I have a (Hetzner) server with a public IP of eg. 123.123.123.123, and an additional IP of eg. 456.456.456.456.
I want to serve some private webspace apps on 123.123.123.123, including a hidden master BIND server for some domains, and bridge a KVM guest to 456.456.456.456 for some publicly published webspace.
Is it possible to do that while also setting up a separate virtual network with libvirt that will resolve FQDNs to guests? These guests should be able to be accessed by, and access the internet, and should be able to have multiple FQDN's per guest, but will not have public IPs of their own. I see some documentation that states that adding 192.168.122.1 to /etc/resolv.conf on the host will allow connecting to guests via their hostname locally, and I see some information for libvirt regarding Addressing, here, but I'm ma bit lost. It seems as if this should be possible, but I'm missing something.
Do I just need to purchase IP space for every VM I want accessed by the internet, or is there a way to accomplish this?
TLDR Is it possible to set up a virtual network with libvirt that will resolve FQDNs to guests from the internet?
Answer
Short answer: this is not possible.
Better to use IPv6 addresses (which are in abundance) for any KVM that does not absolutely require the general public to access it. Any traffic that is server-to-server will work fine on IPv6, and anything such as private cloud services will work so long as your ISP offers IPv6, which most ( > 80% ) ISP's do, and you're client is configured to use it (which most are).
Therefore just use a network bridge with IPv6 on the KVM instances.
For the public facing requirements, set up a reverse proxy like Nginx (recommended), Pound, Squid as a reverse proxy, or Apache's mod_proxy on IPv4 and reverse proxy to the IPv6 instances from there.
There are other ways of achieving this, such as SIIT-DC, but I know little about that.
No comments:
Post a Comment