From owner-freebsd-questions@FreeBSD.ORG Thu Aug 27 03:10:38 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7001A106568D for ; Thu, 27 Aug 2009 03:10:38 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-gx0-f227.google.com (mail-gx0-f227.google.com [209.85.217.227]) by mx1.freebsd.org (Postfix) with ESMTP id 27ED48FC20 for ; Thu, 27 Aug 2009 03:10:37 +0000 (UTC) Received: by gxk27 with SMTP id 27so847644gxk.12 for ; Wed, 26 Aug 2009 20:10:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=Bf9TCNaFysYsui+lsuef8O96lf+KP8jiPxDlbFpi8YY=; b=vBvwxn8ZAII6F9g+gtbDTL7axlvpwoEG9YS2+HEsAMn1ROCM0yrJiVkK8/R13GiAX7 It4HwbwZ9X0/uUeCzy+uuE20vcVjn5ETWVpBi9yzXd9aFLlIgwXguJVGGPHg8/PT+AQr LgToIOHOsENq+UPCh0GjdGpcG+NjW6gBVz55w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=RGuO/Ztj11I+rWWHgGUHHAu3oBS/ZGZOnTZx3XtRgxV4n6ZY9GinpusdANFkJiCUTP oEB+5Ma02ue2QZWZDvdq3woXya/7M24vEoITO5VSMXpZXaq3inkhTim2/2om9HH5DLt1 BSHU5gLvb4uWL/gGJtA3LSNbf+HDmkACcU+NI= MIME-Version: 1.0 Received: by 10.150.129.40 with SMTP id b40mr11901948ybd.311.1251342637142; Wed, 26 Aug 2009 20:10:37 -0700 (PDT) In-Reply-To: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> Date: Wed, 26 Aug 2009 22:10:37 -0500 Message-ID: <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> From: Adam Vande More To: APseudoUtopia Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2009 03:10:38 -0000 On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia wrote: > Hello, > > I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking > into running nginx inside a jailed host on my server for security > reasons (eg, if there is a hole in a php script). > > The website root is actually a working copy of my subversion > repository. I have svnserve running through OpenVPN. My plan would be > to have svnserve and OpenVPN running on the "main" system, and > nginx/php running inside a jail. > > I was wondering if it would be somehow possible to run a command on > the main system that updates the svn working copy inside the jail for > nginx to serve. Would I need to do the "svn up" over tcp/ip from the > jail to the main system? Or can I somehow update it via > file://path/to/main/repo? > The second method, it's quite easy. > I've never used or setup a jail before, so > how everything works is a bit confusing to me. Right now, I use an svn > post-commit hook to update the www working copy. > > Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. Usually, most setups won't run things that require a lot disk io in virtual systems, but jails are an exception. Practically native speed, it's easier to understand jails by thinking of them as an enhanced chroot enviro rather than a virtualization instance. > I'm willing to run postgresql in > another jail as well if it wouldn't be too memory-intensive. And > possibly even an IRC server. If you're going to run multiple jails, look at /usr/ports/sysutils/ezjail > > > I'm running FreeBSD 7.2-RELEASE-p3. Keep in mind jail needs to run same kernel as host. If you upgrade base system, do so with every jail as well. > > > Thank you for the suggestions, advise, and criticisms. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Adam Vande More