From owner-freebsd-questions@FreeBSD.ORG Thu Aug 27 02:59:55 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B215C106568B for ; Thu, 27 Aug 2009 02:59:55 +0000 (UTC) (envelope-from apseudoutopia@gmail.com) Received: from mail-bw0-f206.google.com (mail-bw0-f206.google.com [209.85.218.206]) by mx1.freebsd.org (Postfix) with ESMTP id 4434A8FC20 for ; Thu, 27 Aug 2009 02:59:54 +0000 (UTC) Received: by bwz2 with SMTP id 2so579129bwz.43 for ; Wed, 26 Aug 2009 19:59:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=JgOCOGPYhCngqMdK7VyO7CO41kkecUSabiV95X6QPII=; b=uILGbvN96PyiEoF76pSDVCkJUorNqLSo5EaDjYiSSLHZdRW4ONDbrM4DPot+ZxR1ZU DpHXu9qOyWp3ApHvMwupt7QU/YsB13m3fU39k/lgKz1HFdU5YDzZwgxwVw+tf+ecpv4g DVbVg3NLJvJ04gFyTP/d2FaN8CBYdnwx/J1NQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; b=S+XVV248DTcljL3kHLaJ/aeHXrGwBgm0QVo7OYKfs7eeRRYkK3MYEKAGyYPOVu2oxe adO6HIud+DH/l3J/0ulftv1TWnpwu+QgOVtxOVYPHCM9mpeERvepvaVuEL1/xQuv7/EN WBJVcI4wRvN0vYElonkF7r+Ki8GIXoYGpebBw= MIME-Version: 1.0 Received: by 10.204.154.150 with SMTP id o22mr4278716bkw.154.1251341994147; Wed, 26 Aug 2009 19:59:54 -0700 (PDT) From: APseudoUtopia Date: Wed, 26 Aug 2009 22:59:34 -0400 Message-ID: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2009 02:59:55 -0000 Hello, I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking into running nginx inside a jailed host on my server for security reasons (eg, if there is a hole in a php script). The website root is actually a working copy of my subversion repository. I have svnserve running through OpenVPN. My plan would be to have svnserve and OpenVPN running on the "main" system, and nginx/php running inside a jail. I was wondering if it would be somehow possible to run a command on the main system that updates the svn working copy inside the jail for nginx to serve. Would I need to do the "svn up" over tcp/ip from the jail to the main system? Or can I somehow update it via file://path/to/main/repo? I've never used or setup a jail before, so how everything works is a bit confusing to me. Right now, I use an svn post-commit hook to update the www working copy. Also, how memory-intensive is a jail? I'm willing to run postgresql in another jail as well if it wouldn't be too memory-intensive. And possibly even an IRC server. I'm running FreeBSD 7.2-RELEASE-p3. Thank you for the suggestions, advise, and criticisms.