Reply To: Got me a brand new *FAST* VPS

[nixnerd]

For anyone reading this in the future (Hi future people!)… Linux Containers or LXC, seem to solve every single problem that I’ve laid out here. They address both staging and security and MUCH MORE!

My new plan is to spin up a new VPS with three Linux Containers. One to run the real, production LEMP stack, one to test and stage code on, and one to check for package breaks upon updating. All three will have complete and total parity. They will have the EXACT same packages installed and all of them will be modeled after my Dev environment. This will give me MULTIPLE opportunities to catch mistakes, bugs, security flaws and package breaks.

Keep in mind… all three of these come after the local testing/github phase in the workflow.

Also, these are essentially chroot $JAILs on steroids… as on person put it. Even if someone gains access to your server through your site… they will be stuck in a container that is completely separate from the system.

Also, some of you might be thinking “Wow, three virtual environments on one server… that’s going to mean a performance hit.” Well, not really. LXC is different than Xen or KVM, in that it doesn’t emulate the hardware at all. So, there’s not the same resource overhead that hyper-visors might have.