confessions of a FreeBSD purist
Fbsd8
fbsd8 at a1poweruser.com
Sun Nov 18 13:29:46 UTC 2012
Polytropon wrote:
> On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote:
>> However, I do need to run a web site again, and I am more than convinced
>> on the superior performance, and hardening possible with FreeBSD bind,
>> and Apache running in jails. However, I'd like to run FreeBSD in a
>> VMWare or VirtualBox VMs. This gives me the ability to take snapshots
>> to recover easily when I break something. Computing resources are like
>> candy these days. My fast box has 4 screaming fast processors with 8 GB
>> of RAM, and that is a three year old machine. There is no reason
>> FreeBSD cannot run with adequate performance in a VM and run bind, and
>> perhaps on another physical box, have a FreeBSD VM running Apache, both
>> in jails. I know others are doing it.
>>
>> Could anyone be kind enough to recommend a free, or share their own
>> FreeBSD VM image that has bind pre-configured in a jail, and / or an
>> Apache web server pre-configured in a jail, for a non-commercial site?
>> With this configuration I can revert after breaking something as an
>> over-eager, semi-qualified system administrator.
>
> You should really invest the time needed to build and configure
> the server software (!) you're going to use. In my opinion, it
> is your responsibility to provide a secure service, as any idiot
> can provide an insecure service. :-)
>
> The time you invest is well spent. Also note that there are tools
> like ezjail and warden (PC-BSD's tool for managing jails, with GUI).
> Of course there is sufficient documentation for installing and
> configuring Apache. Nobody else than _you_ knows your requirements
> best. You will benefit from tuning the required software yourself.
>
> Security is a process, not a state. Do not trust "3rd party VM
> images", especially when you're going to instantiate a service
> (like a web server) using them. Use paranoia for good. :-)
>
> Some hints:
>
> http://erdgeist.org/arts/software/ezjail/
>
> http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/
>
> http://wiki.pcbsd.org/index.php/Warden®
>
> Again, you should reconsider using VM images provided by others.
> There is basically nothing wrong in running a FreeBSD server in
> a VM on Linux, even though it might be valid as well to run
> FreeBSD on "bare metal". But that depends on your requirements,
> intentions, and energy bill. :-)
>
>
>
A far better tool to build jails is qjail, give it a try.
http://qjail.sourceforge.net/
http://www.freebsd.org/cgi/ports.cgi?query=qjail&stype=all
More information about the freebsd-questions
mailing list