correctly configuring PF with jailed environments

Norman Khine norman at
Tue Aug 12 11:33:36 UTC 2014

i am using nginx and here is the nginx.conf file

i am sharing the node application static files using nullfs as:

# cat etc/fstab.www
/usr/jails/basejail /usr/jails/www/basejail nullfs ro 0 0
/usr/jails/www/var/www nullfs ro 0 0

and then in my nginx.conf i have

i have set /var/www as the root for static files. this works

the strange thing is that if you click twice on a link it loads quickly,
but if you click only one time, it just takes time for the page to load. so
i think the issue is with nginx and the proxy

On Sun, Aug 10, 2014 at 1:02 PM, Fbsd8 <fbsd8 at> wrote:

> Norman Khine wrote:
>> hello, i have a web application running 3 jail environments one for Nginx
>> Web server, one for MongoDB/Redis and one for my Node.js application
>> this is my current pf.conf file
>> this works, as there is no access to my node app nor any of the dbs from
>> public interfaces.
>> the rules come out as
>> # pfctl -s rules
>> scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment
>> reassemble
>> scrub in log on igb0 all min-ttl 15 fragment reassemble
>> scrub in all fragment reassemble
>> i find that on my webserver i get timeouts and the html application does
>> not
>> load up quickly!
>> also, are there any improvements i can make to this as to ensure a more
>> secure environment?
>> any advice much appreciated
> I do not see this as a jail or pf problem.
> Look at commenting out any mod_* from the httpd.conf file that the html
> application does not use. Check that the 3 apache jails are not using the
> same service port (80). Do not use the apache default directory location
> for holding your html application files. Disable the pf firewall in rc.conf
> and test if this speeds up apache.

%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for
c in ",adym,*)&uzq^zqf" ] )

More information about the freebsd-questions mailing list