namebased VPS using JAIL
Brian Candler
B.Candler at pobox.com
Mon Jun 5 07:55:07 UTC 2006
On Sun, Jun 04, 2006 at 11:45:15AM +0200, Dirk Meyer wrote:
> To allow diifrent "named" Services on one WAN IP,
> you need to do this in the server application.
>
> Vsftpd and apache do support "Virtual Hosts"
> so you can map HTTP and FTP services on
> the name used by the client to access this IP.
You can of run a single httpd on your main IP, and use this to proxy
different virtual hosts to different (private) IPs which are in the jails,
if you want each client to run their own http daemon.
However, this means that the jail httpd's will see all incoming requests
coming from your own IP. In order for logs and access controls to work
properly, install mod_extract_forwarded on the clients' httpd servers, and
AddAcceptForwarder x.x.x.x where x.x.x.x is the main server's IP.
This is just for httpd though. There are many other services which can't be
virtualised in this way, such ftp and ssh. If you want your clients to have
these services, but sharing a single IP, then you can either run a single
instance of the daemon which uses the login username to distinguish between
them, or you can run multiple instances of the daemon on different ports.
You can use redirection (e.g. with pf) to redirect, say, x.x.x.x:10022 to
192.168.0.1:22
HTH,
Brian.
More information about the freebsd-current
mailing list