Set up Apache22, MySQL, SSH in jail

[cosmin]

Hello everybody!

I want to put Apache in a jail. I've already created the jail. The Apache is supposed to run Gallery3, which make use of MySQL.

My question is how I set up the jail(s)? Should I make two jails: one for Apache + Gallery3 and one for MySQL? Or should I create only one jail for all of them?

I was thinking allowing SSH to run on the host (not in jail) to allow me to connect to my box from outside. Is it better to put SSH into a jail and from there to make another SSH connection to the host?

Thanks a lot for any hint you can give me!
Cosmin

 

[UNIXgod]

Separating your web server from the database server is a good security model. If your web server gets hacked your database server will be safe.

As for ssh. You can do it both ways you presented.

 

[SirDice]

Is it better to put SSH into a jail and from there to make another SSH connection to the host?

If you're already on the host you can access the jails without using ssh(1) like so:
# jexec <JID> /usr/bin/su -

You can also use the jail's name if you configured one.