On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia <[email protected]>wrote:
> Hello, > > I have a small site which runs PostgreSQL, Nginx, and PHP. I'm looking > into running nginx inside a jailed host on my server for security > reasons (eg, if there is a hole in a php script). > > The website root is actually a working copy of my subversion > repository. I have svnserve running through OpenVPN. My plan would be > to have svnserve and OpenVPN running on the "main" system, and > nginx/php running inside a jail. > > I was wondering if it would be somehow possible to run a command on > the main system that updates the svn working copy inside the jail for > nginx to serve. Would I need to do the "svn up" over tcp/ip from the > jail to the main system? Or can I somehow update it via > file://path/to/main/repo? > The second method, it's quite easy. > I've never used or setup a jail before, so > how everything works is a bit confusing to me. Right now, I use an svn > post-commit hook to update the www working copy. > > Also, how memory-intensive is a jail? Very light when compared to other virtualization methods. Usually, most setups won't run things that require a lot disk io in virtual systems, but jails are an exception. Practically native speed, it's easier to understand jails by thinking of them as an enhanced chroot enviro rather than a virtualization instance. > I'm willing to run postgresql in > another jail as well if it wouldn't be too memory-intensive. And > possibly even an IRC server. If you're going to run multiple jails, look at /usr/ports/sysutils/ezjail > > > I'm running FreeBSD 7.2-RELEASE-p3. Keep in mind jail needs to run same kernel as host. If you upgrade base system, do so with every jail as well. > > > Thank you for the suggestions, advise, and criticisms. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [email protected]" > -- Adam Vande More _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
