Date: Sat, 29 Aug 2009 14:26:18 +0100 From: krad <kraduk@googlemail.com> To: Ruben de Groot <mail25@bzerk.org>, APseudoUtopia <apseudoutopia@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver Message-ID: <d36406630908290626t5dae88bds193e623ef70dbea0@mail.gmail.com> In-Reply-To: <20090828104516.GB30068@ei.bzerk.org> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com> <27ade5280908270928s256bed30s2cc75587b22577b1@mail.gmail.com> <20090828104516.GB30068@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/8/28 Ruben de Groot <mail25@bzerk.org> > On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed: > > Two more questions then I should be ready to go with my jail(s). > > > > In order to minimize the HDD space of the jail, can I add things in my > > src.conf such as > > WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? > > Yes you can. Another option is to use read only nullfs mounts for e.g. > /usr, > /lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at > all. > The ezjail port, allready mentioned, can more or less automate this. > > > I do use pf on the host system, but it isn't needed inside the jail as > > well, correct? > > Rather, it's not possible to use inside a standard (non-vimage) jail. > There's > only one network stack. > > > Also, is it possible to compile a port (specifically nginx) inside the > > host, then simply cp it into the jail and run it? I'd like to do this > > to avoid installing a compiler into the jail itself. > > make package-recursive > > Ruben > > > Thanks again for the help. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > I've not seen all this post so sorry if this has been mentioned before. Apache has a module called mod_jail, that means (im pretty sure) you dont have to build the full jail environment. I've not looked at it in detail but it's probably worth looking at before you start hacking around with full jails http://www.freebsdsoftware.org/www/mod_jail.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d36406630908290626t5dae88bds193e623ef70dbea0>