Hi,
nginx will only see packets that passed the firewall, so you need to
allow incoming traffic to port(s) 80, 443 to whereever your
reverse-proxy is running.
Domain-Names are HTTP-specific. No ssh, nor telnet or ftp know anything
about that.
Personally i wouln't even thing about using telnet or ftp. :-)
If you need ssh-access to the jails you may use (public) ports other
than 22 and forward them to the corresponding jail. This will -
additionally - allow sftp.
Regards
Carsten
Am 14.08.2020 um 17:17 schrieb Steve O'Hara-Smith:
On Fri, 14 Aug 2020 10:58:03 -0400
Ernie Luzar <luzar...@gmail.com> wrote:
Carsten Bäcker wrote:
Hi,
you may want to have a look into reverse proxying, e.g. using nginx on
your jail-host.
Really basic example:
|http { server { listen 80; server_name your.1st.domain.com; location /
{ proxy_pass http://127.0.1.2; } } server { listen 80; server_name
your.2nd.domain.com; location / { proxy_pass http://127.0.1.3; } } }|
This looks interesting.
Think again - this is HTTP proxying only. It's great for that but
useless for anything else. I use a similar mechanism to serve multiple
domains from one http server.
Employing this concept each unique domain name is the element used to
target the jails private ip address.
Yes but it only works because there is an HTTP header with the
hostname in it and nginx knows how to read HTTP.
Would need a server clause for each port number/domain name targeting
each jail.
This would work for port 21, 22, 23, 25
No only 80 and then only if the protocol is HTTP and if the clients
send the necessary HTTP header (I haven't seen one that didn't in decades).
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
