DreamHost’s Private Servers Finally Rooted
It's taken me over 4 years, but I am finally running things on DreamHost Servers as root! (well, sudo admin/root in an selinux chroot-like PS). Coming from a security background, you can bet I have put the DreamHost Private Virtual Servers to the test to get a grasp on if they are easy prey. It's interesting because the company was started by some super-computer-nerds at least in terms of they were using and learning Unix-based systems way back when, so although there is quite a lot, shall we say "marketing" that goes on at DH.. a few of the admins over there know what they are doing.
What can you Do?
With an admin user you can go in and modify the httpd.conf files for your websites. You can reinstall the whole php and apache from source code for a truly optimized setup. However that is not recommended, if you make even a small mistake as root, your only fall-back is to reset the whole server to a saved state. But if you are familiar with compiling software from source code, and are familiar with debian linux, go for it.
I just logged in today for the first time and installed alot of my favorite stuff, I also recompiled php5.3.0, and dozens of other programs.
SUDO
A symbol of the confidence they are slowly gaining with their Private Server setup is that they are now beta testing allowing a PS Admin like me to join the sudoers and let's me have almost full root access on the machine.
After all these years, I finally got my hands on the httpd.conf files, mod_security configurations, and most any other file I want. It's a virtual setup and is a marked step-up from their initial PS release, which was basically just the same non-aggressive system that shared-host users enjoy for a fraction of the cost.
Now, I am currently running archlinux on my other laptop, OpenBSD on an ancient Dell, Gentoo on my work PC, and Debian/BackTrack on my other main system, so setting up software and server environments is constantly going on here.. THAT is what I look for in a webhost, is the configuration of their underlying system.. DreamHost PS still has a longggg way to go before it's on par with more expensive offerings, but it sure has been fun taking control of my own server and its 150+ websites.
Reboot and Reset
There's always a chance that your private server will become unresponsive. Usually, upping your resources will help. If it's still not working though, a quick reboot should save the day! And, unlike with regular shared hosting, you don't even have to contact support to get your server rebooted! Do it right from this panel and within about 30 seconds everything should be back up and happily under control!
If you've damaged your private server configuration with your admin user, you can also reset the server to its DreamHost-approved configuration. The reset process can take up to an hour, and your private server and web site will not be available until it is done.
Admin Users
An Admin User is given full root access to the Private Server via the 'sudo' command. If you do not know what that is, you should not be using this function.
The DreamHost Account Control Panel system automatically generates many of the server's configuration files and any changes you make may be overwritten without proper setup.
To make changes to a part of your private server that is managed by the Panel, you must turn off management (you can only do this if you've already created an admin user) for that part of the server. Otherwise, your changes may be overwritten by the Panel as it generates configuration files for your server.
Configure Server
We want your DreamHost PS experience to be as well-suited to your individual needs as possible. Here you can manage some of the settings for your server to make it fit you just so. As time goes on we will be providing you even more flexible options, too.
Server Management
When you make changes here, the DreamHost Account Control Panel system automatically generates the correct configuration files for your Private Server. This means that any changes made to certain configuration files by an Admin User may be overwritten by the Panel unless you turn off DreamHost management for the correct services.
If you turn off DreamHost management for a service, you can make changes to the configuration files for that service without worrying that those changes might be overwritten. However, this means that you can no longer modify those services from the panel.
For each unmanaged service, the Control Panel will instead generate configuration files with the suffix ".dreamhost-example" appended to the filename.
Finally, be aware that this is a beta service and may not work entirely as you expect. Please contact support with any bugs or suggestions.
All of these settings can only be applied to the entire server and can not be set on a per user or per website basis. Have at it!
Mongrel and Proxy Settings
From here you can create Mongrel application servers to host your Ruby web applications, including Ruby on Rails. When you create a Mongrel server, an appropriate proxy server is automatically created and configured for you.
You can also configure proxy server ports so you can hook your website up to standalone daemons you run yourself. The proxy is automatically also set up for the ssl version of a domain if it exists. You can use this to pass requests for specific parts of your website to standalone daemons you set up yourself. You might want to pass requests to application specific daemons such as CherryPy or Tomcat, or more general daemons such as Lighttpd or Nginx.
