Are Jails worth it?

Michael B. Eichorn ike at michaeleichorn.com
Tue Dec 29 19:00:46 UTC 2015


On Tue, 2015-12-29 at 16:42 +0000, Paul Stuffins wrote:
> Afternoon Everyone,
> 
> I have a FreeBSD VPS on Digital Ocean that runs Nginx and PHP-FPM, 
> MariaDB is run on a separate VPS, and was wondering is it worth
> running 
> NginX and PHP-FPM in separate jails, or is it not worth it and I
> should 
> just keep the set up as I have it which is everything installed on
> the 
> base system?
> 
> Many Thanks
> Paul

It really is a 'depends on your threat environment' kind of thing. For
most use cases what you have is fine.

If you are concerned about more than the usual than maybe you would
want to separate them. If you want to be able to inspect the system
while under attack you will want to have the jails.

It really depends, but what you have already is certainly fine for most
uses so long as you keep up with your security patches and properly
configure php.

Ike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5729 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20151229/1418c846/attachment.bin>


More information about the freebsd-questions mailing list