[OpenIndiana-discuss] container with same ip
Goetz T. Fischer
g.fischer at r-a-c.de
Thu Nov 16 01:47:40 UTC 2023
much thanks to all of you for everything so far but that's much more than i need. all i want is 1 zone
that runs stuff which is available through the "real" nic's ip.
and right now i'm facing much more trivial problems like: what's the root password of a newly installed
zone? the one i use for the host os doesn't work.
On Wed, 15 Nov 2023 20:25:21 -0500, John D Groenveld wrote:
> In message <CAEgYsbHXsCSQoXEwudFVgjQMrcshQJLZmMxSsod8b-AwzAOf4g at mail.gmail.com>, Peter Tribble writes:
>> 1. Create an etherstub
>
> Software switches are close to free.
> Recommend creating a stub per pair between zones or an etherstub for
> each application stack.
>
>> 2. In the global zone, create a vnic over that etherstub, and then give it
>> an address eg 10.0.0.1
>
> You can also assign your physical interface to a zone and restrict access
> to the global zone via an out-of-band console.
>
>> 4. Run haproxy or nginx (or something similar, whatever you're familiar
>> with) in the global zone as
>> a reverse proxy so it's listening on the system's main IP address, and
>> proxies the traffic to the zone(s).
>> This can be name-based websites (either from the host header for http or
>> SNI for https), or port-based
>> for things that can't handle routing based on names (eg ssh).
>
> +1.
>
> You can also use a bhyve branded zone for your public facing network
> and run your favorite router/firewall/proxy OS, perhaps OpenBSD or
> an appliance OS like OpenSense.
>
> So many cool possible configurations!
> John
> groenveld at acm.org
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the openindiana-discuss
mailing list