Design
RSS checks all the feature, device compatibility, performance, scale and security boxes. From the simplicity and maintainability needs of a small office to the administration requirements of multi-location, multi-domain organization.
If your organization doesn’t need to support added websites, there’s no added administrative work to do. RSS automatically adds website service for all its own internal capability and administrative needs. But if you need to host one or 100 websites, public or company private, for just a few users or scaled to thousands, RSS has that answer — hosted locally and through one, two or up to 7 internet service providers in each of 1, 2 or up to 16 client RSS- provisioned locations. All under your control, with administration and logging.
The smallest configuration supports hundreds of users via four dedicated website host ‘virtual machines’ using fewer resources than a low-end laptop, each running on different physical servers. The largest configuration supports thousands of users via 59 dedicated web servers running in each of 16 locations, each connected by up to 7 simultaneous internet service providers. And — it is seamless to increase or decrease capacity.
Highlights of web hosting subsystem capabilities and structural components, including links to background and details, are in the sliding two columns on the right. Click the column heading to pause the slider, or click the arrows midway on the left or right to see the next column.
This is ‘website hosting in a box’ (or 59×16 boxes)!
- Integrated Subsystems:
- Nginx – Released in 2009, now in 2022 Nginx serves 1 in 3 of the busiest websites. Fully featured and provisioned on every RSS web host, Nginx acts as either the primary webserver for RSS provisioned websites, or as a gateway (known as ‘reverse proxy’) for specialty servers of the client’s choice that offer web related interfaces. RSS itself uses that capability to provide some specialty services running outside the web host but proxied through nginx (like Gerbera media service). Clients may add further servers then use RSS’s web spec to provision nginx to handle the security or handle it themselves. Gateways to programming languages are all available, php is installed natively by RSS but python and more are supported. General Information. Details.
- No fewer than 4 affordable servers per location cooperate in providing nginx and related web services, ensuring performance and balancing load.
- Apache – Like nginx, Apache also serves about 1 in 3 of the world’s websites. RSS takes advantage of nginx’s superior capability to serve static content, acting as a front-end to enable Apache configured websites and applications to run normally in RSS environments. All of Apache’s features are supported and enabled, offering the same integrations and features noted above by nginx. General information. Details.
- PHP-FPM: Updated annually since 1995, php is the programming language that underlies millions of websites, including all wordpress based websites and also nextcloud. RSS automatically provisions, updates and configures php to integrate natively with the nginx web server. The combination is what allows ‘active content’– meaning web pages that allow input or may change from one visit to the next. RSS also provisions php performance diagnostics for administrators. As new versions of php are released, rss automatically installs and makes them available. Partial screenshot. General Information. Details.
- Security Technologies – To avoid giving those with ill intent information, RSS server installations at client locations have further security related technologies which are documented only for admin users. However, other than described publicly, nothing in RSS permits client data or metadata to leave the client’s installations.
- Nginx – Released in 2009, now in 2022 Nginx serves 1 in 3 of the busiest websites. Fully featured and provisioned on every RSS web host, Nginx acts as either the primary webserver for RSS provisioned websites, or as a gateway (known as ‘reverse proxy’) for specialty servers of the client’s choice that offer web related interfaces. RSS itself uses that capability to provide some specialty services running outside the web host but proxied through nginx (like Gerbera media service). Clients may add further servers then use RSS’s web spec to provision nginx to handle the security or handle it themselves. Gateways to programming languages are all available, php is installed natively by RSS but python and more are supported. General Information. Details.
- Foundational Subsystems:
- HAProxy – High availability load balancer and proxy server. HAProxy distributes requests for web services among those site machines it checks and knows to be operating properly. It also offers a GUI providing detailed real-time administrative and status updates. First released in 2000, broadly accepted and the choice of AirBnB, Reddit, Target, Twitter, GitHub and more. Partial Screenshot1- Frontend, Partial Screenshot2 – Backend. General Information. Details.
- MariaDB – SQL Database: From 2009, now with over 50,000 active installations including Google, Walgreens and Mozilla (Firefox, Thunderbird): MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. Originally designed as enhanced, drop-in replacement for MySQL, MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases. General Information. Details.
- Galera Cluster – SQL High Availability: Realtime synchronization of all the computers supporting SQL database operations. General Information. Details.
