On Fri, 22 Nov 2002 16:21:10 +0100 Marc Perisa <[EMAIL PROTECTED]> wrote:
MP> > I'm forwarding incoming connection to jail, currently with ipnat. I need to pass information MP> > about real (outside) IP to mod_ssl. That is my problem. MP> MP> ? (I understand what you do - but not why ...) On one hand, I'm going to isolate users from outside world. On the other hand, I cannot afford right now to provide each ot these users by their own jail with. Hmm, maybe I could run lots of jails on the same filesystem, but this will create immeasurable lots of apaches mostly staying idle. MP> Ok. Why don't you put every single jail with it's outside IP up and let MP> it run there (binded to fxp0). What do you want to reach with that setup MP> ? More security? I'm running several scores of virtualhosts right now, ant number of the is going to increase. At least 5 apaches, one sshd... hmm, even if I'll make annother jail for sshd/cron, I'm going to have LOTS and LOTS of idle apaches. MP> MP> Next possibility is to setup a https->http gateway on the external IP MP> (binded to fxp0) and forward the un-encrypted requests over to the MP> apache (name-based or whatever). Yes, I'm starting to look towards that direction. Most likely, I'll install/patch some https->http proxy on weekend. But in this case, I need to pass https variables some more or less efficient and elegant way... Well, I'll do it ;-) -- Alex. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
