Deregister a port?
Matthew Seaman
matthew at FreeBSD.org
Mon Feb 4 22:00:30 UTC 2019
On 04/02/2019 14:22, Luciano Mannucci wrote:
> On Mon, 4 Feb 2019 13:38:56 +0000
> Matthew Seaman <matthew at FreeBSD.org> wrote:
>
>> Tell us the details and we may be able to help.
> Well, I'm migrating some web servers from very old linux to freebsd.
> I need several versions of php to accomodate various applications
> that are'nt under my control, some open source other hand made by
> customers. I used to keep my various php installations under /opt/phpXX
> via the --prefix switch during compilation. The same can be done in
> freebsd (I suppose :), though I've let some of the web sites use the
> php installed via ports, and now I'm trying to revert that without
> having to restart them to minimize downtime.
I'd be thinking about creating jails for each different PHP version or
even each different PHP application you need to support. Given you've
got a front-end webserver such as nginx which proxies through to your
PHP applications running in php-fpm(8) this should be a fairly natural
fit. Think of it as akin to containerization.
On modifying your PHP applications with no downtime -- you should be
able to jailify the applications one-by-one and switch to each jailed
version with no more than a reload of nginx (although that would
probably forcibly log out any currently logged-in users of that
particular application).
The other big advantage of doing this is it means you can limit your
exposure should any of the ancient versions of PHP prove to have
exploitable security deficiencies. Any attackers would only get access
to a jail, and not the complete set of websites on your webserver.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20190204/2d41ad2a/attachment.sig>
More information about the freebsd-ports
mailing list