confessions of a FreeBSD purist

Polytropon freebsd at edvax.de
Sun Nov 18 11:51:32 UTC 2012


On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote:
> However, I do need to run a web site again, and I am more than convinced 
> on the superior performance, and hardening possible with FreeBSD bind, 
> and Apache running in jails. However, I'd like to run FreeBSD in a 
> VMWare or VirtualBox VMs.  This gives me the ability to take snapshots 
> to recover easily when I break something. Computing resources are like 
> candy these days.  My fast box has 4 screaming fast processors with 8 GB 
> of RAM, and that is a three year old machine.  There is no reason 
> FreeBSD cannot run with adequate performance in a VM and run bind, and 
> perhaps on another physical box, have a FreeBSD VM running Apache, both 
> in jails.  I know others are doing it.
> 
> Could anyone be kind enough to recommend a free, or share their own 
> FreeBSD VM image that has bind pre-configured in a jail, and / or an 
> Apache web server pre-configured in a jail, for a non-commercial site?  
> With this configuration I can revert after breaking something as an 
> over-eager, semi-qualified system administrator.

You should really invest the time needed to build and configure
the server software (!) you're going to use. In my opinion, it
is your responsibility to provide a secure service, as any idiot
can provide an insecure service. :-)

The time you invest is well spent. Also note that there are tools
like ezjail and warden (PC-BSD's tool for managing jails, with GUI).
Of course there is sufficient documentation for installing and
configuring Apache. Nobody else than _you_ knows your requirements
best. You will benefit from tuning the required software yourself.

Security is a process, not a state. Do not trust "3rd party VM
images", especially when you're going to instantiate a service
(like a web server) using them. Use paranoia for good. :-)

Some hints:

http://erdgeist.org/arts/software/ezjail/

http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/

http://wiki.pcbsd.org/index.php/Warden®

Again, you should reconsider using VM images provided by others.
There is basically nothing wrong in running a FreeBSD server in
a VM on Linux, even though it might be valid as well to run
FreeBSD on "bare metal". But that depends on your requirements,
intentions, and energy bill. :-)



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...


More information about the freebsd-questions mailing list