Best way to sandbox Apache on Linux

Question

I have Apache running on a public-facing Debian server, and am a bit worried about the security of the installation. This is a machine that hosts several free-time hobby project

Answer 1

What problem are you really trying to solve? If you care about what's on that server, you need to prevent intruders from getting into it. If you care about what intruders would do with your server, you need to restrict the capabilities of the server itself.

Neither of these problems could be solved with virtualization, without severly criplling the server itself. I think the real answer to your problem is this:

1. run an OS that provides you with an easy mechanism for OS updates.
2. use the vendor-supplied software.
3. backup everything often.