Date: Wed, 16 Jul 2003 14:32:30 -0700 From: Freddie Cash <fcash@sd73.bc.ca> To: newbies@freebsd.org Subject: Fwd: Re: Recommended reading: FreeBSD for production server use Message-ID: <200307161432.30926.fcash@sd73.bc.ca>
next in thread | raw e-mail | index | archive | help
On July 16, 2003 02:17 pm, Nico Meijer wrote: > Perhaps some real questions would clear things up. > > Let's say I run a production status FreeBSD 4.8 server. Do I track > RELENG_4_8? Do I track -STABLE (RELENG_4, I believe)? (My bet is on > RELENG_4_8) Track RELENG_4_8, as that is 4.8-RELEASE plus any security and major bug fixes. It's the least moving target. If you need specific features or drivers or other support only found in -STABLE, then track RELENG_4. > Let's say I use ports on that server. 'ports' has no cvs tag, as > opposed to OpenBSD's ports system. Do I cvsup my ports tree > regularly? If so, do I issue 'portupgrade -ar' every now and then? > That, for instance, would upgrade my 'mod_php4' to version 4.3.3-RC1. > Being "RC1", it is not intended for production use. OTOH, my Apache > would now be a patchlevel 5, which would seem good to me, at first > glance (didn't check what the changes were from p4). Certainly update the prots tree every now and again (I update it once a week). Then run "portversion -v | grep needs" to see which ports have updates available. Then, manually research each change to see if you need to update or not. Only update the ports you need to update. Don't blindly run "portupgrade -arR" as that can bite you in the arse quite easily. :) > Let's say I run ipfw on that server? Will 'ipfw add check-state' and > accompanying 'ipfw add allow tcp from [whatever] to me via > [interface] port [number] setup keep-state' rules a) work (verified, > it does) b) hold up under heavy network load? It does. That's what it is designed to do, and several large sites use it without problems. ipfw+natd can be a little slow on super-heavy throuput sites, in which case you should invetigate using IPFilter+IPNat. The reason for this is that ipfw runs in the kernel, but natd runs in userspace, and you hit a lot of data passing back and forth and kernel context switches. ipfilter and ipnat both run in the kernel. As for where you can find over-arching documentation of this sort ... well, you can't really. :) There is an excellent documentation section to the FreeBSD website, with several different Handbooks and articles on various subjects. There are also several very nice books out, like Greg Lehey's "The Complete FreeBSD, 4th ed.", or Annelise Anderson's "FreeBSD: An Open-Source OS for your PC" (I think that's the title, I may have mangled it a bit), "FreeBSD Unleashed", "Absolute BSD", and others. Beyond that, it's scouring the archives of the various mailing lists, searching the web, checking website like http://bsdforums.org and the like. Or, writing one for everyone to use, based on your experiences and research. :) -- Freddie Cash District HelpDesk / Network Admin fcash@sd73.bc.ca helpdesk@sd73.bc.ca (250) 374-0679 ext. 219
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307161432.30926.fcash>