How to reference PHP path in web server jail to app server in jail

Michael B. Eichorn ike at michaeleichorn.com
Sat Jan 30 04:16:46 UTC 2016


On Fri, 2016-01-29 at 10:33 -0800, Sergei G wrote:
> Hi,
> 
> I currently have this setup:
> 
> * Host is running nginx web server
> * Host is running a number of jails.  I usually have a jail per
> application.
> * nginx configuration file serves content that's installed in a jail
> by
> specifying path to a jail; jailed PHP application has paths relative
> to a
> jail
> 
> I'd like to move web server into its own jail, but I don't know how I
> would
> instruct web server to locate application's (PHP) jail files.
> 
> Any ideas?
> 
> Parts of my nginx configuration file:
> 
> server {
>    ...
>    # this is a host's path; it would change if nginx in its own jail
>    location / {
>       root /wiki.jailnet.private/usr/local/www/wiki/webroot;
>    }
> 
>    # parts of foswiki configuration
>    location ~ ^/bin/([aa-z]+) {
>       ...
>      # talk to fascgi through TCP/IP.  I did not attempt to use Unix
> sockets.  It would be nice.
>       fastcgi_pass 192.168.3.13:90001
>       # path is valid inside the wiki jail; that will stay the same
>       fastcgi_param  SCRIPT_FILENAME
> /usr/local/www/wiki/webroot/$fastcgi_script_name;
>       ...
> }
> 
> So, If I was to move nginx to its own jail I don't know how to
> replicate
>    root /wiki.jailnet.private/usr/local/www/wiki/webroot;
> line inside jail to point to another jail's filesystem.
> 
> I am not that good with nullfs, so if you could point to how to
> understand
> it that would be great.
> 

If you have not already considered it, a very common solution is to use
php-fpm and have nginx act as a reverse proxy. That way the jails
communicate over the network and not a nullfs mounted filesystem. This
can be a benifit as it allows either jail to be moved to another
machine with minimal reconfiguration.

If you have considered it, ignore me and carry on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5729 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160129/cf1486e2/attachment.bin>


More information about the freebsd-questions mailing list