"
Boss: "oh.. I'll try and push back on the sales guys to do it themselves"
Me: "fine.. screw this for a joke, I'm going home"

*exeunt* (stage left)


The fun thing is, now I've got 2 more (different) projects :P
Still, if nothing else, I got to learn "how to build a web server from scratch inside 7 hours"

Thanks again for everyone's help (and the occasional message to pull my head in/finger out).

Cheers,
Ges.

check out XAMPP as well, but bear in mind its not for publicly accessible internet sites (if you're password protecting it might be ok)