How to reference PHP path in web server jail to app server in jail
Michael B. Eichorn
ike at michaeleichorn.com
Sat Jan 30 04:16:46 UTC 2016
On Fri, 2016-01-29 at 10:33 -0800, Sergei G wrote:
> Hi,
>
> I currently have this setup:
>
> * Host is running nginx web server
> * Host is running a number of jails. I usually have a jail per
> application.
> * nginx configuration file serves content that's installed in a jail
> by
> specifying path to a jail; jailed PHP application has paths relative
> to a
> jail
>
> I'd like to move web server into its own jail, but I don't know how I
> would
> instruct web server to locate application's (PHP) jail files.
>
> Any ideas?
>
> Parts of my nginx configuration file:
>
> server {
> ...
> # this is a host's path; it would change if nginx in its own jail
> location / {
> root /wiki.jailnet.private/usr/local/www/wiki/webroot;
> }
>
> # parts of foswiki configuration
> location ~ ^/bin/([aa-z]+) {
> ...
> # talk to fascgi through TCP/IP. I did not attempt to use Unix
> sockets. It would be nice.
> fastcgi_pass 192.168.3.13:90001
> # path is valid inside the wiki jail; that will stay the same
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/wiki/webroot/$fastcgi_script_name;
> ...
> }
>
> So, If I was to move nginx to its own jail I don't know how to
> replicate
> root /wiki.jailnet.private/usr/local/www/wiki/webroot;
> line inside jail to point to another jail's filesystem.
>
> I am not that good with nullfs, so if you could point to how to
> understand
> it that would be great.
>
If you have not already considered it, a very common solution is to use
php-fpm and have nginx act as a reverse proxy. That way the jails
communicate over the network and not a nullfs mounted filesystem. This
can be a benifit as it allows either jail to be moved to another
machine with minimal reconfiguration.
If you have considered it, ignore me and carry on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5729 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160129/cf1486e2/attachment.bin>
More information about the freebsd-questions
mailing list