It has been wonderful being a full-fledged member of this community, an administrator running FreeBSD on bare hardware (in his basement) for years. This is the coolest, hippiest, historically pure, and most technically advanced UNIX community on the planet (I'm one of the more long in the tooth members.) I used Dummynet about four years ago to replay bad Internet weather and prove my hypothesis of what servers caused failure in a multi-tier, forex trading system failure.
This week I reformatted the last two machines in my basement running FreeBSD. I feel really guilty. I installed Ubuntu (10.04) because its GUI is great, its very well supported, and I had a heck of a time keeping my FreeBSD jails configured and stable, and I'd stopped running a web site for a while now.
I installed 10.04 instead of 12.04 because on another machine I had attempted to upgrade to 12.04 LTS while running the dual boot configuration, and it trashed my MBR (a known defect.) You have been warned, etc. It also has that radically different GUI, and really annoying, an entirely different directory tree on the disk. FreeBSD contributors would never tamper so much with something that worked so well.
However, I do need to run a web site again, and I am more than convinced on the superior performance, and hardening possible with FreeBSD bind, and Apache running in jails. However, I'd like to run FreeBSD in a VMWare or VirtualBox VMs. This gives me the ability to take snapshots to recover easily when I break something. Computing resources are like candy these days. My fast box has 4 screaming fast processors with 8 GB of RAM, and that is a three year old machine. There is no reason FreeBSD cannot run with adequate performance in a VM and run bind, and perhaps on another physical box, have a FreeBSD VM running Apache, both in jails. I know others are doing it.
Could anyone be kind enough to recommend a free, or share their own FreeBSD VM image that has bind pre-configured in a jail, and / or an Apache web server pre-configured in a jail, for a non-commercial site?
With this configuration I can revert after breaking something as an over-eager, semi-qualified system administrator.
On Sat 2012-11-17 01:28:02 UTC-0500, Matthew Pope (mp...@teksavvy.com) wrote:
> Could anyone be kind enough to recommend a free, or share their own > FreeBSD VM image that has bind pre-configured in a jail, and / or an > Apache web server pre-configured in a jail, for a non-commercial site?
I'd be very hesitant to use a VM image provided by an untrusted third
party.
Is there a reason you don't want to build your own?
_______________________________________________
freebsd-questi...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Matthew Pope <mp...@teksavvy.com> wrote:
> Dear FreeBSD community,
> It has been wonderful being a full-fledged member of this community,
> an administrator running FreeBSD on bare hardware (in his basement)
> for years. This is the coolest, hippiest, historically pure, and
> most technically advanced UNIX community on the planet (I'm one of
> the more long in the tooth members.) I used Dummynet about four
> years ago to replay bad Internet weather and prove my hypothesis of
> what servers caused failure in a multi-tier, forex trading system
> failure.
> This week I reformatted the last two machines in my basement running > FreeBSD. I feel really guilty. I installed Ubuntu (10.04) because
> its GUI is great, its very well supported, and I had a heck of a time > keeping my FreeBSD jails configured and stable, and I'd stopped
> running a web site for a while now.
> I installed 10.04 instead of 12.04 because on another machine I had > attempted to upgrade to 12.04 LTS while running the dual boot > configuration, and it trashed my MBR (a known defect.) You have been > warned, etc. It also has that radically different GUI, and really > annoying, an entirely different directory tree on the disk. FreeBSD > contributors would never tamper so much with something that worked so
> well.
> However, I do need to run a web site again, and I am more than
> convinced on the superior performance, and hardening possible with
> FreeBSD bind, and Apache running in jails. However, I'd like to run
> FreeBSD in a VMWare or VirtualBox VMs. This gives me the ability to
> take snapshots to recover easily when I break something. Computing
> resources are like candy these days. My fast box has 4 screaming
> fast processors with 8 GB of RAM, and that is a three year old
> machine. There is no reason FreeBSD cannot run with adequate
> performance in a VM and run bind, and perhaps on another physical
> box, have a FreeBSD VM running Apache, both in jails. I know others
> are doing it.
> Could anyone be kind enough to recommend a free, or share their own > FreeBSD VM image that has bind pre-configured in a jail, and / or an > Apache web server pre-configured in a jail, for a non-commercial
> site? With this configuration I can revert after breaking something
> as an over-eager, semi-qualified system administrator.
> Cheers,
> Matthew (in Toronto)
Seriously? You're going to run some VM image that a guy on the internet
gives you? Boy am I glad you switched over to Linux, good luck with
that.
_______________________________________________
freebsd-questi...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
> On Sat 2012-11-17 01:28:02 UTC-0500, Matthew Pope (mp...@teksavvy.com) wrote:
>> Could anyone be kind enough to recommend a free, or share their own
>> FreeBSD VM image that has bind pre-configured in a jail, and / or an
>> Apache web server pre-configured in a jail, for a non-commercial site?
> I'd be very hesitant to use a VM image provided by an untrusted third
> party.
> Is there a reason you don't want to build your own?
