So I have multiple containers that each are running a website. How can I access them from the internet?
Thanks,
Ray
You can use the recently introduced LXD Device Proxy command to map a port on your Host to a Port in a container.
Also, since you have multiple websites, all listening to ports 80 and 443 (http and https), it is good to use a reverse proxy. In this way, the reverse proxy will be able to redirect the connections to the appropriate containers.
Such reverse proxies are nginx, haproxy and traeffik.
1 Like
I have always done bridged network. (all was in xenial). May be @simos or @stgraber can comment on the pros and cons.
change your/etc/network/interfaces
auto br1
iface br1 inet manual
bridge_ports enp5s0
Then map br0 during lxd init
sudo lxd init
.....
Do you want to configure the LXD bridge (yes/no)? yes
Would you like to setup a network bridge for LXD containers now? no
Do you want to use an existing bridge? yes
Bridge interface name: br1
Since I do not have DHCP, I assign each of the container static IP.
lxc exec name-of-container bash
Edit the /etc/network/interfaces of container
auto eth0
iface eth0 inet static
.... so onBoth bridge and macvlan can be used with little effective difference.
Some background, https://hicu.be/bridge-vs-macvlan
Pros for macvlan:
- Does not require changes on the host’s networking, even if the bridge needs some minimal changes.
- A side-effect is that the containers cannot communicate with the host in the default macvlan setup, which some may consider as a huge plus and others a non-starter.
- There might be some performance benefit. You would probably notice though if you run any network-intensive software.
haproxy - a great option.
On the side effect, I personally really like that the container cannot connect to the host. It provides a natural security barrier against (e.g.) exploits that are trying to attack a host. I use macvlan all the time for my web-accessed services.