Hello everyone, I hope all of you are fine.
I decided to change my strategy using ezjail.
Before:
* Install nginx, php-fpm, in one jail and also created all users in this jail
* Install mysql in another jail
* In main host used pf to forwarding port to and nginx,mysql, etc.
Now:
* In main host, install all nginx,php,mysql
* create one jail to every user just for isolation the home directory of user
* used just pf to forwarding port custom por 600x to 22 jail in each user, just sfpt, disable ssh console
In nginx I have this syntax:
server {
listen 80;
server_name test.com www.test.com;
root /usr/jails/newuser/home/newuser/public;
.....
.....
}
nginx by default has root privileges, so can read that path user directory, also in the jail of newuser I set this changes:
* set to group justsftp disabled ssh shell (chroot for this user)
* chown -R newuser:www /home/newuser/public
chmod -R 770 /home/test/public/
I have to set to group www so php-fpm can write to this path directory
All this is working good. (wordpress site)
¿what you think about this strategy ?
In the future I want to be control the server resources like cpu, memory, quote directory disk.
¿does this approach interfere with future plans ?
Thanks for any comment
I decided to change my strategy using ezjail.
Before:
* Install nginx, php-fpm, in one jail and also created all users in this jail
* Install mysql in another jail
* In main host used pf to forwarding port to and nginx,mysql, etc.
Now:
* In main host, install all nginx,php,mysql
* create one jail to every user just for isolation the home directory of user
* used just pf to forwarding port custom por 600x to 22 jail in each user, just sfpt, disable ssh console
In nginx I have this syntax:
server {
listen 80;
server_name test.com www.test.com;
root /usr/jails/newuser/home/newuser/public;
.....
.....
}
nginx by default has root privileges, so can read that path user directory, also in the jail of newuser I set this changes:
* set to group justsftp disabled ssh shell (chroot for this user)
* chown -R newuser:www /home/newuser/public
chmod -R 770 /home/test/public/
I have to set to group www so php-fpm can write to this path directory
All this is working good. (wordpress site)
¿what you think about this strategy ?
In the future I want to be control the server resources like cpu, memory, quote directory disk.
¿does this approach interfere with future plans ?
Thanks for any comment
