# Jails instead of Cpanel



## muad_dib (Oct 24, 2012)

Hi Guys,

I have the following server:

Intel Xeon W3520
24 GB DDR3
2x Intel 320 120 gb
2x Sata 3 TB

Centos 5+Cpanel

I host 3 big ecommerce store (10.000 pages/day each), 1 very big blog (100.000 pages a day), and one hundred small websites. SSDs are for MySql.

Last year server was more than ok, this year since we keep growing, we will have to look for more.

The real problems are peak of traffic (some days I get 2-5x, e.g. christmas) and ram, as cpanel is leaky as hell.

Until now I solved this by rebooting once a month, but maybe it's time to look for a better approach.

I could optimize cpanel, as optimizing each site is out of my reach.

Or maybe I could find a better solution, like FreeBSD Jails.

I googled a bit on the subject but I couldn't find much. My questions are:

1) Is it safe/secure/reliable/advisable to host one site per jail? 
2) What should I do, run one instance of apache per jail (safer but less efficient), or have on single big jail for apache? How much ram should I reserve for each jail (on average, considering the smallest ones)?
3) What if I use nginx instead?


----------



## SirDice (Oct 24, 2012)

I'd probably put each e-commerce site in it's own jail. And put all the minor sites in another jail. Reason being that e-commerce sites need to be protected a little more. MySQL can be in yet another jail. So you'll have 5 jails, that's still quite manageable.


----------



## gkontos (Oct 24, 2012)

+1 

I would also use www/varnish in the host.


----------



## muad_dib (Oct 24, 2012)

SirDice said:
			
		

> I'd probably put each e-commerce site in it's own jail. And put all the minor sites in another jail. Reason being that e-commerce sites need to be protected a little more.



Why not a jail for each? 

Why give less security to small sites? Waste of resources?

How much ram would I use by giving a jail for each site?

I guess apache would use more than nginx



> MySQL can be in yet another jail.



or have multiple jails



> So you'll have 5 jails, that's still quite manageable.



I'm willing to hire a part time sysadmin to help us with that. Having many jails is not a problem.


----------



## SirDice (Oct 24, 2012)

muad_dib said:
			
		

> Why not a jail for each?


Because you have to maintain them all. Updating is going to be a nightmare.



> Why give less security to small sites?


Because they don't need it. Aunty's knitwear site simply doesn't need the security an e-commerce site requires. It's best to split those up so you can configure each 'compartment' optimally. You also don't want to run the risk of your e-commerce sites getting hacked because Aunty failed to keep her CMS updated. The other mom&pop sites don't really matter if they get them too.



> Waste of resources?


That too.



> How much ram would I use by giving a jail for each site?


You can never have enough RAM. That said a jail in and of itself doesn't use much.



> I'm willing to hire a part time sysadmin to help us with that. Having many jails is not a problem.



It will be if you have to update them frequently :e


----------



## muad_dib (Oct 24, 2012)

SirDice said:
			
		

> Because you have to maintain them all. Updating is going to be a nightmare.



can't I write some automatic script? 




> Because they don't need it. Aunty's knitwear site simply doesn't need the security an e-commerce site requires. It's best to split those up so you can configure each 'compartment' optimally. You also don't want to run the risk of your e-commerce sites getting hacked because Aunty failed to keep her CMS updated. The other mom&pop sites don't really matter if they get them too.



well it matters as company reputation




> You can never have enough RAM. That said a jail in and of itself doesn't use much.



how much roughly? 10 mb? 100 mb? more? 

I guess apache eats up much

Maybe I can use hybrid situation, with jails for important site (50-100) and another jail for the rest?



> It will be if you have to update them frequently :e


----------



## fbsd1 (Oct 25, 2012)

Check out the qjail port for quick and easy jail creation and admin.


----------

