Date: Wed, 6 Aug 2014 12:16:56 +0200 From: Goran Tepshic <purpleritza@gmail.com> To: markham breitbach <markhamb@corp.ssimicro.com>, anders@jensenwaud.com Cc: freebsd-questions@freebsd.org Subject: Re: Best VPS setup Message-ID: <CADLW%2Bu1qBi%2BOQe9XHjgT6qRQpCYyy3xOR4sW_oqijkc_0LgEWw@mail.gmail.com> In-Reply-To: <53E188DD.1030101@corp.ssimicro.com> References: <CADLW%2Bu2A6T984UDOUcTf9F_saQUTDyh8sEEQSjgGZMWLh%2Bu7rw@mail.gmail.com> <CALvn0yg6My=zxwb7Jdu_1p=Nq6wGVucLmaLi5hdtQZFVQ_hCKw@mail.gmail.com> <53E188DD.1030101@corp.ssimicro.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds good. I just made first, default jail I'm going to clone and noticed that *mod_rewrite* and *mod_proxy* have some issues and are filling up Apache logs. When i disable them Apache starts normally. These are error logs excerpts: *mod_rewrite error:* [rewrite:crit] [pid 43447] (13)Permission denied: AH00666: mod_rewrite: > could not init rewrite_mapr_lock_acquire in child *mod_proxy error:* [proxy:crit] [pid 43447] (13)Permission denied: AH02479: could not init > proxy_mutex in child Could anyone shed some light on this issue? Is it working in your jails? On Wed, Aug 6, 2014 at 3:46 AM, markham breitbach < markhamb@corp.ssimicro.com> wrote: > Personally, I prefer the security of jails to apache/mysql shared hosting. > > I setup a system based on our in-house implementation of jails that > allows us to create virtual hosts based on a single "instance" of > apache/php/mysql. > > In essence the instance is mounted into each jail by the host as a > read-only file system. All the configs/logs/etc are setup as symlinks > back to a local config directory that is mounted read/write for each > jail, and the home directory is also RW. This has the advantage that > even if apache/php is exploited it is impossible for the attacker to > mess with the base system, and this also gives me the advantage that I > can update or patch all 20 (in my case is more like 80) jails at the > same time. > > -Markham > > > On 2014-08-05, 7:06 PM, Anders Jensen-Waud wrote: > > Mon, Aug 4, 2014 at 2:09 AM, Goran Tepshic <purpleritza@gmail.com> > wrote: > > > >> I'd like to know what would be the most reasonable setup for VPS > hosting 20 > >> domains. > >> Separate jail for each domain with Apache/PHP/MariaDB instance in each > of > >> them (*sounds somewhat overkill*) or just Apache with virtual hosts or > >> maybe a jail with apache and multiple vhosts? > >> > > that depends on the configuration and level of flexibility needed for > each > > web site. > > > > If each web site simply needs the same Apache/PHP/MariaDB version, then I > > would recommend starting out with one Jail with 20 vhosts. > > > > Should there be a need to branch out from the standard setup then you can > > always clone the jail, make the necessary amendments (e.g. MySQL instead > of > > MariaDB or an older/newer PHP version) and easily move the vhosts to that > > Jail. > > > > Starting out with a base Jail means that you get the flexibility > "baked-in" > > for free without additional overhead. > > > > > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to " > >> freebsd-questions-unsubscribe@freebsd.org" > >> > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLW%2Bu1qBi%2BOQe9XHjgT6qRQpCYyy3xOR4sW_oqijkc_0LgEWw>