How to steer public traffic to a jail
Steve O'Hara-Smith
steve at sohara.org
Fri Aug 14 15:17:36 UTC 2020
On Fri, 14 Aug 2020 10:58:03 -0400
Ernie Luzar <luzar722 at gmail.com> wrote:
> Carsten Bäcker wrote:
> > Hi,
> >
> > you may want to have a look into reverse proxying, e.g. using nginx on
> > your jail-host.
> > Really basic example:
> >
> > |http { server { listen 80; server_name your.1st.domain.com; location /
> > { proxy_pass http://127.0.1.2; } } server { listen 80; server_name
> > your.2nd.domain.com; location / { proxy_pass http://127.0.1.3; } } }|
> >
>
> This looks interesting.
Think again - this is HTTP proxying only. It's great for that but
useless for anything else. I use a similar mechanism to serve multiple
domains from one http server.
> Employing this concept each unique domain name is the element used to
> target the jails private ip address.
Yes but it only works because there is an HTTP header with the
hostname in it and nginx knows how to read HTTP.
> Would need a server clause for each port number/domain name targeting
> each jail.
>
> This would work for port 21, 22, 23, 25
No only 80 and then only if the protocol is HTTP and if the clients
send the necessary HTTP header (I haven't seen one that didn't in decades).
--
Steve O'Hara-Smith <steve at sohara.org>
More information about the freebsd-questions
mailing list