From owner-freebsd-questions@freebsd.org Sun Jun 2 00:30:34 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69BB215A4233 for ; Sun, 2 Jun 2019 00:30:34 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8204C845A7 for ; Sun, 2 Jun 2019 00:30:32 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-vk1-xa34.google.com with SMTP id p24so2241694vki.5 for ; Sat, 01 Jun 2019 17:30:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=KVF1l2he536YUG/jvKDA+uRQ4OhcxAxCqEyi6asVclc=; b=tWfmjse/usOHn/ZGYsdbvUQXULayD4w6jBleqla2hYCqylUb8mTUAiPdQaHL9aYiXx JPgtQ7EH1jC0tTZrAyqZDeTNqGPFQIwgCMBELSt7MnzZSbO00iayWEnT2mtINq1mnQ+k vB8BGdlEh4AmvrTpZQj7y1WpeVAmvU2XR0Qjf5T94u9WyaOknE/boNUmmcbpKO9DBuYI rbPOas6GxYbs2rveenHACV2VuFa6QJvCEZxHMK3dYj3CDkRXDP6JfP91dCmcd9n8EtV8 6+glyXKn57gmOCt9RIZhHtN2KgTdyIbj/v9CL4mROxu033GATN2mM+rTUm0kDkrwt2tt nIdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=KVF1l2he536YUG/jvKDA+uRQ4OhcxAxCqEyi6asVclc=; b=ct1jj2isQyG8S/ke1cKnKZPP8HniQ3EiuX1nHklX5DJkIAhJap7LxhkHI9/rNaiD+u rj65ToUqi2OshrizEaHZTlh2mvRUpf1Ue5/8Ln5c5t+XJLVvJsb0HBiz5JBayhek/0yP jjKqNqBRXsdTXT4GiJEvM8xvmeSIUqnvgjCGOA8vY6nCJgB2le8yIlErAw+GXyc806aW RpSPvMi+C3faZZr/Z0NxtWYON/yShi0oeQPADq/cGCD/kePmQZjEIEWyXekd8OoJI6xp e4+j2L64KdhFFQ/1w0uokYMP+0oyYREyEku5Ipi46iNfXDb09vNakEiRokhemjE71rEH KRVw== X-Gm-Message-State: APjAAAXQHiIYqt8dKxUqCtVbnmk3QnYUmYM2mZBXtGtB66BQuzY+4vWx H/Jzv6Eeoc5MMlyoEr9/ebqBYUwldvYg2BtsgmeKHpBk X-Google-Smtp-Source: APXvYqxq+x6T8h47PC4gdkLpkN4No0z0kvzE6XdOmSgPnG2dVHxls3gXI7La62YkkRD8WapdMkBeappatSIU9qQEtwo= X-Received: by 2002:a1f:a003:: with SMTP id j3mr3179748vke.74.1559435431525; Sat, 01 Jun 2019 17:30:31 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ab0:32c1:0:0:0:0:0 with HTTP; Sat, 1 Jun 2019 17:30:31 -0700 (PDT) From: David Mehler Date: Sat, 1 Jun 2019 20:30:31 -0400 Message-ID: Subject: to jail or not to jail To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 8204C845A7 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=tWfmjse/; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2607:f8b0:4864:20::a34 as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-6.98 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.93)[-0.934,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.04)[ip: (-9.57), ipnet: 2607:f8b0::/32(-3.27), asn: 15169(-2.28), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[4.3.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jun 2019 00:30:34 -0000 Hello, I've got a newly installed FreeBSD 12 vps. It's going to be running a web server/php hosting multiple sites, with letsencrypt tls certificates for each. It's also going to be running an email server, postfix, dovecot, rspamd, mysql database backend, again with the same letsencrypt tls certificates. Previously I've had all this on one host. What I'm wondering is if I should jail off these services, I've got a zfs setup, still trying to wrap my head around that, and am wondering should I run the database in one jail, the webserver/php in another jail, and the email server in a third jail? If I do this how would I get the tls certificates in to each jail, I'm looking for the maximum automation. Thanks. Dave.