FreeBSD was one of the first operating systems to support the "jail" concept.  Since then, many other OSes and projects have embraced the idea.  Solaris "zones" are now a part of Solaris 10, and Virtuozzo adds a really nice more managed jail solution to Linux.  All have their upsides and downsides.  For no other reason than that I am a FreeBSD user for many years, I use FreeBSD jails.

One of the most annoying limitations on FreeBSD jails is that FreeBSD only allows them 1 IP, and if you're hosting more than one SSL site in the jail, this is a major problem.  I found a workaround, though.  Simply add this to "/etc/ipfw.conf" on the host OS (obviously not in the jail!).

"add fwd MAIN_JAIL_IP ip from any to SECONDARY_JAIL_IP via YOUR_INTERFACE"

Then simply proceed as if that jail had that IP by a normal assignment.  This apparently does not alter the headers, so Apache sees the SECONDARY_JAIL_IP.  It appears to play well with SSL as well.  I believe this works 100%, but as with everything YMMV.

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook



No related posts.