#!/bin/bash function v_err(){ echo $'a'; local s; echo -en "n [ ${1:-Press any key to continue} ]n" >$SSH_TTY; read -n 1 s; } function v_ins(){./configure --prefix=$ASKAPACHE $* && colormake -j3 && colormake install || v_err; echo -en "a";} function v_ext(){ case $1 in *.tar.bz2)tar xjf $1;;*.tar.gz)tar xzf $1;;*.tar)tar xf $1;;*.tbz2)tar xjf $1;;*.tgz)tar xzf $1;; *.bz2)bunzip2 $1;;*.rar)unrar x $1;;*.gz)gunzip $1;;*.zip)unzip $1;;*.Z)uncompress $1;;*.7z)7z x $1;;*)v_err;; esac; } function vg(){ echo $1 && cd $ASKAPACHE/source local FB=`echo -n $1 | sed -e 's/^.*/([^/]{3,})$/1/g' -e 's/().(zip|7|tbz2|rar|7z|Z|gz|tgz|tar|bz|bz2|tar|tar.gz|tar.bz|tar.bz2)$/1/g'`; curl -e 'http://sourceforge.net/' -L -f -A 'Mozilla/5.0' --compressed -m 400 -o "$FBTO" --url "$1" || echo "CURL FAILED for $1"; v_ext $ASKAPACHE/dist/`echo -n $1 | sed -e 's/^.*/([^/]{4,})$/1/g'` cd $ASKAPACHE/source/`echo -n $FB | sed -e 's/^([^/]{4}).*/1/g'`* || echo "EXTRACTING FAILED for $1"; cd $OLDPWD && echo $1 } ( unset LDFLAGS;unset CPPFLAGS;unset LD_LIBRARY_PATH ) &>/dev/null export ASKAPACHE=$HOME/opt mkdir -pv $ASKAPACHE/{source,dist,bin,lib,include} && cd $ASKAPACHE export LD_LIBRARY_PATH=$ASKAPACHE:$ASKAPACHE/lib:$LD_LIBRARY_PATH vg ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.13.tar.gz && v_ins vg ftp://ftp.gnu.org/pub/gnu/autoconf/autoconf-2.64.tar.gz && v_ins vg ftp://alpha.gnu.org/pub/gnu/libidn/libidn-1.15.tar.gz && v_ins vg ftp://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz && v_ins "--enable-extra-encodings" vg http://www.openssl.org/source/openssl-0.9.8l.tar.gz && ./config --prefix=$ASKAPACHE && make && make install vg http://www.bzip.org/1.0.5/bzip2-1.0.5.tar.gz && make install PREFIX=$ASKAPACHE vg http://www.zlib.net/zlib-1.2.3.tar.gz && v_ins "--shared" vg http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz && v_ins vg http://www.lzop.org/download/lzop-1.02rc1.tar.gz && v_ins vg http://cdnetworks-us-1.dl.sourceforge.net/project/p7zip/p7zip/9.04/p7zip_9.04_src_all.tar.bz2 && v_ins vg http://tukaani.org/xz/xz-4.999.9beta.tar.gz && v_ins vg ftp://xmlsoft.org/libxml2/libxml2-2.7.6.tar.gz && v_ins "--with-iconv=$ASKAPACHE" vg ftp://xmlsoft.org/libxml2/libxslt-1.1.26.tar.gz && v_ins "--with-libxml-prefix=${ASKAPACHE} --with-libxml-include-prefix=${ASKAPACHE}/include --with-libxml-libs-prefix=${ASKAPACHE}/lib" vg http://downloads.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.gz && v_ins "--disable-posix-threads" && cd $ASKAPACHE/source/libmcrypt*/libltdl* && v_ins "--enable-ltdl-install" vg http://softlayer.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz && v_ins vg http://cdnetworks-us-2.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz && v_ins vg http://iweb.dl.sourceforge.net/project/freetype/freetype2/2.3.11/freetype-2.3.11.tar.gz && v_ins vg ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.7.tar.gz && v_ins vg ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.9.tar.gz && v_ins vg ftp://ftp.gnu.org/pub/gnu/gnutls/libtasn1-2.2.tar.gz && v_ins vg http://www.ijg.org/files/jpegsrc.v7.tar.gz && v_ins vg http://cdnetworks-us-1.dl.sourceforge.net/project/libpng/00-libpng-stable/1.2.40/libpng-1.2.40.tar.gz && v_ins vg http://cdnetworks-us-2.dl.sourceforge.net/aria2/files/stable/latest/aria2-1.6.3.tar.bz2 && v_ins vg http://www.libgd.org/releases/gd-2.0.36RC1.tar.gz && v_ins "--with-libiconv-prefix=${ASKAPACHE} --with-freetype=${ASKAPACHE} --with-jpeg=${ASKAPACHE} --with-png=${ASKAPACHE}" vg http://c-ares.haxx.se/c-ares-1.6.0.tar.gz && v_ins vg http://curl.haxx.se/download/curl-7.19.7.tar.gz && v_ins "--with-ssl --with-zlib=$ASKAPACHE --with-libidn=$ASKAPACHE --disable-ldap --disable-ldaps --disable-dict --disable-telnet --disable-tftp --enable-ares=$ASKAPACHE --enable-cookies --enable-crypto-auth" vg http://us3.php.net/distributions/php-5.3.0.tar.gz && ./configure --help cd $ASKAPACHE/source/php-5.3.0 && ./configure --help #now I run the other script, since this step gets repeated alot exit 0
« Htaccess Rewrites for Moving UrlsPirateBay and Anonymous SOPA Press Releases »
Comments