Information on Setting up a Jailed Webserver
APseudoUtopia
apseudoutopia at gmail.com
Thu Aug 27 02:59:55 UTC 2009
Hello,
I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking
into running nginx inside a jailed host on my server for security
reasons (eg, if there is a hole in a php script).
The website root is actually a working copy of my subversion
repository. I have svnserve running through OpenVPN. My plan would be
to have svnserve and OpenVPN running on the "main" system, and
nginx/php running inside a jail.
I was wondering if it would be somehow possible to run a command on
the main system that updates the svn working copy inside the jail for
nginx to serve. Would I need to do the "svn up" over tcp/ip from the
jail to the main system? Or can I somehow update it via
file://path/to/main/repo? I've never used or setup a jail before, so
how everything works is a bit confusing to me. Right now, I use an svn
post-commit hook to update the www working copy.
Also, how memory-intensive is a jail? I'm willing to run postgresql in
another jail as well if it wouldn't be too memory-intensive. And
possibly even an IRC server.
I'm running FreeBSD 7.2-RELEASE-p3.
Thank you for the suggestions, advise, and criticisms.
More information about the freebsd-questions
mailing list