Updating web server (apache) in a DMZ

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMplug-discuss@lists.plug.phoenix.az.us at <-
Bill Jonas at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Thomas Cameron
Date:  
Subject: Updating web server (apache) in a DMZ
----- Original Message -----
From: <>
To: <>
Sent: Monday, September 08, 2003 11:25 AM
Subject: Updating web server (apache) in a DMZ


> What is the best way to update a web server securely in a DMZ?

Loaded question. As 10 sysadmins, you'll get 10 "best" answers. ;-)

> I think this could be done throught iptables/host.allow/hosts.deny to only
allow a particular host to talk to that webserver.

I would use iptables.

> Does anyone have any insight on the best way to keep a webserver secure in
a DMZ while still being able to easily
> update it? Would a staging server running apache be good as the allowed
host, so on this staging server it would
> be tested one last time and then sent on to the live server?

That's exactly how I do it for one of my clients. We use rsync over ssh:

rsync -e ssh --delete -uvr stagingserver:/path/to/files
targetserver:/path/to/files

> Would a recieve only cable be a good idea so the server on a seperate nic
would have a cable where it could recieve only recieve the updated files
and then implement them?

> Does anyone know a good place to buy or intructions on making a recieve
only cable?

No clue - never heard of such a thing.


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Password History RetentionUpdating web server (apache) in a DMZ->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)