Date: Tue, 28 Feb 2006 14:55:50 +0800 From: Daniel <jahilliya@gmail.com> To: "Nick Larsen" <larsen.nick@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Building a Jail in FreeBSD or NetBSD for a hosting environment Message-ID: <ba5e78ea0602272255t30358e21g72c8690ce71847e8@mail.gmail.com> In-Reply-To: <aceb91c30602271834i4e9e4ce2i23b694f7e7bc7de0@mail.gmail.com> References: <aceb91c30602271834i4e9e4ce2i23b694f7e7bc7de0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey Nick, On 2/28/06, Nick Larsen <larsen.nick@gmail.com> wrote: > Hey Members, > > I have done a little research on Jails and setting them up, and managed t= o > get one going at one stage and managed to somehow destroy it. > I'm new to Jails, and I would like to use a real jail then just using a > chroot jail. > > Where I work, we use the Ensim software for hosting, and I find that very > pricey and sluggish (and it runs on Fedora rather than Linux). > They use a technique of chrooting sites and the sites users into an > environment in /home/virtual/sitexxx/ I would like to be able to do the s= ame > (but with Jail), but not quite sure how to go about it. Last time I tried= to > `make world DESTDIR=3D/my/jail/path` it failed (cannot remember the detai= ls > right now) but it this where I start? Idealy, you will start with: man jail It gives some decent instruction on howto build a jail, different sysctl variables, and just some general info that is very useful. Also: man jexec jexec allows you to execute commands within a jail, without actually having to be inside the jail itself. So, you can run commands within a jail even if the jail is not running SSH (or telnet, rsh etc...) (you don't need to login to the jail). This is an excellent feature because it allows you to have a web server you can't exactly login to, reducing the total amount of exposure to the server. Anyway... Attached is a couple of little scripts I put together sometime ago to help in building jails and automating the whole custom bootable ISO. The script make-rescue-iso.pl will need modification to match your FreeBSD version (was originally made for 5.3), so tuning the kernel config it builds and changing a couple version numbers so it can grab the bootable floppies should be no drama... make-jail.pl on the otherhand I used the other day without any problems. make-jail.pl -s /usr/src -d /destination/directory It'll then create a copy of /etc/make.conf called /etc/make.conf.jail and ask you to edit it with your editor, then it'll build away and need no further input. > Also do I need an individual IP for each jail? because each physical serv= er > will have 1 IP unless the customer requests a dedicated IP. You can definately share IP addresses across jails, but each JAIL cannot bind the same ports, for obvious reasons. So you can't have two jails, with two webservers, both listening on port 80, but you can definately have two jails with two webservers, one listening on port 80, the other on any port that is unused that you specify. > Any help would be appreciated, and I have tried to research it but end up > going round in circles. > > -- > Regards, > > Nick Larsen > Wellington > NEW ZEALAND Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba5e78ea0602272255t30358e21g72c8690ce71847e8>