php in a jail advise

Hi,

I am looking for some advises on how to correctly set-up our system in view make the most of our hardware especially memory usage...

Here is the server specs:
Server: Dell R610
Ram: 24Gb
Storage: 6x 146GB sas 6gbs

We are a small web development business and we offer free hosting for all our clients..

When we started, we decided that it was best to keep each client (domain) inside their own jail so if a web application get compromised, then it is contained and cannot affect our other clients..

So far, we have 1 web reverse proxy and 21 jails all running their own webserver and version of php7 and opcache but all shared 1 common MariaDB database (also in a jail) on FreeBSD zfs file system.

I am starting to think that set-up can be improves by centralising a few component but I need some advise if my thinking is correct or not.

First I am thinking of creating 1 central php7 jail for all the other webjail to use.
On the php7jail, I will set-up php-fpm with directories control, opcach and redis for caching.
Should Redis be in a jail of it own?

Another question is about my web reverse proxy.. At the moment the reverse proxy is in a jail.. should it be moved up to the host? It doesn't serve php or anything and is purely use for directing traffic..

I am trying to balance speed and efficiency.

Any advise is welcome


Thank you
 
At the moment the reverse proxy is in a jail.. should it be moved up to the host?
A reverse proxy typically is taking requests from the Internet and hiding characteristics of servers. Do you really want to have this on your underlying host?

Proxies are typical services to be jailed.
 
Yeah, any service that is exposed directly to the internet should be running in a jail unless there are very good reasons of why not.
 
Thank you guys..
So I'm doing good as far as proxy goes. Any advise on the php settings?
 
Back
Top