From owner-freebsd-questions@FreeBSD.ORG Wed Jul 23 06:46:11 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCDF51065671 for ; Wed, 23 Jul 2008 06:46:11 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 9DD4A8FC0A for ; Wed, 23 Jul 2008 06:46:11 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDSK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id m6N6k9hB090934; Tue, 22 Jul 2008 23:46:10 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Paul Schmehl" , "VeeJay" , "FreeBSD-Questions" Date: Tue, 22 Jul 2008 23:47:04 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914 In-Reply-To: <792213D8B249EC1C41EA0662@utd65257.utdallas.edu> Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (mail.freebsd-corp-net-guide.com [65.75.192.90]); Tue, 22 Jul 2008 23:46:10 -0700 (PDT) Cc: Subject: RE: FreeBSD for webserver? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2008 06:46:11 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Paul Schmehl > Sent: Tuesday, July 22, 2008 2:22 PM > To: VeeJay; FreeBSD-Questions > Subject: Re: FreeBSD for webserver? > > > --On Tuesday, July 22, 2008 22:05:26 +0200 VeeJay > wrote: > > > Hi there > > > > I am going to make 2 Webserver at my work going to handle 50 > mil hits per > > month... They are using Linux already. But being a FreeBSD fan, I have > > proposed FreeBSD to my Boss convincing him that FreeBSD is more Fast and > > Secure solution for his needs... And now I want to show the results... > > *Hardware:* > > Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 > Quad-Core > > 2x6MB cache WITH 16 GB RAM. > > > > *Tools:* > > 1. FreeBSD 7 Production Release > > 2. Apache 2.2.9 > > 3. MySQL 5.1.26 > > 4. PHP 5.2.6 > > > > My question is, "*To get the speed, performance and security*": > > > > Should I use Ports or Packages to install all these tools One by One? > > > > *OR* > > Should I use TAR files and compile them manually. For example > giving command > > line arguments and commands like > > > > This seems to be a common misperception about ports. Ports > aren't something > magical. They do exactly what you would do from the commandline (i.e. > ./configure, make, make install), except they come with several bonuses. > > 1) The port maintainer has already worked out all the quirks to > make it compile > and install properly on FreeBSD. 2) The port maintainer has > already supplied > patches that allow the software to build correctly on FreeBSD. > 3) All the > dependencies are already taken care of. 4) Upgrading is quite simple and > straightforward. 5) The software is now > architechture-independent (in most > cases), meaning you can move from Intel to AMD (for example) > without having to > worry that the software will no longer build and you'll have to > start from > scratch again. > > For example, I decided today that I wanted to try out some software named > "arguseye". So I downloaded and untarred the program. I looked at the > dependencies. It requires a number of perl modules, some of > which are not in > ports. So, I just created three new perl ports to satisfy those > dependencies > and submitted them this afternoon. > > Once those are accepted into the tree, I'll create the arguseye > port and submit > it as well. Then, when someone else wants to install arguseye, > all they will > have to do is type "make install clean" in the port directory and > everything > that they need will be installed for them. > > Unless you're a glutton for punishment, why would you do all that > yourself? Because maybe you don't care for the porter's choice of defaults. Many programs come with hard-coded defaults that are modified in a config file. For example cistron-radius. Another example is the dspam port. The porter for that insisted on using a default of apache vhost. However the default apache port does not activate this. I don't give a rat's ass that vhost is supposedly more secure. Another one that always pisses me off is the porter's choice in building uw-imap to turn off plaintext passwords. And the default for pine is also to turn off plaintext support. Another problem is that not all porters are good about maintaining their ports. For example icradius. Someone spent a lot of time creating the port for that. Then just let it die. Another is the open source ingres database. Julian ported that one then lost interest, it died sometime around FBSD 4.X Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. The fundamental achillies heel of the ports system is it makes the assumption that every package in the ports system is popular and will be supported for the indefinite future by the original package developer. The ports system counts on this insofar that it assumes that if the original porter loses interest and stops tracking the master site, that someone else will step in and assume responsibility for maintaining the port. The reality is that in every release of FreeBSD, some ports go wanting for sponsors, and nobody steps forward and so when the port stops building, the FreeBSD maintainers simply cut it out of the ports tree, plus anything dependent on it. This assumption is fine for people running vanilla apache or whatever systems, which is most people. But, if your doing anything that isn't plain-jane middle of the road, you better assume that if your using a series of ports, to make detailed notes, and save the ports, and save the patches, and save the distfiles. You may need to see how they did it in an older FreeBSD system when a new version of FreeBSD comes out that is missing one or more of the ports you depend on. Ultimately, ports isn't any different than most other things. When it's properly executed it's great. But proper execution of the entire thing depends on every porter who has an active port in the system doing the right thing, and there's so many of them that statistically, some of them are going to be flakes. Ultimately, if your going to be a server admin, you need to know how to build your applications without ports. It's no different than, for example, I know how to pour and form concrete, I know how to plumb pipes. But if I needed concrete poured, or pipes plumbed, I would call a contractor and a plumber, and because I know how to do these things I would be able to keep an eye on what the people I hired were doing and know if they were doing what they were supposed to be doing, or if they were incompetents. The folks that depend utterly on ports and have no notion of how to build it manually, are like the people who don't know how to pour concrete or plumb pipes, and who hire a mason and a plumber anyway. They think they are having their concrete and pipes done, but in reality they have no clue if the work is really being done properly or not. And, years later that concrete may be cracked and the pipes leaking, and they have no clue if it was due to crap work or something else. Ted