Date: Fri, 14 Aug 2020 10:58:03 -0400 From: Ernie Luzar <luzar722@gmail.com> To: =?ISO-8859-1?Q?Carsten_B=E4cker?= <carbaecker@gmx.de> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: How to steer public traffic to a jail Message-ID: <5F36A67B.1040408@gmail.com> In-Reply-To: <8984b35b-7c48-32ee-5bd0-e29c9439c890@gmx.de> References: <5F367EA9.20809@gmail.com> <8984b35b-7c48-32ee-5bd0-e29c9439c890@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Carsten Bäcker wrote:
> Hi,
>
> you may want to have a look into reverse proxying, e.g. using nginx on
> your jail-host.
> Really basic example:
>
> |http { server { listen 80; server_name your.1st.domain.com; location /
> { proxy_pass http://127.0.1.2; } } server { listen 80; server_name
> your.2nd.domain.com; location / { proxy_pass http://127.0.1.3; } } }|
>
This looks interesting.
When does nginx see the packet, before the firewall or after the
firewall passes it through?
Employing this concept each unique domain name is the element used to
target the jails private ip address.
Would need a server clause for each port number/domain name targeting
each jail.
This would work for port 21, 22, 23, 25
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F36A67B.1040408>