如何在 OpenBSD vm 中创建服务/端口特定的子域

Question

如果没有更多信息，答案似乎只是一般性的：

数据包过滤器（pf）用于将数据包路由到每个服务，根据您目前发布的内容，看来您可以只使用pfWeb 服务器（httpd），除非您出于其他原因觉得需要使用反向代理。

简单pf.conf示例：

ext_if = "vio0"
ext_srvcs_in = "{ 70, 80, 443, 6697 }"
set skip on lo
# Not mentioned in question, but assuming you want SSH with common adaptive config:
pass in quick on $ext_if proto tcp to port ssh \
    keep state (max-src-conn 15, max-src-conn-rate 5/3, \
    overload <bruteforce> flush global)
pass out quick on $ext_if
block all
pass in on $ext_if proto {tcp, udp} to port $ext_srvcs_in

配置服务时，它们应绑定到端口并pf路由到这些端口。对于上的多个子域，httpd只需使用中所述的多个服务器块即可httpd.conf(5)。例如：

types { include "/usr/share/misc/mime.types" }

server "example.com" {
        alias "www.example.com"
        listen on * port 80
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }
        location "/.well-known/acme-challenge/*" {
                root "/htdocs/example.com"
                request strip 2
        }
        root "/var/www/htdocs/example.com"
        directory index index.htm
}

server "img.example.com" {
        listen on * port 80
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }

        location "/.well-known/acme-challenge/*" {
                root "/htdocs/img.example.com
                request strip 2
        }
        root "/var/www/htdocs/img.example.com"
        directory index index.htm
}

Answer 1

如果没有更多信息，答案似乎只是一般性的：

数据包过滤器（pf）用于将数据包路由到每个服务，根据您目前发布的内容，看来您可以只使用pfWeb 服务器（httpd），除非您出于其他原因觉得需要使用反向代理。

简单pf.conf示例：

ext_if = "vio0"
ext_srvcs_in = "{ 70, 80, 443, 6697 }"
set skip on lo
# Not mentioned in question, but assuming you want SSH with common adaptive config:
pass in quick on $ext_if proto tcp to port ssh \
    keep state (max-src-conn 15, max-src-conn-rate 5/3, \
    overload <bruteforce> flush global)
pass out quick on $ext_if
block all
pass in on $ext_if proto {tcp, udp} to port $ext_srvcs_in

配置服务时，它们应绑定到端口并pf路由到这些端口。对于上的多个子域，httpd只需使用中所述的多个服务器块即可httpd.conf(5)。例如：

types { include "/usr/share/misc/mime.types" }

server "example.com" {
        alias "www.example.com"
        listen on * port 80
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }
        location "/.well-known/acme-challenge/*" {
                root "/htdocs/example.com"
                request strip 2
        }
        root "/var/www/htdocs/example.com"
        directory index index.htm
}

server "img.example.com" {
        listen on * port 80
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/example.com.fullchain.pem"
                key "/etc/ssl/private/example.com.key"
        }

        location "/.well-known/acme-challenge/*" {
                root "/htdocs/img.example.com
                request strip 2
        }
        root "/var/www/htdocs/img.example.com"
        directory index index.htm
}

如何在 OpenBSD vm 中创建服务/端口特定的子域

答案1

相关内容