Umfang des Standard-Webhostings
Components of the serviced web hosting service
Our hosting environment is a so-called shared web hosting environment, meaning that your website shares its resources with other sites on the same server. To improve performance, sites are delivered by one of several servers that, together, make up a web server pool. The web server pool is located behind a service load balancer (SLB) that distributes requests to websites to one of the pool servers that is currently able to accept requests.
The LRZ web hosting team uses tried-and-true components in their infrastructure:
- GNU/Linux operating system (Debian)
- Apache web server software
- Your site will be realised as virtual host in a shared hosting.
- You have configuration options to configure the webserver's behaviour.
- We can provide a server certificate in most cases.
- PHP as a scripting language for dynamic web applications like WordPress, Joomla!, Drupal, Mediawiki, or LimeSurvey
- Storage space on the file system
- Your website comes with 10 GB of storage space
- Access the file system via SSH, SCP, SFTP, FTPS, and FTP
- MySQL database (optional)
- several hundreds of MB for your database
- Access via phpMyAdmin
- The database is meant to be used exclusively by the webite. Access is limited.
- Your files on the filesystem and in your database are backed up automatically on a regular basis. A portion of your backed-up filesystem data (so-called filesystem snapshots) is accessible to you so you may restore accidentally deleted or overwritten data yourself. The filesystem snapshots will usually relieve you of the need to create your own backups
- access server:
- manage your database from the command-line
- create and manage cron jobs (actions that are executed automatically based on a schedule)
- logging and statistics
- redundant infrastructure to ensure good performance and availability
- The underlying infrastructure is taken care of by LRZ (operating system, webserver software/Apache, PHP etc.).
We do not allow root access (= administrator privileges) to our servers. All filesystem actions regarding your website are performed with your functional account (non-admin user permissions).
Operational infrastructure
In order to improve availability and fail-safety, websites in our web hosting infrastructure are deployed by several so-called webserver daemon pools. The daemon pools are located behind a service load balancer (abbreviated: SLB; see the "Service Catalogue", section 6.2). The SLB is a redundantly constructed special hardware which is also redundantly connected to the internet at the LRZ.
A webserver daemon pool consists of several servers that run the webserver software, as well as the database server. The webserver servers are identical in their configuration. Each server runs an Apache webserver daemon that can process all websites of the pool. The websites are implemented as virtual hosts (short form: vhosts). If you surf to your website using your web browser, the SLB will forward the request to an available daemon server of the daemon pool where your website resides.
Good to know
- There are multiple webserver daemon pools in the LRZ web hosting infrastructure, each configured as shared web hosting. A common misconception is that each website runs on its own dedicated server.
- Websites inside the same webserver daemon pool share all of the pool's resources.
- If a website is accessed, this is processed by one of the available servers in the webserver daemon pool, creating a redundant infrastructure.
- Our customers cannot access the servers in the webserver daemon pools directly. Instead, access is possible through a so-called access server, via FTP, and phpMyAdmin (the latter solely for database management). See Access options for more details.
- When managing your website, you will always work with the permissions of your website's functional account. In no case is it possible to be granted admin rights/root privileges.
What isn't part of the serviced web hosting service?
- an own IP address for your website
- additional scripting languages like Python or Perl
- pre-installed web applications like Wordpress or TYPO3
- administrator/root access for the operating system
Your responsibilities
The LRZ web hosting team maintains the web hosting infrastructure and additional components for you, allowing you to concentrate on working on your content. If you choose to install additional software like a content management system, you are responsible for maintaining the software. This means, first and foremost, that you should keep an eye out for updates to your application and regularly install them. Obsolete software may contain programming errors (bugs). Through abusing known bugs, an attacker may:
- unintentionally expose your private data to the outside world, and/or
- disrupt the service of the entire infrastructure (shared web hosting).
Keeping your software current will significantly reduce this risk.
If we become aware that your website may have been compromised, we will take immediate action and take your website down temporarily. We will of course notify you in case this happens (which, luckily, is usually only very rarely).
Some examples for common security breach scenarios:
- A web application has not been updated regularly and now contains a known security vulnerability. An IT-savvy person with malicious intent manages to exploit the vulnerability, taking control of your website and changing it to display illegal content.
- A web application has not been configured correctly (e.g. connection over HTTPS is not enforced) , thereby allowing an attacker to read data that gets sent to and from the website.