Information on Setting up a Jailed Webserver
Ruben de Groot
mail25 at bzerk.org
Fri Aug 28 10:45:21 UTC 2009
On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed:
> Two more questions then I should be ready to go with my jail(s).
>
> In order to minimize the HDD space of the jail, can I add things in my
> src.conf such as
> WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF?
Yes you can. Another option is to use read only nullfs mounts for e.g. /usr,
/lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at all.
The ezjail port, allready mentioned, can more or less automate this.
> I do use pf on the host system, but it isn't needed inside the jail as
> well, correct?
Rather, it's not possible to use inside a standard (non-vimage) jail. There's
only one network stack.
> Also, is it possible to compile a port (specifically nginx) inside the
> host, then simply cp it into the jail and run it? I'd like to do this
> to avoid installing a compiler into the jail itself.
make package-recursive
Ruben
> Thanks again for the help.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list