-
-
Save msterle/3987013 to your computer and use it in GitHub Desktop.
Some network diagram somewhere
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (INTERNET) | |
| | | |
| HAPROXY\ | /HAPROXY-STANDBY | |
| NFS- DRBD1 <------VIP DRBD2 -NFS-STANDBY | |
| MYSQL/ /|\ \MYSQL-STANDBY | |
| / | \ | |
| WEB1 WEB2 WEB3 WEB4 (apache's mpm-itk/nginx php5-fpm) | |
| Things we cant limit : Evil/Bad/Dumb PHP code | |
| Users with bad passwords | |
| Things we can limit: | |
| PHP | |
| Apache: | |
| suexec per user processes with mpm-itk | |
| only exec files from defined directrories | |
| chroot | |
| Nginx: | |
| fork php5-fpm processes by uid | |
| only exec files from defined directories | |
| chroot | |
| # of processes (ulimit) | |
| Mem Limit of processes (php.ini) | |
| what is avaliable (no exec, no php-cli) | |
| Mysql | |
| queries per account per hour | |
| updates per account per hour | |
| # of connections per hour | |
| # of concurent connetions | |
| NFS | |
| DISK QUOTAS: | |
| edquota peruser | |
| HAPROXY | |
| rate-limit sessions? (probably cant use this, as its global) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment