VPS LAMP or LEMP, which gives better secure?

DaRecordon

Well-known member
Registered
Joined
Oct 7, 2016
Messages
242
Points
18
Hello everyone, I'm not an expert system and every day I try to learn new ways on managing a server, specially for the security so this is my question, on a VPS, LAMP or LEMP, which gives better secure? and why?
 

24x7CSM

Well-known member
Registered
Joined
Sep 27, 2016
Messages
263
Points
28
Nothing is secured , any VPS / Server has to be secured , optimized. regarding the technologies you mentioned , first evaluate your website/app requirements , see which is best suited for your requirements and then deploy it.

once you are done with it , you can start securing the server based on the technologies you have used.
 

eva2000

Well-known member
Registered
Joined
Jan 14, 2017
Messages
173
Points
28
Not what you use but how you use it that matters. Both can be secured very well if you know how. With that said out of box Apache might be more secure for common web applications which rely on .htaccess to protect directories and files not meant for public viewing. Nginx without any further vhost directory location context level protections added manually, would allow such private directories public access as Nginx doesn't support or read .htaccess files.

It's why for my Centmin Mod Nginx LEMP stack latest 123.09beta01, I wrote and auto enable on all newly generated Nginx vhosts a tool called autoprotect.sh

An example of Apache directory's .htaccess deny all file at /privatedirectory/.htaccess
Code:
Order deny,allow
Deny from all
An example of Nginx directory you have to manually create in your nginx vhost at /privatedirectory having deny all set for 403 permission denied
Code:
location ~* ^/privatedirectory { deny all; }
Running autoprotect.sh which runs on initial Nginx vhost generation and at scheduled cronjob intervals will transverse through all Nginx vhost sites at /home/nginx/domains/ looking for any .htaccess files which have .htaccess 'deny from all' detected directories and generate the corresponding Nginx location match deny all config in an include file specific for each domain i.e. /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where domain name = domain.com
Code:
/usr/local/src/centminmod/tools/autoprotect.sh
generated nginx include file: /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf

autoprotect.sh run completed...
contents of include file /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where autoprotect.sh detected a matching .htaccess file at
/home/nginx/domains/domain.com/public/privatedirectory/.htaccess which needs a nginx equivalent location match deny all rule generated
Code:
# /home/nginx/domains/domain.com/public/privatedirectory
location ~* ^/privatedirectory { deny all; }
I believe no other out of box Nginx solution other than Centmin Mod provides such a feature :D

The autoprotect.sh tool is also useful for catching any missing Nginx manually needed directory location context protections/deny all when you upload a common web app and forget to protect such directories as intended by the web app developer/author :)

The autoprotect.sh tool can also give end user the option to manually bypass autoprotect.sh script and NOT auto create a nginx deny all location match by manually creating a .autoprotect-bypass file within the directory you want to bypass and exclude from autoprotect.sh. You may want to do this if your nginx deny location match for a directory involves whitelisting ip addresses' access to the directory or you already manually added such in your Nginx vhost config :)
 

DaRecordon

Well-known member
Registered
Joined
Oct 7, 2016
Messages
242
Points
18
DaRecordon
It is a great idea to have a file (autoprotect.sh) to run and protect the server. I've never seen this method before.

Does this file autoprotect.sh contain all commands to secure a server? can I run it once when I have a new vps server running Apache?
 

eva2000

Well-known member
Registered
Joined
Jan 14, 2017
Messages
173
Points
28
not exactly autoprotect.sh is just for detecting which directories on your server have .htaccess with deny from all contained within it and auto protects those directories so end users don't leave a web application author's intended htaccess directories vulnerable to public access
 

virtono

New member
Registered
Joined
Nov 10, 2014
Messages
1
Points
1
In my opinion apache is used more used and you can find more details on the web if an issue arise, but nginx is better for high-traffic websites. However, 90% of the attacks are directed to your application, like wordpress or joomla, so you have to secure your vps , optimize your web server & harden your php, just choosing a webserver over another won't really help you.
 
Older Threads
Newer Threads
Replies
5
Views
2,841
Replies
19
Views
7,260
Replies
12
Views
6,259
Replies
26
Views
9,575
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top