# How to Handle 2 or more registered IP’s?



## max21 (Nov 16, 2017)

I finally got my desktop environments just the way I need them!  Now, I want to build a couple of websites, the hard way, from jail down.  I recently registered two domain names at NameCheap and I’m hoping that I can build both domains on a single server running FreeBSD with everything possible inside of jails.  I’ll be experimenting using OVH dedicated to keep the noise down.  I prefer to use Hiawatha and Nginx mainly for the know-how, then I’ll pop-drop Apache in latter.

I think these are general questions for the General Forum.
I don’t know where to post this.  Move it if need be.

1:
All I know about is private-IP alias for jails.  Beyond how OVH and NameCheap DNS process works to pump in more then one public IP to a single server; I need to know what to have ready once those IP’s hit the server.  What would be the way to create the alias for this?

Do we use the public-IP given:

```
ifconfig_em0_alias0="inet 104.123.123.88/32"
```
let's say  for www.airwings.com

```
ifconfig_em0_alias0="inet 104.123.123.99/32"
```
let's say  for www.waterski.com

or do we use private-IP to be operated on latter:

```
ifconfig_em0_alias0="inet 10.0.0.1/32"
ifconfig_em0_alias0="inet 192.168.1.201/32"
```

2:
In order to handle two or more registered domains would I have to have a reverse-proxy or a load-balancer on the FreeBSD host to serve the jailed websites?

3:
If so, can it be build in a way where it could benefit from some kind of packet-filter filtering rules? 

4:
If not, then should I use Hiawatha as reverse-proxy inside the first jail since it does provide some form of security out-the-box; and also would IPFW _nat-in-kernel_ on the host be of better assistance's for this type of setup?

I read that if you place the reverse-proxy on the host it dose provide a shield for the jailed websites.  I have have an idea, yet could someone explain, so I can know for-sure?

However, I kind of prefer to run Hiawatha as reverse-proxy in the first jail. If it can help to patch some of those possible leaks to the jail environment, maybe one can add some control from there.  I'll jump to dedicate the time if there is an inkling of chance to secure it.

I’m sure I did not ask all of these questions fully or properly.  So to put them in a nut-shell I’ll ask ..

Which way is up?


----------



## max21 (Nov 16, 2017)

> *1:*  .... I need to know what to have ready once those IP’s hit the server.  What would be the way to create the alias for this?


It never fails, I search, I read, I test the wrong things weeks.. but when I ask about it, there it comes. Seeing all these difference top-level extensions was like learning my ABC’s.  I don't know how to work it yet but its more then enough to get me started.  So its question one solved - one to go.


```
VirtualHost {
    Hostname = buy.plkq.net,bbs.datangjie.com,bbs.bhzhu203.com
 
WebsiteRoot = /var/www/hiawatha
#    ReverseProxy .* http://172.17.0.7:8080/  95   keep-alive
 ReverseProxy .* http://127.0.0.1:884/  95   keep-alive
. . .
```

All in a nut-shell,  I thought that was the way it was suppose to be.  Your picture is worth those thousand words.

Thank you Hiawatha member for *kiss*.


----------



## fbsd1 (Nov 17, 2017)

Verify that your OVH dedicated Freebsd system will have 2 static ip.  You configure each of the 2 namecheap domain names to use one of the static public routable ip address OVH assigned to your server. All inbound traffic will pass through the same interface. Choose any of the 3 firewalls freebsd has buit-in to the base OS, I use ipfilter, you will not need NAT. Define 2 jails, each one using one of the 2 assigned ip address. Any traffic going to domain name 1 will go to jail1 and domain name 2 will go to jail2. If you want to fine grain it further then use the firewall  to forward the ip/port number to drive traffic to other jails.

Recommend you think about using a jail utility tool to simplify jail creation and management such as qjail, its in the ports system.


----------



## max21 (Nov 18, 2017)

fbsd1 said:


> Verify that your OVH dedicated Freebsd system will have 2 static ip  ..



I can’t believe my ears. So its not a common thing that dedicated does.  I’m going to try to find out now.  You already know you'll lay an egg by time OVH reply to a thread. A question like this may cause brain damage.  I’ll google deeper first thing in the morning.  I’ll be back.  Thank you .. Thank you .. Thank you.

FreeBSD  INSTALL  GUIDE was my very first Handbook way before installing the system.  It seem to much for me.

