much thanks to all of you for everything so far but that's much more than i need. all i want is 1 zone that runs stuff which is available through the "real" nic's ip.
and right now i'm facing much more trivial problems like: what's the root password of a newly installed zone? the one i use for the host os doesn't work. On Wed, 15 Nov 2023 20:25:21 -0500, John D Groenveld wrote: > In message > <caegysbhxscsqoxewudfvgjqmrcshqjlzmmxssod8b-awzao...@mail.gmail.com>, Peter > Tribble writes: >> 1. Create an etherstub > > Software switches are close to free. > Recommend creating a stub per pair between zones or an etherstub for > each application stack. > >> 2. In the global zone, create a vnic over that etherstub, and then give it >> an address eg 10.0.0.1 > > You can also assign your physical interface to a zone and restrict access > to the global zone via an out-of-band console. > >> 4. Run haproxy or nginx (or something similar, whatever you're familiar >> with) in the global zone as >> a reverse proxy so it's listening on the system's main IP address, and >> proxies the traffic to the zone(s). >> This can be name-based websites (either from the host header for http or >> SNI for https), or port-based >> for things that can't handle routing based on names (eg ssh). > > +1. > > You can also use a bhyve branded zone for your public facing network > and run your favorite router/firewall/proxy OS, perhaps OpenBSD or > an appliance OS like OpenSense. > > So many cool possible configurations! > John > [email protected] > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > https://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list [email protected] https://openindiana.org/mailman/listinfo/openindiana-discuss
