Working with FireHost

FireHost takes a little getting used to if you’re used to having actual root access and complete control over your or your client’s hosting environment. While some call them Draconian, FireHost leans to the very conservative of the security spectrum. They also require a dubious amount of tickets you have to open. That said, it’s nice to know they have your back when you’re trying to skirt security for speed.  Also, they will do a lot of configurations that other hosting companies won’t or might balk on doing.

Here’s a quick list of items you want to think about:

  1. The Model
    1. Two scaling cloud servers
    2. Web
      1. LAMP = Centos6.5/PHP 5.5
    3. Database
      1. LAMP = LAMP/Centos6.5/MySQL5.6
  2. Tickets you need to open if you want them install everything:
    1. Make sure your user account has enough permissions
      1. You definitely want Port Open permissions
    2. Install PHP (+version)
    3. Create permissions on X folder/s
      1. They installed Apache, but permissions were not set on the WWW folder
    4. Create VHOSTS – I made them do it so I had their template for creating VHOSTs. This is better for clients as you are just copying what was originally done.
      1. Make sure to ask for the site root to be changed to one of your VHOSTS
    5. Install MySQL (or whatever)
      1. Ports need to be opened first
      2. Check your permissions – you need specific perms to allow FH to install repos and corresponding software
    6. Port Open Request. Here is what I asked for:
      1. Source IP(s)/Network(s): [db ip2]
        Destination IP(s)/Network(s): any
        Ports: 80,443 [allow db to access internet to get repos, etc.]

        Source IP(s)/Network(s): [web ip1]
        Destination IP(s)/Network(s): [db ip2]
        Ports: 3306 [allow web to connect to db MySQL]

        Source IP(s)/Network(s): [db ip2]
        Destination IP(s)/Network(s): [web ip1]
        Ports: 3306 [allow db to connect to web – just in case]

        Source IP(s)/Network(s): [web ip1]
        Destination IP(s)/Network(s): [db ip2]
        Ports: ICMP [allow web to ping db]

        Source IP(s)/Network(s): [db ip2]
        Destination IP(s)/Network(s): [web ip1]
        Ports: ICMP [allow db to ping web]

      2. Web
        1. Looks like they open 80/443 by default when building the machine
  3.  SUDO
    1. You don’t get root access, but be happy with sudo
    2. Hint: login and do “sudo i”

 

 

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.