[OpenIndiana-discuss] container with same ip
John D Groenveld
groenveld at acm.org
Thu Nov 16 01:25:21 UTC 2023
In message <CAEgYsbHXsCSQoXEwudFVgjQMrcshQJLZmMxSsod8b-AwzAOf4g at mail.gmail.com>, Peter Tribble writes:
>1. Create an etherstub
Software switches are close to free.
Recommend creating a stub per pair between zones or an etherstub for
each application stack.
>2. In the global zone, create a vnic over that etherstub, and then give it
>an address eg 10.0.0.1
You can also assign your physical interface to a zone and restrict access
to the global zone via an out-of-band console.
>4. Run haproxy or nginx (or something similar, whatever you're familiar
>with) in the global zone as
>a reverse proxy so it's listening on the system's main IP address, and
>proxies the traffic to the zone(s).
>This can be name-based websites (either from the host header for http or
>SNI for https), or port-based
>for things that can't handle routing based on names (eg ssh).
+1.
You can also use a bhyve branded zone for your public facing network
and run your favorite router/firewall/proxy OS, perhaps OpenBSD or
an appliance OS like OpenSense.
So many cool possible configurations!
John
groenveld at acm.org
More information about the openindiana-discuss
mailing list