AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
1-May 23:30 UTC
[0.097] 16.077k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[!Cheyenne] Discussions about the Cheyenne Web Server

older
newer		first
last
GrahamC
17-Apr-2011
[9741]
I've been using Cheyenne for personal web server for a few years 
now ... only issue was when user installed it as a service
Dockimbel
17-Apr-2011
[9742]
usual paranoid sysadmin

: If I was a fulltime sysadmin, I would be much more scared to put 
any PHP app online than to run a webserver written in an obscure 
language. ;-)
GrahamC
17-Apr-2011
[9743]
No virus has yet found how to use Cheyenne's mta :)
Dockimbel
17-Apr-2011
[9744x2]
Good to know :-)

Could be a nice selling point.
onetom
17-Apr-2011
[9746x2]
so, doc, an ideas / questions about my scenario? where all the logs 
should go and whether is it possible or necessary to have 1 system-wide 
cheyenne which connects with per-user ones?

(do u seem my private msgs? im not sure what should i see / notice 
when i get a priv msg in altme...)
Dockimbel
17-Apr-2011
[9748x2]
Yes, I have answered to them. You should see my nickname go red.

onetom: I started writing you a reply by email, but it might be easier 
to discuss it there.
Maxim
17-Apr-2011
[9750x2]
onetom... ever since the weird user reset bug which affected altme, 
the very first time anyone ever sends you a personal message, you 
won't be notified... you actually have to click on the group to see 
the message updated  :-(

this is true for each user.
Dockimbel
17-Apr-2011
[9752]
Logs: I must say that I don't like much having all logs under current/, 
which is the webapp root folder. Putting all logs there (especially 
error.log which can contain critical information like user logins 
and password hashes) is bad practice  to me.
onetom
17-Apr-2011
[9753x3]
Maxim: ok, thx. i turned off the dividers and it's great like this

doc: i didnt say current, but current/log/

but in cheyenne's case it could be current/private/log/
Dockimbel
17-Apr-2011
[9756x2]
Yes, everything that is under current/ might be at risk, so better 
avoid putting critical information there.

Same remark for Cheyenne webapp's private/ folder, you shouldn't 
put critical information there.
onetom
17-Apr-2011
[9758x2]
what should go there then and how is it more private than the protected 
area? (is it documented somewhere?)

let's collaborate on a directory structure here: http://piratepad.net/KkvkZ9AtME
Dockimbel
17-Apr-2011
[9760x2]
Those "private" folders are protected from the requests by the webserver, 
but not by the OS. If an attacker finds a way to workaround the server's 
protection, better avoid giving him critical info.

I would say that logs shouldn't have the same user permission than 
the web accounts (prod, stg and devel1 in your example from email).
onetom
17-Apr-2011
[9762x4]
the devel1 should be able to access his own logs

and also should be able to clear them regularly

i always had to put the developers into the adm group so they can 
access the /var/log/apache2/ directory

where they saw a lot more than their interest
Dockimbel
17-Apr-2011
[9766]
Agreed, but you could create per-user sub-folders there?
onetom
17-Apr-2011
[9767x4]
running their own app server (mongrel/thin/unicorn) helped a littlebit, 
but they couldn't easily test what was returned just by the webserver 
from cache / static files

the main problem with my setup was always the autonomity of the users

i had to edit config files when a new user joined the company

and i had to be aware where are they checking out the source of the 
projects they were working on and i also had to assign port numbers 
to them, so i could configure the reverse proxy in apache/nginx to 
connect to their app servers
Dockimbel
17-Apr-2011
[9771x2]
Your need is pretty clear.

You could do the same (reverse proxy/nginx) with Cheyenne instances.
onetom
17-Apr-2011
[9773]
security in such a case is not a big concern (unless the machine 
get rooted :)
Dockimbel
17-Apr-2011
[9774]
Cheyenne just needs to be able to pick the config file from a remote 
folder instead of just current one.
onetom
17-Apr-2011
[9775]
sure, but i would love to get rid of any external component, since 
cheyenne seems to be pretty close being able to cater for such a 
setup
Dockimbel
17-Apr-2011
[9776]
Where would Cheyenne binary be in your scenario?
onetom
17-Apr-2011
[9777x2]
/usr/local/bin/

or sbin
Dockimbel
17-Apr-2011
[9779x3]
then how could Cheyenne know where to look for config file ?

the only way I see is passing the config file path as command-line 
argument, something like:
cheyenne -p 8001 -conf /home/devel1/app/current/

Would such feature cover your needs for user autonomy?
onetom
17-Apr-2011
[9782x5]
if it still looks in the current directory for a httpd.cfg by default, 
then it's not even necessary

cd approot; cheyenne

cheyenne --conf approot

not a big difference

doesnt worth the trouble, i guess
Dockimbel
17-Apr-2011
[9787]
is approot linux specific?
Maxim
17-Apr-2011
[9788]
why not a mod_log  ;-)
Dockimbel
17-Apr-2011
[9789]
might still be needed for MacOS X servers?
onetom
17-Apr-2011
[9790]
by app-root i mean that directory level which cheyenne will never 
try to reach above
older
newer		first
last