1

I have a web server host (Apache on Linux) that runs many virtual hosts which offer CGIs and FastCGIs using 'chroot' to seperate the processes from each other. For serveral reasons I am thinking of replacing every chroot-environment by a Linux container. Surprisingly I found almost nothing about this idea! Am I the only one with that idea?? Is that a bad idea? (Can the user escape from the container?) Is someone interested to share his thoughts (or links) about this with me?

Unfortunately the container can only be used for CGIs and FastCGIs, because a process/thread (in this case Apache) cannot enter a container, do it's work and leave. He must exit at this stage, correct? Or is there a trick?

Petra Verheim
  • 21
  • 2
  • http://serverfault.com/questions/632006/ – HBruijn Aug 12 '16 at 07:27
  • 1
    In that article there is a webserver (Apache) running inside each container and the outside one proxies the requests. That's not what I want! I want only one Apache process to be running on the whole machine. Only the external processes (for CGI and FastCGI) are running inside the container. – Petra Verheim Aug 12 '16 at 08:32

1 Answers1

0

If I'm correct the result of your idea would be apache being a kind of container daemon. What should be the benefit? Apache is best in dispatching network requests.

Because the IO of processes in your containers are accessible via virtual network only they must be attached to a network interface in the container. So cgi/fastcgi won't work as their interface is processes and pipes.

If (a taylored) apache inside the container is too "big" for you, maybe netcat would do?

Search the web for the "microservice" approach!

B. Walger
  • 33
  • 1
  • 4