From owner-freebsd-questions@FreeBSD.ORG Thu Jul 22 12:05:36 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 701FB1065678 for ; Thu, 22 Jul 2010 12:05:36 +0000 (UTC) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (tunnel490.ipv6.xs4all.nl [IPv6:2001:888:10:1ea::2]) by mx1.freebsd.org (Postfix) with ESMTP id CD6798FC1B for ; Thu, 22 Jul 2010 12:05:35 +0000 (UTC) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.14.3/8.14.3) with ESMTP id o6MC5TpJ001932; Thu, 22 Jul 2010 14:05:30 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.14.3/8.14.3/Submit) id o6MC5TI0001931; Thu, 22 Jul 2010 14:05:29 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Thu, 22 Jul 2010 14:05:29 +0200 From: Ruben de Groot To: Peter Boosten Message-ID: <20100722120529.GB1570@ei.bzerk.org> Mail-Followup-To: Ruben de Groot , Peter Boosten , freebsd-questions@freebsd.org References: <4C478C90.4090702@comclark.com> <4C47B3DF.1080205@boosten.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C47B3DF.1080205@boosten.org> User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ei.bzerk.org X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (ei.bzerk.org [127.0.0.1]); Thu, 22 Jul 2010 14:05:33 +0200 (CEST) Cc: freebsd-questions@freebsd.org Subject: Re: Install Apache in qjail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2010 12:05:36 -0000 On Thu, Jul 22, 2010 at 04:58:39AM +0200, Peter Boosten typed: > On 22-7-2010 2:10, Aiza wrote: > > > > If this apache jail is going to use the standard port 80 to listen on, > > then the host and any other jails can not use that port number. > > Nonsense! Indeed > Since the IP address assigned to the jail is the only one the jail is > seeing, Apache will only bind to that IP address. So you can have as > many jails running Apache on port 80 as you like, because they only will > bind to the IP address belonging to the jail. > > The only 'challenge' will be configuring Apache on the host itself to > only listen to one IP address, instead of *, which is piece of cake. Actually, not even that is necessary. A socket on the host bound to INADDR_ANY is overridden by the more specific IP address in the jail, at least on my systems (not using multi IP jails yet, so maybe that's different) So you can run e.g. sshd on the host and all jails without having to specify a ListenAddress anywhere. Only thing is that you'll get connected to the host if sshd in the jail would stop or go down. Ruben