Date: Wed, 26 Aug 2009 22:10:37 -0500 From: Adam Vande More <amvandemore@gmail.com> To: APseudoUtopia <apseudoutopia@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver Message-ID: <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> In-Reply-To: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia <apseudoutopia@gmail.com>wrote: > Hello, > > I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking > into running nginx inside a jailed host on my server for security > reasons (eg, if there is a hole in a php script). > > The website root is actually a working copy of my subversion > repository. I have svnserve running through OpenVPN. My plan would be > to have svnserve and OpenVPN running on the "main" system, and > nginx/php running inside a jail. > > I was wondering if it would be somehow possible to run a command on > the main system that updates the svn working copy inside the jail for > nginx to serve. Would I need to do the "svn up" over tcp/ip from the > jail to the main system? Or can I somehow update it via > file://path/to/main/repo? > The second method, it's quite easy. > I've never used or setup a jail before, so > how everything works is a bit confusing to me. Right now, I use an svn > post-commit hook to update the www working copy. > > Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. Usually, most setups won't run things that require a lot disk io in virtual systems, but jails are an exception. Practically native speed, it's easier to understand jails by thinking of them as an enhanced chroot enviro rather than a virtualization instance. > I'm willing to run postgresql in > another jail as well if it wouldn't be too memory-intensive. And > possibly even an IRC server. If you're going to run multiple jails, look at /usr/ports/sysutils/ezjail > > > I'm running FreeBSD 7.2-RELEASE-p3. Keep in mind jail needs to run same kernel as host. If you upgrade base system, do so with every jail as well. > > > Thank you for the suggestions, advise, and criticisms. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Adam Vande More
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6201873e0908262010n1f554fa6p88895ee4641a5620>