Long Live www.a1poweruser.com


----------



## max21 (Nov 18, 2017)

https://www.ovh.com/us/dedicated-servers/free-ips.xml


> With OVH dedicated servers, you can have up to purchasing up to 256 IPs on every server. These IPs enable you to migrate your services with ease from one server to another, associate  geolocated IPs for every domain hosted or even to define dedicated IPs for every VM created.



if they allow for Linux containers then all should be equal.  Maybe someone can tell by this:

https://www.ovh.com/us/g582.configure_an_ip_address_on_a_virtual_machine

Now I'll try to summarize:


> You configure each of the 2 namecheap domain names to use one of
> the static public routable ip address OVH assigned to your server.


it does say  *or even to define dedicated IPs for every VM created.*



> All inbound traffic will pass through the same interface. ..


So since both IP’s are coming from the same Registrar, the DNS setup should be a cinch.



> I use ipfilter, you will not need NAT. Define 2 jails, each one using one of the 2 assigned ip address.


You don't have to tell me twice.  Since I’m going to be a server guy that is what I will use, Thanks. I did a search earlier and wblock@ said: IPF... well, I've been told it is similar to Cisco firewalls. That makes it double good.



> Recommend you think about using a jail utility tool to simplify jail creation and management such as qjail, its in the ports system.


Believe or not, I color-coded every document qjail had years ago so that I could find keywords and whatnot's quickly, then I lost my job or something.  Anyway, this is one of my goals, but these days its one mission at a time.

About my jokes:  I’m sure I only tickled them if one had read my comments.  I can see them laughing all the way home to tell there spouse what I said.  Ha ha . . A joke a day keeps the doctor away . . even if its mostly true.

*DONE DEAL:* I think it can really really work!  I'll use VNET or BHYVE if I must.


----------



## Phishfry (Nov 18, 2017)

max21 said:


> jails are FreeBSD virtual machines so that takes care of that I think.


I do not agree with this statement.
To be a Virtual Machine it would have its own kernel.
A jail is more like a userland sandbox.


----------



## max21 (Nov 18, 2017)

Phishfry said:


> I do not agree with this statement.
> To be a Virtual Machine it would have its own kernel.
> A jail is more like a userland sandbox.



Phishfry, I know,  I totally agree, they are not VM in the since of the word but they are consider VM for FreeBSD.  I’m trying to be clever, and dish out some reverse  psychology mainly myself, to pick up on what OVH would thinks they are.  They promote Linux server.  In that writing they really expect you t to be Linux and they know Linux use containers and would be more then happy to accommodate them as VMs.  Anyway, I corrected that statement to something more appropriate. There is more then enough misleading information out here already.



fbsd1 said:


> Verify that your OVH dedicated FreeBSD system will have 2 static ip.
> . . .
> All inbound traffic will pass through the same interface.


fbsd1 instructions lead me to find this...

https://www.digitalocean.com/commun...h-nginx-and-haproxy-using-lxd-on-ubuntu-16-04

Two Fully-Qualified Domain Names (FQDNs), with each DNS *A* record pointing to the IP address of your server.
So that is how it's done behind the scenes. 

[EDIT] -> correction: 

I fell for the Big-Word.  Now I know what a *FQDN* is.  It has no relevant to this discussion, just yet.  However, it good to know all options available for containers or jails with websites so not to be tricked again due to  lack of knowledge, and even with all the know-how you don’t know what is really being sold to you under the hood .. but it ain’t over until the fat lady sing, and she is going to sing my song!

*Hostname: *meatag

*Domain: *mecanonical.com

*FQDN: *meatag.mecanonical.com


----------



## max21 (Nov 20, 2017)

Like Clint... for a few dollars more, now we can have out cake and eat it 2.

https://www.ovh.com/us/support/new_nic.xml


----------



## jb_fvwm2 (Nov 20, 2017)

max21, that links requires a ovh account to use...


----------



## max21 (Nov 21, 2017)

jb_fvwm2 said:


> max21, that links requires a ovh account to use...


I know... see how tricky providers/telecom and other online services has become. It’s the new marketing strategy of today, and it working.  I read the article.  You will see it grow.  Can’t blame them for being smart.  The key is to get your credit card number _first_, because they know you’re not going to want to go thru all of those steps again, elsewhere.  So it’s time to know it before you touch it with your ready-to-go FreeBSD setup, and you know it’s right.  If there is a failure, you’ll know if it’s real-tech or company policies.  I think I can hook it up now but that’s not going to happen until the being of the new year.  One thing for sure .. if you got a server farm they will answer you quickly.  Would you tell a customer how easy it is to build a small farm on a dirt-cheap single lousy server (true-multi)?  I don’t think so.  So it make no since for me to get upset, I’m just learning my ABC’s.  Back to school.    See you latter.


*BTW:* If you go to the login link you would have to click *create new account*, then you with be redirected to the support link, the same link I post.  I forgot why I been doing all this fussing.  That’s why.  Just like that article said.  All in a few day to witness it.


----------

