I've been looking at various articles about Zones/Containers, from SUN's website, and through numerous Google searches, and although there's a lot of info out there, I've not got a definitive answer for what I'd like to do.....so here we go.....
I'm installing a webserver, which is sitting on a DMZ port, so can be accessed from anywhere on the 'net. I've configured all the filesystems for various user groups, and now have a nicely patched Solaris 10 5/09 system
What I'd like to do is to drop a couple (or more) of the filesystems into their own non-global zone each, where they'll be running an instance of the web server, and serving a number of users who will be maintaining their own websites within the zone.
I'd ideally like the overal URL to stay the same, with only a port number change to distinguish the website groups from each other, for example:
http://xyz.com:80 (Group 1's sites, zone 1, filesystem 1)
http://xyz.com:81 (Group 2's sites, zone 2, filesystem 2)
http://xyz.com:82 (Group 3's sites, zone 3, filesystem 3)
The global zone will host the main web server , with each zone's web process just running enough to operate its own server.
Users will login to their own zone, and will not be able to login elsewhere (I know this can be done by maintaining /etc/passwd and /etc/shadow files per zone, so a user isn't recognised in the other zones).
My questions are:
1) - Is it feasible / possible to run the above setup, with keeping the URL the same across each zone, and just changing the port each time?
2) - When a user logs in, will they have to login to the global zone, and then use zlogin to connect to their specific non-global zone?
3) - (Similar to (2)) - Can users login directly to their zone from a remote system, or do they have to come in via the global zone?
4) - Does each zone have to have its own IP address? If so, is this internal to the server, or is it external?
At the moment, the global zone has been allocated an IP address for the DMZ. If each zone needs its own unique external address, this could be a problem (limited availability on our network) - better solution would be some form of internal NAT on the server to forward login requests to the relevant zone, if possible???
Quite a lengthy "query", but I've not yet found anything specific to the above setup. I did find something on setting up a similar system using 2 NICs, but I only have the 1.
Thanks in advance....