Nicolas Williams wrote:
> On Fri, Oct 03, 2008 at 02:37:28PM -0700, Jordan Brown wrote:
>> Nick is trying to isolate virtual systems, not users.  I've seen this 
> 
> That was, obviously, not the impression tat I got.  It's trivial to
> separate virtual systems by just running them in zones.  But if I
> misread what Nick was asking, then you're right, we should respond with
> documentation on how to setup zones and so on (that documentation
> exists, of course, and can easily be found online; I suspect Google
> knows all about it).

My interpretation (and hopefully Nick will jump in here soon and 
clarify) is that he's trying to get some additional cross-zone sharing, 
over simply running a fresh Apache in each zone.

> I think the mention of zone_enter() is what made me think take Nick's
> question quite literally.  That is, I assumed that zones newbie would
> not have known about zone_enter(), therefore I assumed Nick is not a
> newbie.

Remember that "user" is a relative term.  The "user" of a hosting 
company is the hosting customer, *not* the guy behind the web browser.

Note also that (with no disrespect meant to Nick) a common newbie 
behavior is to latch onto some random interface and attempt to bend it 
to solve the problem at hand, whether or not it's the intended way to 
solve that problem.

>> It's quite possible that the IP address alone is enough to determine 
>> which zone the server should run in, in which case you could probably do 
>> the zone_enter before the listen().  Even without that, the host name 
>> (HTTP "Host:" header) is enough, so you could do the zone_enter() early 
>> in HTTP processing.
> 
> My wife's web sites (she used to seel clothing and now sells editing
> services) all run on separate addresses.  Her hosting provider obviously
> gets it right.

Maybe, maybe not.  Those IP addresses might well all lead to the same 
server and the same UIDs.  Remember that a single Apache is perfectly 
happy to serve multiple addresses.

> Note: the domainname used by the client in its HTTP request is available
> ONLY with HTTP/1.1.  IIUC HTTP/1.0 still must be supported (die,
> HTTP/1.0, die!).

I don't know what the HTTP/1.0 deployment picture is like these days, 
but I'm pretty sure that an HTTP/1.0 browser can't get to my personal 
web pages, because I don't have dedicated IP addresses.  Host: is the 
only way to tell my URLs from the next guy's.

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to