Date: Mon, 4 Feb 2019 22:00:26 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: Deregister a port? Message-ID: <1e167aca-1891-cc09-a047-0467a74783fa@FreeBSD.org> In-Reply-To: <43tVKW6ZwDz1ftYH@baobab.bilink.it> References: <43tRTn1zNKz1ftYp@baobab.bilink.it> <80bcc481-5a00-2059-c97b-4f993ffaa196@FreeBSD.org> <43tVKW6ZwDz1ftYH@baobab.bilink.it>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --L14kzbs7waQZ9l1crSIs0CSnihS3ayarw Content-Type: multipart/mixed; boundary="BuymechqiYA5rzasbdyFa10Nyv1vi5i1h"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-ports@freebsd.org Message-ID: <1e167aca-1891-cc09-a047-0467a74783fa@FreeBSD.org> Subject: Re: Deregister a port? References: <43tRTn1zNKz1ftYp@baobab.bilink.it> <80bcc481-5a00-2059-c97b-4f993ffaa196@FreeBSD.org> <43tVKW6ZwDz1ftYH@baobab.bilink.it> In-Reply-To: <43tVKW6ZwDz1ftYH@baobab.bilink.it> --BuymechqiYA5rzasbdyFa10Nyv1vi5i1h Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 04/02/2019 14:22, Luciano Mannucci wrote: > On Mon, 4 Feb 2019 13:38:56 +0000 > Matthew Seaman <matthew@FreeBSD.org> wrote: >=20 >> Tell us the details and we may be able to help. > Well, I'm migrating some web servers from very old linux to freebsd. > I need several versions of php to accomodate various applications > that are'nt under my control, some open source other hand made by > customers. I used to keep my various php installations under /opt/phpXX= > via the --prefix switch during compilation. The same can be done in > freebsd (I suppose :), though I've let some of the web sites use the > php installed via ports, and now I'm trying to revert that without > having to restart them to minimize downtime. I'd be thinking about creating jails for each different PHP version or even each different PHP application you need to support. Given you've got a front-end webserver such as nginx which proxies through to your PHP applications running in php-fpm(8) this should be a fairly natural fit. Think of it as akin to containerization. On modifying your PHP applications with no downtime -- you should be able to jailify the applications one-by-one and switch to each jailed version with no more than a reload of nginx (although that would probably forcibly log out any currently logged-in users of that particular application). The other big advantage of doing this is it means you can limit your exposure should any of the ancient versions of PHP prove to have exploitable security deficiencies. Any attackers would only get access to a jail, and not the complete set of websites on your webserver. Cheers, Matthew --BuymechqiYA5rzasbdyFa10Nyv1vi5i1h-- --L14kzbs7waQZ9l1crSIs0CSnihS3ayarw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAlxYtfpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5OesyRAAsN1aB3zpERRrUsadFAoZZxoB4CVQfwwnYIOphXD5VT27qH/r5v+KAt+5 L+amx47nXZ2f+qX2Ki47qIpaYhKSz9/b3ibp8aLQr83CMASZRM75/+sKbxjkMbLj WyeoYFTMR5LedatMkLgiX3uvcahUSfNWz9u2BKKoAMAX/17uAaz1iPst/UAb8Z90 i9PTzxt0MAnFhVHHTxFCfz7f9gvLjzl/LxH/lpyg6r5PtxJZO6mYuScLV0jy2GLd 6V6rFoVCJgLGCaqrOiQluXzIV8RD5u0E3q0o1dPPY8NPYjj8z0M0/6Px08vZ5RQ+ Jw03/gqs0zP4TxR/YHTTTexfuhIT6QYR722vDPa5So4LN+rocZdJD0Q8GfxF2yJd zz3nUgaZWAA5xtwmr1YbznikGpB+2URauI1eAqhipTNaT6Xa9/NKs+u1zWlz+vSL e/j3MZb2PoZqflYO0uJQyELBDXXv98pqp9peQMepqycAU9R5+XCOHkUIjbjpyhph U0p+17TgLbn8DEaxAMW9SBcpPCWdKs+UCzyKOLIeQzLJ51gdhYVUB8ZH0rdMgDSN pDXoEHJMmeuSYOeXtdAP9AsiyWVj9xviyD586AbV2RWetAadKuqTC9N1o1alw8ny 5l3bTr1/WQJrCEBZRSt198oJe68IPR6wfH8qspqTqhvkG0D4p1Q= =xGTh -----END PGP SIGNATURE----- --L14kzbs7waQZ9l1crSIs0CSnihS3ayarw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1e167aca-1891-cc09-a047-0467a74783fa>