From owner-freebsd-questions@freebsd.org  Tue Dec 29 18:55:43 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE232A557AE
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 29 Dec 2015 18:55:43 +0000 (UTC) (envelope-from terje@elde.net)
Received: from rand.keepquiet.net (keepquiet.net [144.76.43.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "keepquiet.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B8EEF19ED
 for <freebsd-questions@freebsd.org>; Tue, 29 Dec 2015 18:55:43 +0000 (UTC)
 (envelope-from terje@elde.net)
Received: from [10.155.206.95] (2.150.57.227.tmi.telenormobil.no
 [2.150.57.227])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: terje@elde.net)
 by rand.keepquiet.net (Postfix) with ESMTPSA id B274876F;
 Tue, 29 Dec 2015 18:47:10 +0000 (UTC)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: Are Jails worth it?
From: Terje Elde <terje@elde.net>
X-Mailer: iPhone Mail (13C75)
In-Reply-To: <5682B7F1.1070606@ravexdata.com>
Date: Tue, 29 Dec 2015 19:47:08 +0100
Cc: freebsd-questions@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9DCC5321-34EE-40F0-AFD9-5E082E47C3B0@elde.net>
References: <5682B7F1.1070606@ravexdata.com>
To: Paul Stuffins <freebsd@ravexdata.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 18:55:44 -0000


> On 29 Dec 2015, at 17:42, Paul Stuffins <freebsd@ravexdata.com> wrote:
>=20
> I have a FreeBSD VPS on Digital Ocean that runs Nginx and PHP-FPM, MariaDB=
 is run on a separate VPS, and was wondering is it worth running NginX and P=
HP-FPM in separate jails, or is it not worth it and I should just keep the s=
et up as I have it which is everything installed on the base system?

That depends on a lot of different things.=20

Couple of thoughts:

Running jails isn't much of an effort once you're used to it.=20

But the benefit depends on what you're trying to protect. There's a world of=
 difference between a playpen, and health-info.=20

You could also stuff both of them in a single jail, giving you a clean host.=
=20

Securing the php-installation and code is probably just as important. Look a=
t it this way; jails give you isolation, but if your only thing is a php-sit=
e, which two (or more) things are you trying to isolate from each other?

Terje