I finally got my desktop environments just the way I need them! Now, I want to build a couple of websites, the hard way, from jail down. I recently registered two domain names at NameCheap and I’m hoping that I can build both domains on a single server running FreeBSD with everything possible inside of jails. I’ll be experimenting using OVH dedicated to keep the noise down. I prefer to use Hiawatha and Nginx mainly for the know-how, then I’ll pop-drop Apache in latter.
I think these are general questions for the General Forum.
I don’t know where to post this. Move it if need be.
1:
All I know about is private-IP alias for jails. Beyond how OVH and NameCheap DNS process works to pump in more then one public IP to a single server; I need to know what to have ready once those IP’s hit the server. What would be the way to create the alias for this?
Do we use the public-IP given:
let's say for www.airwings.com
let's say for www.waterski.com
or do we use private-IP to be operated on latter:
2:
In order to handle two or more registered domains would I have to have a reverse-proxy or a load-balancer on the FreeBSD host to serve the jailed websites?
3:
If so, can it be build in a way where it could benefit from some kind of packet-filter filtering rules?
4:
If not, then should I use Hiawatha as reverse-proxy inside the first jail since it does provide some form of security out-the-box; and also would IPFW nat-in-kernel on the host be of better assistance's for this type of setup?
I read that if you place the reverse-proxy on the host it dose provide a shield for the jailed websites. I have have an idea, yet could someone explain, so I can know for-sure?
However, I kind of prefer to run Hiawatha as reverse-proxy in the first jail. If it can help to patch some of those possible leaks to the jail environment, maybe one can add some control from there. I'll jump to dedicate the time if there is an inkling of chance to secure it.
I’m sure I did not ask all of these questions fully or properly. So to put them in a nut-shell I’ll ask ..
Which way is up?
I think these are general questions for the General Forum.
I don’t know where to post this. Move it if need be.
1:
All I know about is private-IP alias for jails. Beyond how OVH and NameCheap DNS process works to pump in more then one public IP to a single server; I need to know what to have ready once those IP’s hit the server. What would be the way to create the alias for this?
Do we use the public-IP given:
Code:
ifconfig_em0_alias0="inet 104.123.123.88/32"
Code:
ifconfig_em0_alias0="inet 104.123.123.99/32"
or do we use private-IP to be operated on latter:
Code:
ifconfig_em0_alias0="inet 10.0.0.1/32"
ifconfig_em0_alias0="inet 192.168.1.201/32"
2:
In order to handle two or more registered domains would I have to have a reverse-proxy or a load-balancer on the FreeBSD host to serve the jailed websites?
3:
If so, can it be build in a way where it could benefit from some kind of packet-filter filtering rules?
4:
If not, then should I use Hiawatha as reverse-proxy inside the first jail since it does provide some form of security out-the-box; and also would IPFW nat-in-kernel on the host be of better assistance's for this type of setup?
I read that if you place the reverse-proxy on the host it dose provide a shield for the jailed websites. I have have an idea, yet could someone explain, so I can know for-sure?
However, I kind of prefer to run Hiawatha as reverse-proxy in the first jail. If it can help to patch some of those possible leaks to the jail environment, maybe one can add some control from there. I'll jump to dedicate the time if there is an inkling of chance to secure it.
I’m sure I did not ask all of these questions fully or properly. So to put them in a nut-shell I’ll ask ..
Which way is up?