Are Jails worth it?

Terje Elde terje at elde.net
Tue Dec 29 18:55:44 UTC 2015


> On 29 Dec 2015, at 17:42, Paul Stuffins <freebsd at ravexdata.com> wrote:
> 
> I have a FreeBSD VPS on Digital Ocean that runs Nginx and PHP-FPM, MariaDB is run on a separate VPS, and was wondering is it worth running NginX and PHP-FPM in separate jails, or is it not worth it and I should just keep the set up as I have it which is everything installed on the base system?

That depends on a lot of different things. 

Couple of thoughts:

Running jails isn't much of an effort once you're used to it. 

But the benefit depends on what you're trying to protect. There's a world of difference between a playpen, and health-info. 

You could also stuff both of them in a single jail, giving you a clean host. 

Securing the php-installation and code is probably just as important. Look at it this way; jails give you isolation, but if your only thing is a php-site, which two (or more) things are you trying to isolate from each other?

Terje



More information about the freebsd-questions mailing list