Andrew, avoiding effort is the only reason. Setting up Apache and bind in jails on FreeBSD was not that easy the last time I tried it a few years ago, perhaps the User Manual has been clarified.
I am casting a line to see if there is a 'reasonably trusted' source of FreeBSD VMs, with jails configured, free for non-commercial use. As for personal VMs, I would not trust just anyone's VM I would do some due diligence.
I appreciate the risks of running un-trusted code on processors.
Matthew Pope <mp...@teksavvy.com> wrote:
> On 12-11-17 09:07 AM, andrew clarke wrote:
> > On Sat 2012-11-17 01:28:02 UTC-0500, Matthew Pope
> > (mp...@teksavvy.com) wrote:
> >> Could anyone be kind enough to recommend a free, or share their own
> >> FreeBSD VM image that has bind pre-configured in a jail, and / or
> >> an Apache web server pre-configured in a jail, for a
> >> non-commercial site?
> > I'd be very hesitant to use a VM image provided by an untrusted
> > third party.
> > Is there a reason you don't want to build your own?
> Andrew, avoiding effort is the only reason. Setting up Apache and
> bind in jails on FreeBSD was not that easy the last time I tried it a
> few years ago, perhaps the User Manual has been clarified.
So in fewer words, you're so lazy you prefer some image some guy gives
you.
On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote:
> However, I do need to run a web site again, and I am more than convinced > on the superior performance, and hardening possible with FreeBSD bind, > and Apache running in jails. However, I'd like to run FreeBSD in a > VMWare or VirtualBox VMs. This gives me the ability to take snapshots > to recover easily when I break something. Computing resources are like > candy these days. My fast box has 4 screaming fast processors with 8 GB > of RAM, and that is a three year old machine. There is no reason > FreeBSD cannot run with adequate performance in a VM and run bind, and > perhaps on another physical box, have a FreeBSD VM running Apache, both > in jails. I know others are doing it.
> Could anyone be kind enough to recommend a free, or share their own > FreeBSD VM image that has bind pre-configured in a jail, and / or an > Apache web server pre-configured in a jail, for a non-commercial site?
> With this configuration I can revert after breaking something as an > over-eager, semi-qualified system administrator.
You should really invest the time needed to build and configure
the server software (!) you're going to use. In my opinion, it
is your responsibility to provide a secure service, as any idiot
can provide an insecure service. :-)
The time you invest is well spent. Also note that there are tools
like ezjail and warden (PC-BSD's tool for managing jails, with GUI).
Of course there is sufficient documentation for installing and
configuring Apache. Nobody else than _you_ knows your requirements
best. You will benefit from tuning the required software yourself.
Security is a process, not a state. Do not trust "3rd party VM
images", especially when you're going to instantiate a service
(like a web server) using them. Use paranoia for good. :-)
Again, you should reconsider using VM images provided by others.
There is basically nothing wrong in running a FreeBSD server in
a VM on Linux, even though it might be valid as well to run
FreeBSD on "bare metal". But that depends on your requirements,
intentions, and energy bill. :-)
-- Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
_______________________________________________
freebsd-questi...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Polytropon wrote:
> On Sat, 17 Nov 2012 01:28:02 -0500, Matthew Pope wrote:
>> However, I do need to run a web site again, and I am more than convinced >> on the superior performance, and hardening possible with FreeBSD bind, >> and Apache running in jails. However, I'd like to run FreeBSD in a >> VMWare or VirtualBox VMs. This gives me the ability to take snapshots >> to recover easily when I break something. Computing resources are like >> candy these days. My fast box has 4 screaming fast processors with 8 GB >> of RAM, and that is a three year old machine. There is no reason >> FreeBSD cannot run with adequate performance in a VM and run bind, and >> perhaps on another physical box, have a FreeBSD VM running Apache, both >> in jails. I know others are doing it.
>> Could anyone be kind enough to recommend a free, or share their own >> FreeBSD VM image that has bind pre-configured in a jail, and / or an >> Apache web server pre-configured in a jail, for a non-commercial site?
>> With this configuration I can revert after breaking something as an >> over-eager, semi-qualified system administrator.
> You should really invest the time needed to build and configure
> the server software (!) you're going to use. In my opinion, it
> is your responsibility to provide a secure service, as any idiot
> can provide an insecure service. :-)
> The time you invest is well spent. Also note that there are tools
> like ezjail and warden (PC-BSD's tool for managing jails, with GUI).
> Of course there is sufficient documentation for installing and
> configuring Apache. Nobody else than _you_ knows your requirements
> best. You will benefit from tuning the required software yourself.
> Security is a process, not a state. Do not trust "3rd party VM
> images", especially when you're going to instantiate a service
> (like a web server) using them. Use paranoia for good. :-)
> Again, you should reconsider using VM images provided by others.
> There is basically nothing wrong in running a FreeBSD server in
> a VM on Linux, even though it might be valid as well to run
> FreeBSD on "bare metal". But that depends on your requirements,
> intentions, and energy bill. :-)
A far better tool to build jails is qjail, give it a try.
