From owner-freebsd-questions@FreeBSD.ORG Tue Feb 28 06:55:51 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD08916A420 for ; Tue, 28 Feb 2006 06:55:51 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38CBE43D48 for ; Tue, 28 Feb 2006 06:55:51 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: by wproxy.gmail.com with SMTP id i4so70127wra for ; Mon, 27 Feb 2006 22:55:50 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sKWJfWfu9p48nuiw1URAgNaJvdDg/vdADCU1wQlQNnm8vq/uc3NLP1uLt+jGpkIkTr8not3fAHLgXf0FGZMAGMqYT9fmGIs6xn6r/6x2GKrjwogtNt0m9MaQk62+UK6rpU0csCpBhlWfuCutccXb2xJbV/BPaCN6USA/9gUfFGY= Received: by 10.65.73.5 with SMTP id a5mr266882qbl; Mon, 27 Feb 2006 22:55:50 -0800 (PST) Received: by 10.64.181.16 with HTTP; Mon, 27 Feb 2006 22:55:50 -0800 (PST) Message-ID: Date: Tue, 28 Feb 2006 14:55:50 +0800 From: Daniel To: "Nick Larsen" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: freebsd-questions@freebsd.org Subject: Re: Building a Jail in FreeBSD or NetBSD for a hosting environment X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 06:55:51 -0000 Hey Nick, On 2/28/06, Nick Larsen wrote: > Hey Members, > > I have done a little research on Jails and setting them up, and managed t= o > get one going at one stage and managed to somehow destroy it. > I'm new to Jails, and I would like to use a real jail then just using a > chroot jail. > > Where I work, we use the Ensim software for hosting, and I find that very > pricey and sluggish (and it runs on Fedora rather than Linux). > They use a technique of chrooting sites and the sites users into an > environment in /home/virtual/sitexxx/ I would like to be able to do the s= ame > (but with Jail), but not quite sure how to go about it. Last time I tried= to > `make world DESTDIR=3D/my/jail/path` it failed (cannot remember the detai= ls > right now) but it this where I start? Idealy, you will start with: man jail It gives some decent instruction on howto build a jail, different sysctl variables, and just some general info that is very useful. Also: man jexec jexec allows you to execute commands within a jail, without actually having to be inside the jail itself. So, you can run commands within a jail even if the jail is not running SSH (or telnet, rsh etc...) (you don't need to login to the jail). This is an excellent feature because it allows you to have a web server you can't exactly login to, reducing the total amount of exposure to the server. Anyway... Attached is a couple of little scripts I put together sometime ago to help in building jails and automating the whole custom bootable ISO. The script make-rescue-iso.pl will need modification to match your FreeBSD version (was originally made for 5.3), so tuning the kernel config it builds and changing a couple version numbers so it can grab the bootable floppies should be no drama... make-jail.pl on the otherhand I used the other day without any problems. make-jail.pl -s /usr/src -d /destination/directory It'll then create a copy of /etc/make.conf called /etc/make.conf.jail and ask you to edit it with your editor, then it'll build away and need no further input. > Also do I need an individual IP for each jail? because each physical serv= er > will have 1 IP unless the customer requests a dedicated IP. You can definately share IP addresses across jails, but each JAIL cannot bind the same ports, for obvious reasons. So you can't have two jails, with two webservers, both listening on port 80, but you can definately have two jails with two webservers, one listening on port 80, the other on any port that is unused that you specify. > Any help would be appreciated, and I have tried to research it but end up > going round in circles. > > -- > Regards, > > Nick Larsen > Wellington > NEW ZEALAND Daniel