Date: Fri, 29 Jan 2016 23:10:10 -0500 From: "Michael B. Eichorn" <ike@michaeleichorn.com> To: Sergei G <sergeig.public@gmail.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: How to reference PHP path in web server jail to app server in jail Message-ID: <1454127010.24947.9.camel@michaeleichorn.com> In-Reply-To: <CAFLLzCOj93krf6bKZ--egQcpXPnfas8HZ7prqhdCR4uYP5usVQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Fri, 2016-01-29 at 10:33 -0800, Sergei G wrote:
> Hi,
>
> I currently have this setup:
>
> * Host is running nginx web server
> * Host is running a number of jails. I usually have a jail per
> application.
> * nginx configuration file serves content that's installed in a jail
> by
> specifying path to a jail; jailed PHP application has paths relative
> to a
> jail
>
> I'd like to move web server into its own jail, but I don't know how I
> would
> instruct web server to locate application's (PHP) jail files.
>
> Any ideas?
>
> Parts of my nginx configuration file:
>
> server {
> ...
> # this is a host's path; it would change if nginx in its own jail
> location / {
> root /wiki.jailnet.private/usr/local/www/wiki/webroot;
> }
>
> # parts of foswiki configuration
> location ~ ^/bin/([aa-z]+) {
> ...
> # talk to fascgi through TCP/IP. I did not attempt to use Unix
> sockets. It would be nice.
> fastcgi_pass 192.168.3.13:90001
> # path is valid inside the wiki jail; that will stay the same
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/wiki/webroot/$fastcgi_script_name;
> ...
> }
>
> So, If I was to move nginx to its own jail I don't know how to
> replicate
> root /wiki.jailnet.private/usr/local/www/wiki/webroot;
> line inside jail to point to another jail's filesystem.
>
> I am not that good with nullfs, so if you could point to how to
> understand
> it that would be great.
>
If you have not already considered it, a very common solution is to use
php-fpm and have nginx act as a reverse proxy. That way the jails
communicate over the network and not a nullfs mounted filesystem. This
can be a benifit as it allows either jail to be moved to another
machine with minimal reconfiguration.
If you have considered it, ignore me and carry on.
[-- Attachment #2 --]
0 *H
010
`He�0 *H
��000]0
*H
�01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H1 0
U
ike@michaeleichorn.com1%0# *H
ike@michaeleichorn.com0"0
*H
��0
�UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#v
SYDz*
CpugYݔ,v<`j(w
aS#ڒ6n(K5'KVLåErv<
J=[}W
bLA%gޭnVb| I?M7D
:$׃bM_T[,ƃ\�00 U
0�0
U
0
U
%0++0
U
jj: γ+39啖0 U
#0Sr풜\|~5NԸQ0!U
0ike@michaeleichorn.com0LU
C0?0;
+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U
/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U
0http://www.startssl.com/0
*H
��x+ȐF}pw.X
vF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3 #H>mKAǠt)HO|=@} 3ӝ'iO81>
03 v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\
j[j|+000]0
*H
�01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H1 0
U
ike@michaeleichorn.com1%0# *H
ike@michaeleichorn.com0"0
*H
��0
�UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#v
SYDz*
CpugYݔ,v<`j(w
aS#ڒ6n(K5'KVLåErv<
J=[}W
bLA%gޭnVb| I?M7D
:$׃bM_T[,ƃ\�00 U
0�0
U
0
U
%0++0
U
jj: γ+39啖0 U
#0Sr풜\|~5NԸQ0!U
0ike@michaeleichorn.com0LU
C0?0;
+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U
/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U
0http://www.startssl.com/0
*H
��x+ȐF}pw.X
vF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3 #H>mKAǠt)HO|=@} 3ӝ'iO81>
03 v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\
j[j|+040
0
*H
�0}1
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0"0
*H
��0
� -).2AUGo#G
B|NDRpM-B=o
-we5JQpa>O.#._<V
[~**pz~3WG�.ᘟMlr[<Ce6fqO"uxfWN#uicgkv$Lb%y`_{`xK'GN�00U
00U
0
U
Sr풜\|~5NԸQ0 U
#0N
@[i04hCA0f+Z0X0'+0http://ocsp.startssl.com/ca0-+0!http://www.startssl.com/sfsca.crt0[U
T0R0'%#!http://www.startssl.com/sfsca.crl0'%#!http://crl.startssl.com/sfsca.crl0U
y0w0u
+70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
*H
��
}x,\c^
#wMq}>UK/^yX֏y frMIŲB61ymQҨݬZ0&�;@#13qۑ& ̢o 6r_;GO>*I(
74XS1r3)!LJy6Kotˆ#
_wSr
;B
ADp(fs
䰷6%.W0J3:bC<8t X1<Cn=t==wST~\wkBf|15zUP)(IjVB!OfI=bb\4-*em/нSJm7N[]'@ڽ
D9Kr>R7/|o^I@ټ'Pa
$ z9a'L)(
I}vcH]۸D*W}
m>Q|C.(,lQ10{001
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
`He�0 *H
1
*H
0
*H
1
160130041010Z0/ *H
1" �bmi
fd*lmH⬴
0 +71001
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
*H
101
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
*H
��2(
}$y<8af@5yk㍞m1(OE*ZlzxׇWvtоgN$&8TCQ�i+ ;
o\3
vg(~#)P{%Qwf[iԕ!*w@LK{<wBwkd7g >D
BNx|`TG+crdS}HNܗ'^./z$@/.XT
0]4wu
aL������
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1454127010.24947.9.camel>