Hi, just learning ispconfig, and have a couple of (should be) simple questions. 1. looking at some old screenshots of server services it lists ftp on it's own, the current version doesn't have that, but lists fileserver. I'm assuming that fileserver is now the term it uses for servers running ftp, is this right, or am I missing something? I'm only asking because there doesn't seem to be anything in the installation procedure of ispconfig for choosing which servers do/don't run ftp services, and I'd like to have ftp running separately from my webservers. 2. regarding ssl, I am configuring 8 webservers to run behind haproxy load-balancer, with ssl being terminated at the load-balancer (all certificates will reside on the 2 load-balancers). is there anything I need to do with ispconfig to account for this? 3. every ispconfig server needs MySQL. really? I can understand the load/availability reasoning behind it, but I have 4 large MySQL servers, in a multi-master/slave configuration, with read-write splitting, for all my servers to use. I don't want MySQL servers running everywhere , surely there are options to use a central MySQL server? 4. dns. I'd be installing bind on the two haproxy servers, does ispconfig configure them as master/slave, or I do need to set one as a mirror of the other in the osconfig configuration? if so, I presume I'd have to rsync/scp the zone files over as the mirror server won't create them. I know some of this is probably in the docs, which I am reading through, just have limited time to go through it all right now.
There has nothing been changed in the way services are arranged since ispconfig 3 exists, so either you looked at screenshots of the monitor, which lists services by port and herefor lists ft separately or you looked at screenshots of a different software like ispconfig 2. The fileserver option is the one that enables/disables ftp. The FTP users use and require the directories of the websites and also use the uid's of the website users, so separating them will only work if the server that runs ftp is a mirror server of the web server and the searaion is then done by simply not running apache on the ftp server and not running ftp on the web server without disabling any services in ispconfig. No. you can use one central mysql server, but you have to ensure that each ispconfig instance has its own database and its own ispconfigX mysql user. You should use mirroring in ispconfig. ispconfig will then mirror the zones automatically by writing the zone files on both nodes, it does not use bind master/slave function then.
cool, I think it was ispconfig 2 screenshots. all the website data is on an ocfs2 partition, mounted locally, via iscsi, and replicated using drdb, I was already looking at having the passwd and group file centrally on here and sym-linked to the normal location on each server, so no problem with that. good. hhmm. I was going to ask if the mirrored servers can share a database, but looking closer at the data stored in the ns1 and ns2(ns1 mirror) DB's, it appears the answer is going to be no. so for my setup, I'm looking at 18+ MySQL instances, or 18+ ispconfig db's, replicated across 4 MySQL servers. will have to give this a bit more thought about the best option. yeah, found that in the docs yesterday.
the requirement for the separate databases is that ispconfig processes each config change as a kind of configuration transaction which gets always processed in order. So the database of the node contains exactly the right version of the data to ensure that nothing is mixed up. Example: If you would use a shared database and you would do this: edit the domain name of a website and then delete that domain, both within 1 minute, so the ispconfig process on the slave was not run yet. So in a shared databse, the server job would try to rename the website, but its data in the database is already gone as its a shared database and the interface has removed the data already. On a setup with different databases were ispconfig takes care on data replication and processing, this cant happen as the website gets renamed first and then removed. There is also another point, the slave databases contain only that data that is required for the specific slave, so when a slave would get hacked, the attacker wont get the data of customers of the other nodes. And with a central database, you would have to grant the slaves write permissions on all tables as they need to write data to their database, so if a node gets hacked, the hacker can use that write access to the central database to take over all other nodes.
I run a local mysql-instance on each node and use a db-cluster for the databases for cms or anything else. You can disable innodb on the local-sql and also reduce the servers to 5 (or maybe 2), as long as this is not a mail-server.
