I am looking to offer a free ruby deployment service where users can, through a web interface, upload a ruby web app (based on rack) and this app will have to run by a jailed user.
The newly uploaded app will appear at user.domain.com but will be in a jail. So if the uploaded up will include some malicious code (we are doing parsing on upload but this can't be 100% secure).
So essentially the system will include
nginx + passenger available in the jail OR in alternative simply the possibility to run the ruby app that uses thin web server from the jail and then port forward via nginx the application port (e.g. 3301) to port 80 of the subdomain.
jailed users management with ezjail (http://erdgeist.org/arts/software/ezjail/)
to my understanding the single IP for the server and the jail can be sorted as explained here:
So the fully functional system will include the possibility to easily add a jailed user to run an app that will be available on port 80 of subdomain.domain.com either through nginx or thin.
This should include a simple bash script to auto create a user with ezjail and have the subdomain set on the fly and ready to deploy.