Date: Tue, 09 Sep 2014 15:22:00 +0200 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: freebsd-questions@freebsd.org Subject: ZFS, Jails, network, routing, domains and IP addresses Message-ID: <540EFEF8.8020405@kulturflatrate.net>
next in thread | raw e-mail | index | archive | help
Hi, I am not an educated computer scientist but got in touch with UNIX and Linux quite early. Since then I ran several servers and am somehow finding my way through the IT world by readings lots of blogs, articles and mailing lists about the topic as a hobby. At the moment I am running a root server at some provider who I don't like anymore (this has its reasons) and would like to switch the provider. Because this will be some work in any event I thought about simultaneously switching from Debian to FreeBSD since this is something I would like to do for quite some time. The main reasons for switching to FreeBSD are jails and the ports system. My question concerns jails and the set-up I thought about. If you have any thoughts about it please just give me some short hints and I'll be very happy about that. :-) So, the future server has 48 GB of RAM and 2 2TB HDDs. I thought about installing FreeBSD 10 with ZFS (on /) mirroring both HDDs. (I already did that set-up smaller and virtualized on my desktop machine and that worked great.) I would like to use jails since I've got several domains to administer and each domain belongs to another friend of mine. Hence, they should not get any access to the jail host or other jail clients. So, I would like to use jails to virtualize several servers. On every host there'll be a Postfix and Apache installation. So, everything stays quite simple. Nothing complex. 1. ZFS and Jails It would be cool if I could simplify the process of updating the software that is running in every jail. I searched in the web for some information and also had a look at the FreeBSD mailing lists. It looks like it's quite a popular set-up to create a "base" FreeBSD Jail that is cloned with the help of ZFS if there is a new jail needed. The ports tree is mounted with a nullfs in every jail so updating the "main" ports tree would lead to the software in every jail getting updated. Or am I understanding something totally wrongly here? While reading I also got the impression there are different methods for maintaining Jails with ZFS. I would be very thankful if anyone will point out the different approaches that exist (some articles on the net seem outdated). Maybe a quick reference to necessary man pages are already enough, then I can do further research on my own. :-) 2. Jails and routing The main question is: Is it possible for the jails' host to distinguish between incoming connections depending on the domain look-up they did? If it is possible I would like to use as less IP addresses as possible. Could be that it's technically not possible at all but I thought there is maybe some way to do it and someone knows. The idea is the jails' host does something like this: Connection to Domain#1 established so everything goes to Jail#1, Connection to Domain#2 established so everything foes to Jail#2, ... but the jails and the jails' host use the same IP X. I also read that it is possible to only run specific applications in a jail so the jail itself is not a completely new FreeBSD installation (see Handbook 15.3 Creating and Controlling Jails, first sentence). In case, I would have two jails and every jail's running a web server, now, there is a connection to IP X on port 80. Where is the connection going to? I guess this has to be configured at the jails' host acting as a gateway to the hosted jails and forwarding packages depending on the port that is used (e.g. 80 goes to Jail#1 and 8080 goes to Jail#2). I would like to understand this and the technical limitations better to get an idea about how many fixed public IP addresses I have to buy. So I can eventually save some money. :-) Thank you for any help. Sorry if I am asking for something that does not make any sense at all -- I am still busy trying to get the principles or options that exist in the set-up mentioned above. Best regards, -- Niklaas Baudet von Gersdorff niklaas@kulturflatrate.net https://twitter.com/NBvGersdorff http://www.kulturflatrate.net/niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?540EFEF8.8020405>