Re: advice request for shared hosting and security issue
On 06/24/2013 05:45 PM, crispy wrote:
> On 24/06/13 16:37, Thomas Goirand wrote:
>> I don't use php-fpm here. I use SBOX (which I both maintain as upstream
>> and as a Debian package). This is a cgi-bin wrapper. I use aufs to
>> provide a template for every site, so that I don't have too much
>> duplication. SBOX is in use using AddHandler & Action directive of
>> Apache. As I don't want to have my users write these in a .htaccess (and
>> therefore, bypass my security and the chroot), I have backported the
>> AllowOverrideList option of Apache 2.4 into Apache 2.2.
>>
>> All this works great so far. Every site is chrooted, and can benefits
>> from having a full system environment which I maintain using apt, though
>> each site can also customize the php.ini and so on. The only problem I
>> have is that AUFS isn't very stable, and sometimes crashes the whole
>> system (maybe about once a month or so...). Let's hope we have soon a
>> better union filesystem to work with.
>>
>> If you need more info on how I do all of the above (like where to get
>> the packages and how to do the setup), let me know.
>>
>> Cheers,
>>
>> Thomas
>>
>>
> I would like to know more about how you have built this setup. Do you
> have it documented somewhere?
That's part of my control panel called DTC. You can have a try. Even if
you don't like the panel, you can still try it, and see how SBOX is in
use. It includes a script to setup the chroot template.
You can read about SBOX over here:
http://dtcsupport.gplhost.com/PmWiki/SBOXAndDTC
Thomas
Reply to: