new article on nginx, php-fpm, and mysql 8 on FreeBSD 12 for Wordpress hosting

Hi fellow enthusiasts,

I wrote a short article on securing a FreeBSD 12 web server with nginx, php-fpm and mysql 8 by focusing on website isolation. Specifically, the goal was to create different php-fpm pools for each nginx virtual server, with them sharing a unique socket for each website. In other words, run each website on a multi-site server under its own process name, then use user/group file permissions to limit read/write capabilities to only that website process. The secondary goals were simplicity and repeatability.

Here is the article:
https://securityf2.com/host-multiple-sites-securely-with-nginx-php-fpm-and-mysql-on-freebsd-12/

I would appreciate any feedback or suggestions for improvement.

In the past I put all my web and database servers into different jails, using pf and nat to allow them to communicate with each other and the outside world. I have since abandoned the jails approach in part due to the added complexity, but more because jails themselves don't provide any isolation between dozens of websites within the same jail unless other approaches, like the one in my article, are used.
 
Neat.

I found a typo in Step 3
The command:
nano /usr/local/etc/nginx/nginx.com
should probably be:
nano /usr/local/etc/nginx/nginx.conf
 
Back
Top