We explore two use cases for filesystem isolation in NGINX Unit. First, we stop attackers from accessing sensitive information, by restricting a compromised app to its sandbox directory. Second, we toggle between sets of global dependencies by defining them in separate filesystems.
NGINX Unit 1.18.0 Adds Filesystem Isolation and Other Enhancements
NGINX Unit 1.18.0 introduces filesystem isolation, the 'target' option to reduce redundancy in PHP app configuration, and URL encoding. It also includes features introduced in NGINX Unit 1.17.0: redirects, and fractional server weights for traffic distribution in upstream groups.
