Date: Sun, 18 Nov 2012 08:29:24 -0500 From: Fbsd8 <fbsd8@a1poweruser.com> To: Polytropon <freebsd@edvax.de> Cc: Matthew Pope <mpope@teksavvy.com>, FreeBSD <freebsd-questions@freebsd.org> Subject: Re: confessions of a FreeBSD purist Message-ID: <50A8E2B4.9020806@a1poweruser.com> In-Reply-To: <20121118125125.85b2a49f.freebsd@edvax.de> References: <50A72E72.1000205@teksavvy.com> <20121118125125.85b2a49f.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Polytropon wrote: > On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote: >> However, I do need to run a web site again, and I am more than convinced >> on the superior performance, and hardening possible with FreeBSD bind, >> and Apache running in jails. However, I'd like to run FreeBSD in a >> VMWare or VirtualBox VMs. This gives me the ability to take snapshots >> to recover easily when I break something. Computing resources are like >> candy these days. My fast box has 4 screaming fast processors with 8 GB >> of RAM, and that is a three year old machine. There is no reason >> FreeBSD cannot run with adequate performance in a VM and run bind, and >> perhaps on another physical box, have a FreeBSD VM running Apache, both >> in jails. I know others are doing it. >> >> Could anyone be kind enough to recommend a free, or share their own >> FreeBSD VM image that has bind pre-configured in a jail, and / or an >> Apache web server pre-configured in a jail, for a non-commercial site? >> With this configuration I can revert after breaking something as an >> over-eager, semi-qualified system administrator. > > You should really invest the time needed to build and configure > the server software (!) you're going to use. In my opinion, it > is your responsibility to provide a secure service, as any idiot > can provide an insecure service. :-) > > The time you invest is well spent. Also note that there are tools > like ezjail and warden (PC-BSD's tool for managing jails, with GUI). > Of course there is sufficient documentation for installing and > configuring Apache. Nobody else than _you_ knows your requirements > best. You will benefit from tuning the required software yourself. > > Security is a process, not a state. Do not trust "3rd party VM > images", especially when you're going to instantiate a service > (like a web server) using them. Use paranoia for good. :-) > > Some hints: > > http://erdgeist.org/arts/software/ezjail/ > > http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/ > > http://wiki.pcbsd.org/index.php/Warden® > > Again, you should reconsider using VM images provided by others. > There is basically nothing wrong in running a FreeBSD server in > a VM on Linux, even though it might be valid as well to run > FreeBSD on "bare metal". But that depends on your requirements, > intentions, and energy bill. :-) > > > A far better tool to build jails is qjail, give it a try. http://qjail.sourceforge.net/ http://www.freebsd.org/cgi/ports.cgi?query=qjail&stype=all
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50A8E2B4.9020806>