Hi all,<p>I have a website currently running on a shared hosting and it starts getting traffic and with the iphone app connected for push notification the server starts to be slow, for info it's running wordpress with a bunch of plugins that are hitting heavily the data base and I already use a plugin for caching. In terms of visit it's about 100k unique visitor a month and 800 iphone app user after 2 days in the app store.<p>So since I plan other web related project I was looking into a private server http://www.online.net/serveur-dedie/comparatif-serveur-dedie-start-dell.xhtml probably the one for 40 bucks a month since it supports VT and I want to use openvz and here are my concerns.<p>For security purposes I was thinking of doing the following:
- 1 container/website each container using their own apache/sql/php stack so in case one gets compromised it's contained.
where each container has it's own ip accessible from outside (using the failover ip's provided).
And basic iptable rules (ssh allowed only from a given IP ...)<p>But for there, how do you manage patches and security updates? Are you all simply using a crontab with apt-get update (or emerge update world depending on the distro you use) ?
I ask this because long time ago this update mechanism broke my distro.<p>Anyway I'd like to know what are your security practice for such environment.<p>Thanks a lot !
We just used an openvz environment in one of our deployments. My system administrator is using a combination of puppet and yum (using the hardware node as the main repository for the ovz containers) to facilitate updates and other simultaneous maintenance tasks.