From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 01:52:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1B527FA4 for ; Wed, 6 Aug 2014 01:52:09 +0000 (UTC) Received: from mail.ssimicro.com (mail.ssimicro.com [64.247.129.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.ssimicro.com", Issuer "RapidSSL CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 98A7127E5 for ; Wed, 6 Aug 2014 01:52:07 +0000 (UTC) Received: from markhams-MacBook-Pro.local (rageous.ssimicro.com [64.247.134.200]) (authenticated bits=0) by mail.ssimicro.com (8.14.7/8.14.7) with ESMTP id s761k5Gq085241 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Tue, 5 Aug 2014 19:46:05 -0600 (MDT) Message-ID: <53E188DD.1030101@corp.ssimicro.com> Date: Tue, 05 Aug 2014 19:46:05 -0600 From: markham breitbach User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Best VPS setup References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2014 01:52:09 -0000 Personally, I prefer the security of jails to apache/mysql shared hosting. I setup a system based on our in-house implementation of jails that allows us to create virtual hosts based on a single "instance" of apache/php/mysql. In essence the instance is mounted into each jail by the host as a read-only file system. All the configs/logs/etc are setup as symlinks back to a local config directory that is mounted read/write for each jail, and the home directory is also RW. This has the advantage that even if apache/php is exploited it is impossible for the attacker to mess with the base system, and this also gives me the advantage that I can update or patch all 20 (in my case is more like 80) jails at the same time. -Markham On 2014-08-05, 7:06 PM, Anders Jensen-Waud wrote: > Mon, Aug 4, 2014 at 2:09 AM, Goran Tepshic wrote: > >> I'd like to know what would be the most reasonable setup for VPS hosting 20 >> domains. >> Separate jail for each domain with Apache/PHP/MariaDB instance in each of >> them (*sounds somewhat overkill*) or just Apache with virtual hosts or >> maybe a jail with apache and multiple vhosts? >> > that depends on the configuration and level of flexibility needed for each > web site. > > If each web site simply needs the same Apache/PHP/MariaDB version, then I > would recommend starting out with one Jail with 20 vhosts. > > Should there be a need to branch out from the standard setup then you can > always clone the jail, make the necessary amendments (e.g. MySQL instead of > MariaDB or an older/newer PHP version) and easily move the vhosts to that > Jail. > > Starting out with a base Jail means that you get the flexibility "baked-in" > for free without additional overhead. > > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"