Outside of work I'm also a member of a Community-based Samba band, Meninos do Morumbi Oldham, along with my son James. Like most people in the IT business, once people figure out what you do you inevitably get requests to help with anything related to computers, and I got collared to set up a website for the group. I started looking around for hosting providers, and my original choice was bluehost.com, based on the recommendation of my colleague Phil. However, the membership management application I'm also developing is written in Java, which mean I really wanted to run Tomcat on the site as well, and bluehost didn't offer that option. Finding a hosting provider who would host Tomcat at a reasonable price proved incredibly difficult - the costs were way more than a non-profit like us could afford. Eventually I stumbled across mod3, a UK-based hosting provider who offer a Solaris 10 zone for the princely sum of £9.95 per year, plus pay-as-you-go for network bandwidth, disk space etc. The fact that they were running Solaris appealed to me, and I was happy to risk the £10 involved out of my own capacious pocket ;-) The base hosting package also came with 660Mb of usable disk space, which was plenty for our needs.
After purchasing the site domain name and hosting I started to think about what I wanted to put on the site. You get 64Mb of RSS memory with a base zone config, which meant I needed to be fairly careful with what I ran on the site. As I said, I knew I'd probably want use Tomcat at some point, so I began to wonder if I could run the whole thing with Tomcat alone. From previous experience of setting up similar websites before, I know that setting up the site is relatively easy, the real problem is providing content, then keeping it up-to-date and relevant. I also didn't want to become the bottleneck for making changes to she site, which pretty much meant that I needed to use some sort of Content Management System, so that I could give other members of the group the ability to edit content. Nearly everyone in the organisation is a non-IT type (one of the attractions of the group for me ;-), so whatever I used had to make editing easy - requiring that people hack on raw HTML was a non-starter.
As part of the day job I'm looking at the possibility of using a CMS for part of the OpenSolaris website, so I'd already been looking around at what was available (and free!). I didn't need an 'Enterprise level' CMS - features such as versioning, content staging, multilingual support or workflow management weren't necessary, what I needed was something easy for users to understand, and that didn't have huge resource requirements. And being written in Java was a bonus, as it meant I could then run it under the Tomcat instance I already knew I was going to need for the membership management stuff.
My final choice was MeshCMS, and I've been extremely happy with it. It hit all the key requirements that I had - simple to deploy (single WAR file, no database required), easy to customise, structures the site using the directory/subdirectory paradigm that any PC user is already familiar with, has an integrated WYSIWYG editor for editing content, and the clincher - has very modest resource requirements and fits inside my 64Mb RSS constraint. MeshCMS has been exceedingly well thought out - designing the look and feel of the site involves just modifying a single JSP template, which is then applied to all the pages. The site navigation menus are all automatically generated from the layout of the directory hierarchy used to store the page content, and most-frequently accessed pages bubble to the top of the menus. Linking to other pages in the site is easy - the integrated editor provides a dynamically-generated list of pages that you can select from. The editor even provides a list of the styles defined in the site stylesheet for you to select from - a feature that Roller (the package used to run blogs.sun.com) could well do with emulating.
Having decided on the CMS, the next task was to see if I could minimise Tomcat's footprint as far as possible. Tomcat runs as a normal Unix process, and so doesn't have permission to open low-numbered ports (below 1024), which is why by default it runs on port 8080. Webservers normally run on port 80, and using that port requires root privilege. The Apache webserver gets around this problem by starting up as root, opening port 80 then switching user to the webserver user before starting to serve pages. However Tomcat is written in Java, so Unix-centric mechanisms like switching user aren't an option. The normal way to get around this is to put Tomcat behind Apache, using the mod_jk module to shunt traffic between the two. However because of my memory constraints, I wanted to avoid using Apache if at all possible. There are a number of fairly vile hacks for doing this for Linux, including stuff such as firewall or userland port redirection, but most of them suffer from various problems.
However because I was running on Solaris, I had a far better option. I was already intending to run Tomcat as a SMF service, and one of the lesser-known features of SMF is that it is integrated with the Least Privilege mechanism in Solaris 10, which allows you to grant elevated privileges to normal user processes in a controlled way. This meant that allowing Tomcat to open port 80 simply required granting it the
<method_credential user='meninos' group='staff' privileges='basic,net_privaddr' />
The really neat thing is that I didn't have to give the meninos user the
net_privaddr privilege permanently, it only needs it for the duration of the service start method.
So, if you are ever in the Greater Manchester area, check out our performances page on the website and if you get a chance, pop by and hear us play ;-) We were out busking in Manchester yesterday, and for once the weather was kind, despite the time of year :-)