Proper Storage setup for a web server Jail

Status
Not open for further replies.

Raksasas

Dabbler
Joined
Mar 8, 2016
Messages
41
How Do i properly setup the storage for a web server jail?

I am not asking how to setup a basic F/LAMP stack. I have done that before on stand alone systems. I consider myself a newbie to a lot of linux/bsd stuff. I can do/understand the basic stuff but the advance stuff gets above my head very fast. So on to the show....

I just build my FreeNAS system about 6-8 months ago and has been running great thus far. I am now wanting to create my first jail and I was going to make it a web server so that I can turn off a physical system or two. In this jail I am planning on running a wiki (Dokuwiki) and a CMS (Drupal). But I am a little lost on add the "storage" properly and maybe a little bit of the configuration part of the jail.

In the long run I am hoping to have my FreeNAS backup script backup the websites/database info in the FreeNAS Jail. Right now the script just grabs the configuration file of the FreeNAS so that way I can restore it if/when the FreeNAS flash drive fails. I am not asking for help on this part either and I am not going to be making it internet facing. I use a VPN to get to the stuff.

Just the storage part so that the FreeNAS (cron script) can reach into the jail and grab the stuff if possible. I keep coming across stuff for creating the jail and creating a F/LAMP but not the bit of info in between/after(?). Then again I could be miss reading some of it...

Thanks.
 
Joined
Jan 7, 2015
Messages
1,150
Freenas can always reach the data, it doesnt necessarily have to "enter" the jail.

I would create a dataset from the freenas gui in your desired zpool, and have the owner be www (if this data needs to be read or written by web user(s), or possibly root if not). You may run into issues where a service running under www cant write to a dataset run/owned by root. Mount said dataset in the LAMP jail from the "storage" section of jail/storage in FN GUI to either /mnt or /media of the jail. Then you can proceed to configure whatever softwares you run to store things in this mount point. Freenas sees this data in this location /mnt/TANK/JAILS/JAILNAME/mnt/DATASET. (The capital lettered items can and will vary) This is how I do it successfully. Sometimes I mount existing datasets for various reasons and I always use the option to "mount read only", your mileage will vary, but I wouldnt go allowing www users read and write access on any more data than is needed.

Another option for your backups and such is to set up a nightly rsync task that just mirrors the entire LAMP jail to a standalone dataset. In my experience LAMP jails are not crazy big, most likely less a few hundred GB. That way if anything ever goes haywire rsync last nights backup over and go.

These are just a few options for you of many ways to accomplish this. Let me know if you need any further advice or clarification.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Are you wanting to add storage to your jail for the webserver to use or are you planning on adding storage for the backups? And having a web facing jail isn't a bad thing as long as you properly harden it against attack.
 

Raksasas

Dabbler
Joined
Mar 8, 2016
Messages
41
Another option for your backups and such is to set up a nightly rsync task that just mirrors the entire LAMP jail to a standalone dataset. In my experience LAMP jails are not crazy big, most likely less a few hundred GB. That way if anything ever goes haywire rsync last nights backup over and go.

I am liking the sound of that. Making a copy of the whole jail. This sounds easier and faster than backing up the database/websites files and folder. Everything would be inside the jail? I wouldn't need to add any "storage" to the jail if I go this route?

Are you wanting to add storage to your jail for the webserver to use or are you planning on adding storage for the backups?
That is what i am trying to figure out. I have never done symbolic links for websites. I have always just used the default "/var/www/html" location. this sites are just for me to test with before putting them to the web host.

I have USB HDD drive attached to the NAS Box to backup the configuration to. Sadly, i am still in the middle of writing the script to automate. that. I was thinking of making the script also grab the website/databases and make backups to the USB HDD. My thoughts have changed a little bit.

And having a web facing jail isn't a bad thing as long as you properly harden it against attack.

Maybe at a later date.... Want to work out this stuff first.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
I am liking the sound of that. Making a copy of the whole jail.
This is what snapshots are for. Something goes bad roll back a snapshot.

