RE: [vserver] private server hosting

About this list Date view Thread view Subject view Author view Attachment view

From: Jerry Wilborn (jerry.wilborn_at_fast.net)
Date: Tue Apr 09 2002 - 08:25:24 EDT


The only half ass way I've found around this (but still doesnt accomplish
the SSL delima) is by creating two machine configuration files exactly the
same but with two different IPs and specfying the S_CONTEXT to the same
numeral. Do the mount "binding" to simulate the entire filesystem, or
however you want to share them.

What this does do is allow you to see all processes together and lets
programs in each bind to the other IP (so long as they came in that way).

If you try it out, it's probably about 20% of what you're trying to
accomplish, but maybe it'll get you what you're looking for.

Jerry Wilborn, Operations Engineer
FASTNET - Internet Solutions
610-266-6700
www.fast.net

-----Original Message-----
From: Seiler Thomas [mailto:seiler.thomas_at_gmx.net]
Sent: Tuesday, April 09, 2002 7:36 AM
To: vserver_at_solucorp.qc.ca
Subject: Re: [vserver] private server hosting

Hi
Jon Bendtsen wrote:

> Cédric Veilleux wrote:
> >
> > I have not a lot of experience with vservers, but simply from reading
the
> > documentation, I've found a few important drawbacks:
> >[...]
> > One IP address per vserver:
> > An important drawback that will make a good part of your clients
whine. It is
> > only possible to have 1 IP per vserver. So it is not possible to use IP
based
> > virtual hosts in apache (required for SSL, etc..)
>
>
http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.16#vserver%20s
cript%20enhancement
> "A vserver may operate with 0.0.0.0 as its IPROOT. This means the
> vserver is allowed to use any IP it wants..."
> [...]

Isn't this a little bit contradictory ?You have this very nice vserver
package which
gives you absolute isolation between vservers, imagine Sandboxes to try
untrusted
software, absolute isolation for virtual hosting clients, etc...

But as soon as a vserver needs more that one IP (common situation in hosting
env.),
the only solution consists in setting IPROOT to 0.0.0.0 allowing the vserver
to mess around
and bind to any IP's it isn't supposed to. Security Sandbox gone. Isolation
for hosting
clients gone, and it's only a question of time before they will get into
each other's hair ...

So the only real souloution to this consists in some way to allow assignment
of multiple
IP's per vserver. I saw there was once a patch for mutliple IPs per vserver,
which isn't
maintanced anymore. Would't that be a great starting point for a new
multiple IP patch ?
So does anybody know where i can find the old patch ?

After all, this would be a very nice feature for hosting environments and I
think there *IS*
enough demand. Think for example of multiple SSL hosts within a vserver, of
different IPs
for Webserver and MailServer, etc...

Thanks

Thomas


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT