Date: Thu, 27 Aug 2009 21:51:45 +0200 From: Albert Shih <Albert.Shih@obspm.fr> To: APseudoUtopia <apseudoutopia@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver Message-ID: <20090827195145.GA91653@obspm.fr> In-Reply-To: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 26/08/2009 à 22:59:34-0400, APseudoUtopia a écrit > Hello, > > I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking > into running nginx inside a jailed host on my server for security > reasons (eg, if there is a hole in a php script). > > The website root is actually a working copy of my subversion > repository. I have svnserve running through OpenVPN. My plan would be > to have svnserve and OpenVPN running on the "main" system, and > nginx/php running inside a jail. > > I was wondering if it would be somehow possible to run a command on > the main system that updates the svn working copy inside the jail for > nginx to serve. Would I need to do the "svn up" over tcp/ip from the > jail to the main system? Or can I somehow update it via > file://path/to/main/repo? I've never used or setup a jail before, so IMHO that's bad idea. Someday you maybe want to put your website in other machine, maybe you want to have two server to duplicate your website (just need rsync). If you want update you svn repository you can put in your subversion server in the hook-scripts something like wget http://your_website/some_where/update_repo > /dev/null and in your web serveur (jail or not) you create some script update_repo with cd /your_web_site_dir svn up You can add some deny in your apache conf to authorized only your svn serveur to make the wget > Also, how memory-intensive is a jail? I'm willing to run postgresql in If you have only 32Mo you can have some problem ;-) I run almost ~20 jail server on one physical server without any problem. Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Jeu 27 aoû 2009 21:44:15 CEST
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090827195145.GA91653>