- Jun. 12th, 2006
- 0 comments
FreeBSD was one of the first operating systems to support the "jail" concept. Since then, many other OSes and projects have embraced the idea. Solaris "zones" are now a part of Solaris 10, and Virtuozzo adds a really nice more managed jail solution to Linux. All have their upsides and downsides. For no other reason than that I am a FreeBSD user for many years, I use FreeBSD jails.
One of the most annoying limitations on FreeBSD jails is that FreeBSD only allows them 1 IP, and if you're hosting more than one SSL site in the jail, this is a major problem. I found a workaround, though. Simply add this to "/etc/ipfw.conf" on the host OS (obviously not in the jail!).
"add fwd MAIN_JAIL_IP ip from any to SECONDARY_JAIL_IP via YOUR_INTERFACE"
Then simply proceed as if that jail had that IP by a normal assignment. This apparently does not alter the headers, so Apache sees the SECONDARY_JAIL_IP. It appears to play well with SSL as well. I believe this works 100%, but as with everything YMMV.