jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
If you use vnet interfaces in your jails, you should be able run multiple webservers (or any service really) listening on the same ports. This is exactly what I do in some of my jails so that I can just type foo.bah in the browser. A reverse proxy would also work, and perhaps if this is intended to be externally accessible (which it sounds like it is) that might be a better (albeit more complex, another moving part) solution.
If there are down sides of avoiding the reverse proxy approach, please let me know!
There seems to be an important point missing here.
If you have a single external IP and you wish to share port :80 or :443 or whatever, then, yes, you probably want a reverse proxy of some sort.
In this case, you're probably best off creating two jails for each of the web servers, perhaps one at 192.168.1.11 and one at 192.168.1.12, so that your internal LAN has direct access, and then *another* jail at 192.168.1.10 for whatever reverse proxy engine you use. You configure port forwarding to redirect to 192.168.1.10, which then has reverse proxy forwarding directives for "site1.your.domain" to 192.168.1.11, and "site2.your.domain" to 192.168.1.12.
It's possible to do this with only two jails, but a three jail design may be a better way to design it for expandability and segregation of functionality.
I cannot tell if the massive complexity in jail configuration being discussed above is actually required because I don't use iocage (or do jails on FreeNAS for that matter), but this should actually be a very trite configuration for implementation with jails. I do extensive work with jails natively on FreeBSD and can't imagine the reason vnet would be required for this. The described scenario is literally the sort of situation that phk created jails for, and you should really only need a plain jail that has an IP alias.