From owner-freebsd-questions@FreeBSD.ORG Sun Nov 18 11:51:32 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 90272C7F for ; Sun, 18 Nov 2012 11:51:32 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 4924D8FC12 for ; Sun, 18 Nov 2012 11:51:31 +0000 (UTC) Received: from r56.edvax.de (port-92-195-8-72.dynamic.qsc.de [92.195.8.72]) by mx01.qsc.de (Postfix) with ESMTP id A5E0C3CB07; Sun, 18 Nov 2012 12:51:24 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id qAIBpPpx003840; Sun, 18 Nov 2012 12:51:25 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sun, 18 Nov 2012 12:51:25 +0100 From: Polytropon To: Matthew Pope Subject: Re: confessions of a FreeBSD purist Message-Id: <20121118125125.85b2a49f.freebsd@edvax.de> In-Reply-To: <50A72E72.1000205@teksavvy.com> References: <50A72E72.1000205@teksavvy.com> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 11:51:32 -0000 On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote: > However, I do need to run a web site again, and I am more than convinced= =20 > on the superior performance, and hardening possible with FreeBSD bind,=20 > and Apache running in jails. However, I'd like to run FreeBSD in a=20 > VMWare or VirtualBox VMs. This gives me the ability to take snapshots=20 > to recover easily when I break something. Computing resources are like=20 > candy these days. My fast box has 4 screaming fast processors with 8 GB= =20 > of RAM, and that is a three year old machine. There is no reason=20 > FreeBSD cannot run with adequate performance in a VM and run bind, and=20 > perhaps on another physical box, have a FreeBSD VM running Apache, both=20 > in jails. I know others are doing it. >=20 > Could anyone be kind enough to recommend a free, or share their own=20 > FreeBSD VM image that has bind pre-configured in a jail, and / or an=20 > Apache web server pre-configured in a jail, for a non-commercial site? =20 > With this configuration I can revert after breaking something as an=20 > over-eager, semi-qualified system administrator. You should really invest the time needed to build and configure the server software (!) you're going to use. In my opinion, it is your responsibility to provide a secure service, as any idiot can provide an insecure service. :-) The time you invest is well spent. Also note that there are tools like ezjail and warden (PC-BSD's tool for managing jails, with GUI). Of course there is sufficient documentation for installing and configuring Apache. Nobody else than _you_ knows your requirements best. You will benefit from tuning the required software yourself. Security is a process, not a state. Do not trust "3rd party VM images", especially when you're going to instantiate a service (like a web server) using them. Use paranoia for good. :-) Some hints: http://erdgeist.org/arts/software/ezjail/ http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/ http://wiki.pcbsd.org/index.php/Warden=AE Again, you should reconsider using VM images provided by others. There is basically nothing wrong in running a FreeBSD server in a VM on Linux, even though it might be valid as well to run FreeBSD on "bare metal". But that depends on your requirements, intentions, and energy bill. :-) --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...