freebsd jail: web and database server config questions
dino_vliet at yahoo.com
Tue Oct 13 14:18:40 UTC 2009
Dear Freebsd people,
To consolditae on resources I have configured a machine to run both a web and database server (powering my database driven website).
Due to security concerns I'm contemplating on introducing a jailed environment on this machine and want to know if this would be feasible. I have a few questions for the freebsd community regarding this approach and hope someone would give me some advice.
Is it advisable/wise/okay/clever to run a webserver on my host system and a database server on my jailed system? The webserver will need to connect to the database system on startup and update the database based on client access.
However, if a machine gets compromised, it would rather be the webserver, therefore running the webserver in the jailed environment seems better to me. But how could that be done, if the webserver requires to connect through tcp/ip to the database server running on the host system? I thought that a key-feature of a jailed system is that it can't access resources outside the jail.
And how do I go around when I need to update my host system due to a security advisory. I heard the jailed environment will not be affected? So basically that means I would need to create a new jail everytime I recompile (as that's the way I'm using to stay current)
Hope to hear from you,
More information about the freebsd-questions