I owned a linux server. Now there are several users want to build web services on it, but they require different enviroments. For convenience I give a KVM virtual machine root permission to each user.
But obviously the linux server has only one IP. How can I deliver the external requests to corresponding virtual machine?
(I expect it's somewhat complicated. If so I want at least some docs/websites I can start reading.)
Assuming I understand your question correctly, you're going to need 2 services.
ssh proxy service is achieved through the use of SSH keys and the command="" directive, you have the key auth into your proxy server with /bin/false as the shell, then define the command="ssh user@real-server" ssh-rsa ... line.
using the webproxy to pass connections based on hostname / uri to the relevant backend.
Now this is far from pretty but it is possible, it's going to be far easier to just allocate some public ip addresses to the machine themselves if at all available.
It's not really that complicated...you ask your provider for a business class connection with multiple IP's.
Otherwise you'd have to give them different hostnames and you'd deliver guests to their site through virtualhost directives rather than VMs.
Or you could try creating a VM that somehow redirects to internal sites through parsing the incoming request and going from there.
what you want is a so called Reverse Proxy. This is a Proxy which works by getting all traffic on the one IP you have, parsing the Host Header and doing the request for the external clients.
Link to HowTo: http://www.apachetutor.org/admin/reverseproxies
This way you only have to add normal VirtualHosts to your Reverse Proxys configuration and configure the reverse proxy part inside the Vhosts. Also gives you the ability to use wildcards easily.
But beware, this only works for HTTP. Theres an extension for HTTPS which can be used to achieve the same, but AFAIK browser support is bad.
You also want simple Host-only networking. That way you can forward the SSH Ports to the internal IP Adresses using iptables and do HTTP with the reverse proxy.
Also, I think what you want to achieve is stupid. Dont hand out root to your users and use some form of mass-hosting control panel. Its the way of least work :)
Hope it helps :)
If I understand correctly, you created a KVM virtual machine on a physical server, and gave root access to the virtual machine to users?
Is the physical server in your your company premises or off site in a Datacenter?
If it is fully under your control, you can use KVM bridged networking to give each KVM a dedicated IP. Configuring bridges depends on the Linux version.
Here is how to configure bridges for KVM in CentOS/Redhat.
Bridging may be also be possible if your server is in a Colo/off site.
If you can't use bridging, the other option is to use NAT, which IMO is cumbersome.
