correctly configuring PF with jailed environments
Norman Khine
norman at khine.net
Tue Aug 12 11:33:36 UTC 2014
i am using nginx and here is the nginx.conf file
https://gist.github.com/nkhine/f620f8bdc0fb613b7b59
i am sharing the node application static files using nullfs as:
# cat etc/fstab.www
/usr/jails/basejail /usr/jails/www/basejail nullfs ro 0 0
/usr/jails/app/home/app/node-blade-boiler-template/public
/usr/jails/www/var/www nullfs ro 0 0
and then in my nginx.conf i have
https://gist.github.com/nkhine/f620f8bdc0fb613b7b59#file-gistfile1-txt-L122
i have set /var/www as the root for static files. this works
the strange thing is that if you click twice on a link it loads quickly,
but if you click only one time, it just takes time for the page to load. so
i think the issue is with nginx and the proxy
On Sun, Aug 10, 2014 at 1:02 PM, Fbsd8 <fbsd8 at a1poweruser.com> wrote:
> Norman Khine wrote:
>
>> hello, i have a web application running 3 jail environments one for Nginx
>> Web server, one for MongoDB/Redis and one for my Node.js application
>>
>> this is my current pf.conf file
>>
>> https://gist.github.com/nkhine/d03ea23a749c47bcc4d0
>>
>> this works, as there is no access to my node app nor any of the dbs from
>> public interfaces.
>>
>> the rules come out as
>>
>> # pfctl -s rules
>> scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment
>> reassemble
>> scrub in log on igb0 all min-ttl 15 fragment reassemble
>> scrub in all fragment reassemble
>>
>> i find that on my webserver i get timeouts and the html application does
>> not
>>
>> load up quickly!
>>
>> also, are there any improvements i can make to this as to ensure a more
>> secure environment?
>>
>> any advice much appreciated
>>
>>
> I do not see this as a jail or pf problem.
> Look at commenting out any mod_* from the httpd.conf file that the html
> application does not use. Check that the 3 apache jails are not using the
> same service port (80). Do not use the apache default directory location
> for holding your html application files. Disable the pf firewall in rc.conf
> and test if this speeds up apache.
>
>
>
>
>
--
%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for
c in ",adym,*)&uzq^zqf" ] )
More information about the freebsd-questions
mailing list