Hi there,
I have an Amazon AMI running FreeBSD 11.1-RELEASE. I have only one public IP address and I want to setup several jails to host different domains (each jail to accomodate one domain).
On each jail, I have www/nginx running as the web server. The host machine also runs a www/nginx daemon which handles http requests and acts as the reverse-proxy managing all the internal traffic redirections based on the http address.
My domain is registered to my public IP address, so when I type my address into my browser's address bar, I can see my web page hosted on the jail (so nginx reverese proxy on the host AMI works). However, I do not have internet access from within the jail.
Previously, I had pf(4) without a revere proxy, so it was working fine for a single jail. How can I connect my jails to internet by keeping www/nginx as my reverse proxy?
Thanks
PS : before deploying this configuration on my AMI, I tried this on a FreeBSD VM (being the host), and created two jails in it) and it worked fine.
Below is my rc.conf
and here is ifconfig(8) output
and below is nginx.conf on the host machine
I have an Amazon AMI running FreeBSD 11.1-RELEASE. I have only one public IP address and I want to setup several jails to host different domains (each jail to accomodate one domain).
On each jail, I have www/nginx running as the web server. The host machine also runs a www/nginx daemon which handles http requests and acts as the reverse-proxy managing all the internal traffic redirections based on the http address.
My domain is registered to my public IP address, so when I type my address into my browser's address bar, I can see my web page hosted on the jail (so nginx reverese proxy on the host AMI works). However, I do not have internet access from within the jail.
Previously, I had pf(4) without a revere proxy, so it was working fine for a single jail. How can I connect my jails to internet by keeping www/nginx as my reverse proxy?
Thanks
PS : before deploying this configuration on my AMI, I tried this on a FreeBSD VM (being the host), and created two jails in it) and it worked fine.
Below is my rc.conf
Code:
ec2_configinit_enable=YES
ec2_fetchkey_enable=YES
ec2_ephemeralswap_enable=YES
ec2_loghostkey_enable=YES
firstboot_freebsd_update_enable=YES
firstboot_pkgs_enable=YES
growfs_enable="YES"
ifconfig_DEFAULT="SYNCDHCP accept_rtadv"
sshd_enable="YES"
firstboot_pkgs_list="awscli"
ipv6_activate_all_interfaces="YES"
dhclient_program="/usr/local/sbin/dual-dhclient"
####################################
# FNI
####################################
# Disable sendmail
sendmail_enable="NO"
sendmail_msp_queue_enable="NO"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
# jails
cloned_interfaces="lo1 lo2"
ezjail_enable="YES"
# nginx as reverse proxy
nginx_enable="YES"
and here is ifconfig(8) output
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=503<RXCSUM,TXCSUM,TSO4,LRO>
ether 02:b6:74:a8:15:86
hwaddr 02:b6:74:a8:15:86
inet6 fe80::b6:74ff:fea8:1586%xn0 prefixlen 64 scopeid 0x2
inet 172.31.2.11 netmask 0xfffff000 broadcast 172.31.15.255
inet 192.168.1.51 netmask 0xffffffff broadcast 192.168.1.51
inet 192.168.1.52 netmask 0xffffffff broadcast 192.168.1.52
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet manual
status: active
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.2 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
and below is nginx.conf on the host machine
Code:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/www/default;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
server {
server_name mydomain.com;
location / {
# app1 reverse proxy follow
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.1.51:8080;
}
}