ETA: Backing up the whole jail sounds easier but trust me it isn't. You'll be wasting a lot of space and restoring files doesn't do what you think it does.

I have a web facing jail that has the web root set up on a rsync cron task that runs once daily. I also have a cron task for a sql dump daily as well for the database backup and another rsync task that backs the dump up to another dataset. They are run from the host and save the files to a separate dataset. Then I have another cron task that rars the databast backup and webroot backup every 5 days. I run Synctoy from my desktop on a scheduled task once daily to backup the rar files to my desktop. The desktop folder is synced with google drive. It's all automated and provides 2 local backups on 2 machines and one offsite backup as well as the snapshot task that runs hourly. I think it's a pretty good backup plan. ;)
 
Last edited:

Raksasas

Dabbler
Joined
Mar 8, 2016
Messages
41
This is what snapshots are for. Something goes bad roll back a snapshot.

ETA: Backing up the whole jail sounds easier but trust me it isn't. You'll be wasting a lot of space and restoring files doesn't do what you think it does.

I have a web facing jail that has the web root set up on a rsync cron task that runs once daily. I also have a cron task for a sql dump daily as well for the database backup and another rsync task that backs the dump up to another dataset. They are run from the host and save the files to a separate dataset. Then I have another cron task that rars the databast backup and webroot backup every 5 days. I run Synctoy from my desktop on a scheduled task once daily to backup the rar files to my desktop. The desktop folder is synced with google drive. It's all automated and provides 2 local backups on 2 machines and one offsite backup as well as the snapshot task that runs hourly. I think it's a pretty good backup plan. ;)

o_O

Sorry, I like to follow the KISS motto. Get that done first then start adding complexity. I am still at the early part of it...
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
This is KISS, it's a hands off backup. :)

Start with the simple by getting your web stack up and running. Once you've got that setup a periodic snapshot task to run at an interval that suits your needs. Once you get that far you can explore setting up whatever backup option suits your needs. I only offered mine as an example of what can be done, not necessarily what should be. But the one thing that made me suggest my strategy:
this sites are just for me to test with before putting them to the web host.
This backup strategy is portable. You can easily re create your website it with the php and web server configuration files and the backup files from the backup task.

Whatever you do decide to go with you should be able to automate it with some simple scripts and cron tasks without adding any external storage to your jail.
 

Raksasas

Dabbler
Joined
Mar 8, 2016
Messages
41
Lets drop the backup talk for a now which is really what I was not wanting to focus on.

It is understanding the storage part.

Okay, I just re-read my notes on jails that I have made. The jail can not reach outside of itself? But, FreeNAS can reach into the jail? Which is now how I am taking what John Digital said.

Freenas can always reach the data, it doesnt necessarily have to "enter" the jail.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Because the host as root has access to all the jails. The jail is a (kind of) compartmentalized basic version of FreeBSD. You have to mount external storage to the jail for it to have access outside of the dataset it resides in.

http://doc.freenas.org/9.10/jails.html#add-storage
 

Raksasas

Dabbler
Joined
Mar 8, 2016
Messages
41
Because the host as root has access to all the jails. The jail is a (kind of) compartmentalized basic version of FreeBSD. You have to mount external storage to the jail for it to have access outside of the dataset it resides in.

http://doc.freenas.org/9.10/jails.html#add-storage

Yeah that is part of what I have been reading over. I was under the impression that I had to create a mount point in the jail and attach the storage location to that mount point.

mount point in the jail = /mnt/files
freenas = /mnt/MyVol/webfiles

Then put all the files into that location.

I guess what I was unsure of was how I would point - apache, MySQL, etc to that location. On top of that I am wondering if that would be the practical/correct way of doing the webserver in the jail.

Guess I have more reading to do.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Well it all depends on what you plan on doing with your web server. Are you planning on using it to store a bunch of files? It all depends on your intended usage on how you set things up.
 
Status
Not open for further replies.
Top