Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Aug 2009 21:51:45 +0200
From:      Albert Shih <Albert.Shih@obspm.fr>
To:        APseudoUtopia <apseudoutopia@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Information on Setting up a Jailed Webserver
Message-ID:  <20090827195145.GA91653@obspm.fr>
In-Reply-To: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com>
References:  <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
 Le 26/08/2009 à 22:59:34-0400, APseudoUtopia a écrit
> Hello,
> 
> I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking
> into running nginx inside a jailed host on my server for security
> reasons (eg, if there is a hole in a php script).
> 
> The website root is actually a working copy of my subversion
> repository. I have svnserve running through OpenVPN. My plan would be
> to have svnserve and OpenVPN running on the "main" system, and
> nginx/php running inside a jail.
> 
> I was wondering if it would be somehow possible to run a command on
> the main system that updates the svn working copy inside the jail for
> nginx to serve. Would I need to do the "svn up" over tcp/ip from the
> jail to the main system? Or can I somehow update it via
> file://path/to/main/repo?  I've never used or setup a jail before, so

IMHO that's bad idea. Someday you maybe want to put your website in other
machine, maybe you want to have two server to duplicate your website (just
need rsync). 

If you want update you svn repository you can put in your subversion server
in the hook-scripts something like

	wget http://your_website/some_where/update_repo > /dev/null

and in your web serveur (jail or not) you create some script
	
	update_repo

with

	cd /your_web_site_dir
	svn up

You can add some deny in your apache conf to authorized only your svn
serveur to make the wget

> Also, how memory-intensive is a jail? I'm willing to run postgresql in

If you have only 32Mo you can have some problem ;-)

I run almost ~20 jail server on one physical server without any problem.

Regards.

-- 
Albert SHIH
SIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Téléphone : 01 45 07 76 26/06 86 69 95 71
Heure local/Local time:
Jeu 27 aoû 2009 21:44:15 CEST

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090827195145.GA91653>