- Redis Cluster – Ultra high-speed multi-server ‘sharding’ data store: Originally released in 2009, now the most popular key-value database and 4th most installed ‘nosql’ database, currently topping the list of most favored database by 70,000 developers. Many websites, including NextCloud, rely on redis to synchronize updates among users connected via different web-hosting servers. General Information. Overall Details. Cluster Details.
- Ceph – “The future of storage”. Updated annually since 2012, among many other things: provides the replicated storage engine supporting all the website hosting needs. General Information. Details.
- Host OS: Ubuntu LTS running on ‘bare metal’ and/or virtual machine/KVM – Even the smallest RSS client supports no fewer than four separate website serving ‘www’ subsystems running in a virtual machine as part of a physical server. Should only one be running, web services will appear normal. Scales to thousands of users natively. For security, monitoring and performance, all web serving functions are isolated both in a private subnet and vlan. Larger installations can host web servers on up to 59 ‘bare metal’ hosts in up to 16 linked client locations. This design protects the overall system from breaches and to allows the installation of the latest website engine related patches without concern for dependencies and incompatibilities in unrelated subsystems. While ‘docker’ and related isolation technologies provide small speed advantages, virtual machine isolation remains the gold standard for security and is therefore the basis for RSS website hosts running as a subsystem on a server. The underlying Linux distribution for the database subsystem is Ubuntu. Ubuntu Linux General Information, Details. KVM General Information , Details.
- Simplest: enter a domain name, edit one line in a text file: WordPress website ready to go. In it’s simplest mode, using the RSS provided graphical interface to enter a domain name, then editing one text file is all that’s necessary to fully provision the latest release of wordpress into a working ready-to-edit website, complete with SSL certificate and database connectivity. If the domain is a subdomain, all the setup is done. If it is a top level domain, editing the domain registrar to point to the site’s RSS provided domain name servers is all that’s needed to connect the website to the internet. If more security is needed, copying the content of one line in an rss provided text file, a ‘ds record’, to the top level domain registrar’s website is all that’s needed to enable DNSSEC for the domain, including’ key rotation’ and all ongoing security maintenance. Want an A+ security rating on your website — this provides it.
- Edit one line a little differently: content in a shared directory is online. Using the above interface slightly differently allows RSS clients to cause all the webservers to connect the admin entered domain name to a replicated, shared directory filled with content provided by the client, including optional creation and provisioning of related databases.
- Have a more complex nginx-compatible need? Edit one line slightly differently to proxy any service, or route traffic to the built-in Apache server infrastructure. Using the interface slightly differently allows RSS clients to connect a domain to other systems providing web interface, whether located within or outside the client’s RSS infrastructure (see nginx proxy-pass). In this way, RSS can be a gateway to systems that provide web services using entirely different technologies (apache, lighthttpd, caddy, Apache, git, django, Magento, Joomla, Drupal, other CMS providers). Nginx is the most efficient, widely used front-end proxy, able to redirect queries to systems you provide whether integrated as VMs on servers or stand-alone machines. This includes ‘system in a box’ technologies with web components (pbx’s, etc) or other web service choices and alternative database technologies. One line in a file allows a proxy specification that will direct web addresses or sub-addresses of your choice to systems you select.
- By default, attempts to access websites via insecure http are automatically redirected to https versions, and support is provided for ip protocol version 4 and 6. Handling each differently, as well as other referal and automatic redirect options are provided in the ‘rss_managed’ ‘custom_allowed_or_redirected_host_specs’ file.
- Automatic creation of email addresses and related services and subdomains is automatic, as is (optionally) updating security certificates.
- Client private websites: While each RSS client can have a public domain name, RSS creates 16 client private subdomains attached to each possible client location (1.domain.com, 2.domain.com, etc.) Creating websites in one of those domains (or subdomains of those domains) results in content that can’t be accessed outside the client’s protected infrastructure. Need a website that by design can’t be accessed outside the company? RSS does that.
- Access logs segregated by domain, along with error reporting.
- And.. lots of ‘little things’. For example, ‘one-liner’ automatic redirection of like-seeming web addresses to the ‘official’ address. Like whether the visitor remembered to add the s to http, or did or didn’t remember to lead with ‘www….’, or redirection of technically different domains which are owned by the client, reserved to avoid confusion– such as http://rockstable.systems