setup server from scratch (with or without apache?)
in [Python]
|
Prev: Pick items from list with probability based upon property of listmember ?
Next: Pick items from list with probability based upon property of list member ?
From: News123 on 20 Jun 2010 07:12 Hi, So far I never really had to ask this question and this is also, why I am stil a little shaky on this topic: So far the typical LAMP server existed already and contained already a lot of existing PHP web applications, which I couldn't remove. Therefore I just used mod_python to implement some minor functionality next to it. Now I have the opportunity to setup a server from scratch. 90% of the content will be non visual content over https with client AND server certificates. Access privileges will depend on the client certificate. I will only have one IP address and only port 443. 1.) What alternatives would exist compared to apache / mod_python 2.) What disadvantage would I have using apache and mod_python compared to other solutions 3.) What's the stability / security aspect of other solutions, especially concerning client / server certificates 4.) How could I prepare for the case, that customer might lateron require PHP? (not very probably, but who knows. 5.) What about mod_wsgi vs. mod_python Thanks a lot for suggestions / ideas.
From: Kruptein on 21 Jun 2010 01:49 I think that apache and mod_python are good enough, but I'm not an expert. but I think that the security aspect for a large part depends on how secure your code is. You can have a very secure server setting, but somewhere a bug in your code that makes it insecure.
From: Paul Rubin on 21 Jun 2010 02:03 News123 <news1234(a)free.fr> writes: > 1.) What alternatives would exist compared to apache / mod_python I think you could use stunnel to listen on port 443 and forward it to a local port, where you'd have a python httpd, perhaps using the SimpleHTTPServer module. Stunnel uses OpenSSL which handles client certificates pretty well as far as I can tell. There are various Python openssl bindings that I haven't used and I get they impression that at least some of them are sloppy about certificates at either end. I've never used stunnel but have been wanting to. mod_python is pretty dead. Frankly I've always used apache whenever I've used https for web pages. You could use mod_wsgi (I haven't tried this yet) or again, set it up as a proxy forwarding to a local port for a python httpd to listen to. Or for that matter, you use old-fashioned cgi's. That's what I usually do if there's not a load issue.
From: alex23 on 21 Jun 2010 02:27 Paul Rubin <no.em...(a)nospam.invalid> wrote: > mod_python is pretty dead. It's now totally dead[1]. (Not pining for the fjords, either.) 1: http://blog.dscpl.com.au/2010/06/modpython-project-is-now-officially.html
From: Stefan Behnel on 21 Jun 2010 02:54
News123, 20.06.2010 13:12: > Now I have the opportunity to setup a server from scratch. > 90% of the content will be non visual content over https with client AND > server certificates. > Access privileges will depend on the client certificate. > > I will only have one IP address and only port 443. > > 1.) What alternatives would exist compared to apache / mod_python > 5.) What about mod_wsgi vs. mod_python As others have pointed out, mod_wsgi is preferable over mod_python. In any case, you want your code to run on top of WSGI, as it makes it independent of a specific web server environment (i.e. much more future proof). I've read happy comments on nginx as an HTTP/S server for WSGI apps, both for being easy to install and set up, and for being fast, versatile and resource friendly. I'd try that before going for an Apache installation. I'd also second the advice to start with a WSGI setup on top of CGI that's simple to set up, redeploy and test, and then move on to more involved and less agile deployments when you see that you need them. Stefan |