# Jails for a web server



## jbo (Feb 9, 2016)

I am currently setting up a server that will host static websites, WordPress installations, forums and an eCommerce shop. I'll use Nginx, PHP and MySQL.
Some of the hosted websites will be completely independent: One is a personal blog, one is a community forum, another is a website for a commercial product. Does it make sense to create a jail for each for these individual websites? In the handbook I have read that jails are not the holy grail of security as there are ways of an external process to break into a jail. However, in my case the question is whether it's worth doing it so if one of the websites gets compromised (eg. a PHP vulnerability) that the other services stay immune.

When I understand the way that jails work correctly then there will basically be no overhead at all?
What's the common recommendation here?


----------



## gkontos (Feb 9, 2016)

joel.bodenmann said:


> In the handbook I have read that jails are not the holy grail of security as there are ways of an external process to break into a jail.



Yes but the reason why one would use a jail is exactly the opposite. A jail insures that a jailed process will not affect the host system. Therefore, if for example a jail gets hacked, the intruder will not be able to access the host system.
Now, regarding the overhead. There is minimum in the OS level but don't forget that a jail runs it's own software. So, if you run 100 jails for web servers, you would need to take into account the fact that you are installing 100 instances of a web server.


----------

