Webserver (Lighttpd), jail additonal site only
I'm using Lighttpd on Debian Squeeze, serving a couple of different PHP pages accessed via different ports:
port 80: document root = /var/www/monitor
port 81: document root = /var/www/management
The management page allows for configuration changes that are held in a configuration file located at: /var/www/management/config/settings.conf
There is no chroot for this server, the management page requires information from around the file system (as it evolved over time, it has become a little messy). Originally I didn't consider ever serving anyone else's pages...however, I've been asked if I can serve a page on 8080 and for my own security, I want to add a jail for this site as I will also be providing PHP.
Short of running an additional jailed webserver, is there a way to stop this site from being allowed to go beyond its configured document root? I would also consider an additional (lightweight) webserver that behaves with Lighttpd bound to 8080 if I have limited options. Is there some sort of server root option that can used here?
If I were to start again, I would consider a virtualised host setup and re-arranging the filesystem to suit my current needs...I'd like to avoid this at this time.