From owner-freebsd-questions@freebsd.org Fri Jul 5 15:25:53 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8184915CDA21 for ; Fri, 5 Jul 2019 15:25:53 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq2.mnd.mail.iss.as9143.net (smtpq2.mnd.mail.iss.as9143.net [212.54.34.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A4467450B for ; Fri, 5 Jul 2019 15:25:51 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.34.118] (helo=smtp10.mnd.mail.iss.as9143.net) by smtpq2.mnd.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hjQ5n-0002kU-0D; Fri, 05 Jul 2019 17:25:43 +0200 Received: from 84-25-247-31.cable.dynamic.v4.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp10.mnd.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1hjQ5m-00077T-RG; Fri, 05 Jul 2019 17:25:42 +0200 Received: from amon.boosten.org (Amon.boosten.org [192.168.13.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ra.boosten.org (Postfix) with ESMTPSA id EBA9E3432F30; Fri, 5 Jul 2019 17:25:41 +0200 (CEST) From: freebsd@boosten.org Message-Id: Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: FreeBSD host, multiple jails, many with web servers Date: Fri, 5 Jul 2019 17:25:40 +0200 In-Reply-To: <304E49AE-841D-4129-B298-D36E541BFDE8@shaw.ca> Cc: David Mehler , freebsd-questions To: Dale Scott References: <304E49AE-841D-4129-B298-D36E541BFDE8@shaw.ca> X-Mailer: Apple Mail (2.3445.104.11) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=PdKBeRpd c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=0o9FgrsRnhwA:10 a=_Dj-zB-qAAAA:8 a=ygK_X2zPAAAA:8 a=w7rfWPU4AAAA:8 a=Q6Ojrw04AAAA:8 a=fWOfmZHa2XxP0gY1nuMA:9 a=EVBS9C5DQF_EEAXc:21 a=pONyp99CAgTuks7H:21 a=QEXdDO2ut3YA:10 a=Fx4-La-RmxbOrmOu:21 a=s1keP-YhFV_0UXIP:21 a=1TS5eJo0Ag4e3U1f:21 a=_W_S_7VecoQA:10 a=c-cOe7UV8MviEfHuAVEQ:22 a=803KFXeODAOOmDmejUqM:22 a=fblATXAAm4r0zBwV9PS6:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 5A4467450B X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; MX_GOOD(-0.01)[boosten.dyndns.org]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,quarantine]; NEURAL_HAM_SHORT(-0.98)[-0.985,0]; RECEIVED_SPAMHAUS_PBL(0.00)[31.247.25.84.zen.spamhaus.org : 127.0.0.11]; IP_SCORE(-3.00)[ip: (-8.62), ipnet: 212.54.32.0/20(-4.04), asn: 33915(-2.36), country: NL(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[165.34.54.212.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[boosten.org:s=ra]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NO_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_CC(0.00)[gmail.com] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 15:25:53 -0000 > Op 1 jul. 2019, om 18:24 heeft Dale Scott het = volgende geschreven: >=20 > BSD Now episode 259 has a segment on running multiple services using = jails and a single public IP address. It=E2=80=99s on my Todo list to = listen again and re-configure my own server.=20 >=20 > = https://www.freebsdnews.com/2018/08/17/bsd-now-episode-259-long-live-unix/= >=20 This is not going to work for OPs question. I just had a look, and this = podcast basically points to this web page: https://www.davd.io/posts-freebsd-jails-with-a-single-public-ip-address/ = = The writer of this article uses pf to redirect different ports to = different jails, which is fine, assuming that every jail serves = different services (so a jail offering smtp, a jail offering a = webserver, a jail offering mysql), however if you want to have multiple = jails serving a webserver, you only can redirect port 443 (or 80) once. You will need a reverse proxy to redirect services based on the name to = different jails. Shouldn=E2=80=99t be too hard, I guess. A quick search on google found me this one: = https://serverfault.com/questions/706694/use-nginx-as-reverse-proxy-for-mu= ltiple-servers = Peter