jails DJANGO + postgres + NGINX in a jail Best practices

tuxador

Active Member

Reaction score: 57
Messages: 134

Hi, i am setting up for local deployment a django app in a desktop running FreeBSD12.2.

Django is installed within a jail using ezjail.
I have a couple of questions for the simplest and safest way to put it in production in a local network.

1- Is it simpler to run postgresql in the host and configure the application to connect to the host ip, or to install postgresql directly in the same jail?

2- Assuming that the jail will only serve this app alone, is it mandatory to install django and it's dependencies in a virtual environement or a system-wide install is safe?

3- I forgot to add a cloned loop (lo1) to the network interface of this jail, should i fix this or i don't really need to?
4- i have an empty hard disk attached in my server, how could i manage to make a dataset for the app, and for static files , as i expect to upload a lot of pdf files into the app?

This thread will eventually lead to a dedicated tutorial.
Thank you in advance.
 

rootbert

Well-Known Member

Reaction score: 176
Messages: 429

1- Is it simpler to run postgresql in the host and configure the application to connect to the host ip, or to install postgresql directly in the same jail?
depends: if you intend to move the whole thing around - eg. at one point to a faster machine, or copy a full snapshot to your development machine it is simpler to have all you need (postgres, django, libs etc.) in this one jail. But if you plan to build other apps also accessing postgres I would have a dedicated postgres jail - in general I would split those services (also even if you want to copy around the jail: a sql dump of postgres is usually easy and fast to accomplish...) into two jails.
2- Assuming that the jail will only serve this app alone, is it mandatory to install django and it's dependencies in a virtual environement or a system-wide install is safe?
follow the python developers best practice: use virtual environments
3- I forgot to add a cloned loop (lo1) to the network interface of this jail, should i fix this or i don't really need to?
depends on your setup ... if you used VNET you do not need that. I always prefer vnet jails since I don't have the problem with "localhost" with vnet - also I can manage my firewall from inside the jail.

4- i have an empty hard disk attached in my server, how could i manage to make a dataset for the app, and for static files , as i expect to upload a lot of pdf files into the app?
zfs create yourpool/jail/opt/myapp && zfs create yourpool/jail/appdata
 
OP
tuxador

tuxador

Active Member

Reaction score: 57
Messages: 134

thank you Rootbert for your quick and clear reply.

For the last point (zfs pool) jail is already put in the zroot pool, i presume i have to send data to the new pool and mount it after that? i have very little experience with zfs.
 

rootbert

Well-Known Member

Reaction score: 176
Messages: 429

just create the dataset where you want your data, it will be mounted by default
 
OP
tuxador

tuxador

Active Member

Reaction score: 57
Messages: 134

could i just migrate my existing /etc/jails/django_app to a newly added HDD ? sorry for my newbish question zfs is a complete mystery for me.
 
Top