From owner-freebsd-isp@FreeBSD.ORG Wed Oct 26 20:36:24 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEC8E16A41F for ; Wed, 26 Oct 2005 20:36:24 +0000 (GMT) (envelope-from discussion-lists@linnet.org) Received: from orb.pobox.com (orb.pobox.com [207.8.226.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 779B943D45 for ; Wed, 26 Oct 2005 20:36:24 +0000 (GMT) (envelope-from discussion-lists@linnet.org) Received: from orb (localhost [127.0.0.1]) by orb.pobox.com (Postfix) with ESMTP id F1057326F; Wed, 26 Oct 2005 16:36:47 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id B578489; Wed, 26 Oct 2005 16:36:46 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.54 (FreeBSD)) id 1EUs0S-0003Jr-CX; Wed, 26 Oct 2005 21:36:20 +0100 Date: Wed, 26 Oct 2005 21:36:20 +0100 From: Brian Candler To: Troy Settle Message-ID: <20051026203620.GA12734@uk.tiscali.com> References: <435D0426.6010107@psknet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <435D0426.6010107@psknet.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: Web Hosting - IPs, Quotas and Jails X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 20:36:24 -0000 On Mon, Oct 24, 2005 at 11:56:22AM -0400, Troy Settle wrote: > Anyways, here's where I need some help. I want to create a 3rd jail for > Frontpage services. FP doesn't have any built in quota support that > I've seen, so I'll need to depend on file system quotas. CGIs can write files too, so if you allow users to upload their own CGIs you'll have the same problem. The alternative solution is to 'du' the disk space usage periodically (e.g. nightly), and users who are overquota can be contacted and warned or their site suspended, depending on how draconian you wish to be. You'll probably need a similar mechanism in any case for dealing with users who consume excessive amounts of bandwidth. > Finally, I want to be able to offer advanced web services that will > allow the customer to have SSL certificates, operate virtual FTP > servers, etc... This requires that I have one IP per server, which > means one jail per server. Jails are fun, but somehow, I don't think 50 > jails would be fun. I believe you can use the same jail directory structure bound to different IPs; just run 'jail' multiple times. You'll just need to take care if running the same daemon multiple times; each instance will need to be told to write to a different pid file, and will need a different config file (otherwise there wouldn't be any point having multiple instances) Regards, Brian.