From owner-freebsd-questions@FreeBSD.ORG Sun Mar 16 16:32:16 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A25D14BD for ; Sun, 16 Mar 2014 16:32:16 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 8658CAC1 for ; Sun, 16 Mar 2014 16:32:16 +0000 (UTC) Received: from [192.168.0.64] (unknown [168.103.85.95]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id 38D21A093 for ; Sun, 16 Mar 2014 10:29:39 -0600 (MDT) Message-ID: <5325D011.8060807@tysdomain.com> Date: Sun, 16 Mar 2014 12:23:45 -0400 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: configuring base server system: lots of questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: tyler@tysdomain.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Mar 2014 16:32:16 -0000 hello: I am pressed on cash, but wanted to switch from Linode (Linux) to BSD. I had a few reasons, mainly that i like BSD quite a lot. I found the soyoustart servers and at least right now for my needs, it's working good. I am in the process of switching everything over--I'll do an install and will end up just wiping everything out and rebuilding this all later when I know exactly what I want to do, so I have a few questions: 1) I've seen a lot of discussion on ZFS. This server comes with 2 2tb drives on raid, so I assume it's a mirror. Would ZFS be useful in this case, or should I stick to UFS? I want to do a lot of work with jails: jail each individual service. Is this viable? I've also tightened up the kernel a bit and installed a pretty basic firewall. Are there other security concerns I need to worry about? What is the general checklist? 2) When accessing jails, I have a game I am developing that I want to host on this server. There are a few of us that will have access to the running copy--should they just sudo ezjail-admin console game, or is there a more secure method to allow individual users access? 3) I have 95 some odd updates with portmaster over the last two weeks. Is it viable somehow to just apply security patches? Is there a way to do that, until I have the time to sit down and apply all these updates individually? 4) My CFLAGS in make.conf looks like this: CFLAGS+=-O2 -march=native -s is this recommended? If not, what would be a better setup? Usually -O2 is a good level since -O3 tends (from what I've heard) to create a lot of cache misses. I wanted it to tune to my processor and strip. I was also looking at using -flto and -flto=8 (Is there a LDFLAGS), but I again wasn't sure if this was recommended. 5) Any other tips/advice would be awesome. I'll be deploying NGinx, php (fastcgi/other ideas), mysql and postfix to start with--possibly with amavis-new for spamassassin and clamav. Thanks in advance for the help, -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.