Charles Rapenne <charles.rape...@gmail.com> writes: > Hi > > Please someone correct me if I'm wrong, but I don't think using Nginx > with chroot is useful when dealing with proxy_pass or fastcgi > application.
There's still the possibility that a nginx worker is compromised. > If your RoR app is compromised, it won't be chrooted as it's not > running in a chroot. All nginx will do is serving static files. Not that I know how easy it is to do so with Rails, but nothing prevents you from running your fastcgi processes inside a chroot. > Regards > > 2013/6/9 <openda...@hushmail.com>: >> Hi, >> >> Is anybody here running Ruby on Rails in the chrooted nginx(8) and know if >> it's worth the hassle? >> >> I notice the docs saying: "Some applications are pretty simple, and >> chroot(2)ing them makes sense. Others are very complex, and are either >> not worth the effort of forcing them into a chroot(2), or by the time >> you copy enough of the system into the chroot, you have lost the >> benefit of the chroot(2) environment." -- >> http://www.openbsd.org/faq/faq10.html#httpdchroot >> >> O.D. > -- Jérémie Courrèges-Anglas PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
