Dwa serwery www jeden host jeden port

domena - domena.pl
dwie subdomeny - www.domena.pl mail.domena.pl
host FreeBSD 8.2_64
Dwa skonfigurowane Jaile:
1. 192.168.1.1 -> www.domena.pl
2. 192.168.1.2 -> mail.domena.pl

# etc/rc.conf hosta
ifconfig_re0="inet 91.xx.xx.xx netmask 255.255.255.0 broadcast 91.xx.xx.xx"
defaultrouter="91.xx.xx.xx"
ifconfig_re0_alias0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_re0_alias1="inet 192.168.1.2 netmask 255.255.255.0"
hostname="kiszka.domena.pl"
pf_enable="YES"
pf_rules="/etc/pf.conf"
gateway_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-ss"
ezjail_enable="YES"

# ee /etc/pf.conf
#INTERFACES
ext_if="re0"

tcp_services="{ ssh, smtp, ftp, www, pop3, auth, https, pop3s, 2223, 31415 }"
udp_services="{ domain, ftp }"
icmp_types = "{ echoreq, unreach }"

web_j = "192.168.1.1"
# mysql_j = "192.168.1.2"
# ircd_j = "192.168.1.3"

#options
set loginterface $ext_if
set skip on lo0

# scrub
scrub in

# nat
nat on $ext_if from 192.168.1.0/24 to any -> 91.xx.xx.xx
rdr on $ext_if proto tcp from any to any port http -> $web_j port http
rdr on $ext_if proto tcp from any to any port https -> $web_j port https
rdr on $ext_if proto tcp from any to any port 22222 -> $web_j port ssh
rdr on $ext_if proto tcp from any to any port 31415 -> $web_j port 31415
# rdr on $ext_if proto tcp from any to any port 22224 -> $ircd_j port ssh
# rdr on $ext_if proto tcp from any to any port 3689 -> $ircd_j port 3689
# rdr on $ext_if proto udp from any to any port 5353 -> $ircd_j port 5353
block log all

pass in on $ext_if proto tcp from any to any port $tcp_services keep state
pass in on $ext_if proto udp from any to any port $udp_services keep state
pass inet proto icmp all icmp-type $icmp_types keep state

pass out on $ext_if proto tcp from any to any keep state
pass out on $ext_if proto udp from any to any keep state
pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state

Pierwszy serwer uruchomiony w jailu nr.1 (php z użyciem spawn-scgi)

# ee /etc/rc.conf jail1
hostname="www.domena.pl"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
nginx_enable="YES"
spawn_fcgi_enable="YES"
spawn_fcgi_bindaddr=""
spawn_fcgi_bindport=""
spawn_fcgi_bindsocket="/var/run/spawn_fcgi.socket"
spawn_fcgi_bindsocket_mode="0700"

# ee /usr/local/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;

events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

sendfile on;
keepalive_timeout 65;

server {
listen 80;
server_name www.domena.pl;
location / {
rewrite ^ https://www.domena.pl/$request_uri? permanent;
}
}

server {
listen 443;
server_name www.domena.pl;
access_log /var/log/nginx-access.log;

root /usr/local/www/rutorrent;
index index.php index.html index.htm;
auth_basic "Privat!!";
auth_basic_user_file /usr/local/etc/nginx/httpd/.htpasswd;
## SSL
ssl on;
ssl_certificate /etc/ssl/nginx/cert.pem;
ssl_certificate_key /etc/ssl/nginx/cert.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

## Images and static content are treated differently
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
}
# GUI rTorrent
location /RPC2 {
include scgi_params;
scgi_pass localhost:5000;
}

location ~ \.php$ {
root /usr/local/www/rutorrent;
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/www/rutorrent/$fastcgi_script_name;
include fastcgi_params;
}

}


include /usr/local/etc/nginx/vhosts.d/*.conf;
}

# ee /usr/local/etc/nginx/vhosts.d/reverse.conf
server {
listen 80;
server_name mail.domena.pl domena.pl;
access_log /var/log/nginx-adres.pl;
if ($host = 'domena.pl' ) {
rewrite ^/(.*) http://mail.domena.pl/$1 permanent;
}

location / {
proxy_pass http://192.168.1.2:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}

}

Drugi serwer uruchomiony w Jailu nr.2

# ee /etc/rc.conf
php_fpm_enable="YES"
nginx_enable="YES"
mysql_enable="YES"