Accessing Container Websites

So I have multiple containers that each are running a website. How can I access them from the internet?



You can use the recently introduced LXD Device Proxy command to map a port on your Host to a Port in a container.

Also, since you have multiple websites, all listening to ports 80 and 443 (http and https), it is good to use a reverse proxy. In this way, the reverse proxy will be able to redirect the connections to the appropriate containers.

Such reverse proxies are nginx, haproxy and traeffik.

1 Like

I have always done bridged network. (all was in xenial). May be @simos or @stgraber can comment on the pros and cons.

change your/etc/network/interfaces

auto br1
iface br1 inet manual
    bridge_ports enp5s0

Then map br0 during lxd init

sudo lxd init
Do you want to configure the LXD bridge (yes/no)? yes
Would you like to setup a network bridge for LXD containers now? no  
Do you want to use an existing bridge? yes  
Bridge interface name:  br1

Since I do not have DHCP, I assign each of the container static IP.

lxc exec name-of-container bash

Edit the /etc/network/interfaces of container

auto eth0
iface eth0 inet static
.... so on

Both bridge and macvlan can be used with little effective difference.
Some background,

Pros for macvlan:

  1. Does not require changes on the host’s networking, even if the bridge needs some minimal changes.
  2. A side-effect is that the containers cannot communicate with the host in the default macvlan setup, which some may consider as a huge plus and others a non-starter.
  3. There might be some performance benefit. You would probably notice though if you run any network-intensive software.

haproxy - a great option.

On the side effect, I personally really like that the container cannot connect to the host. It provides a natural security barrier against (e.g.) exploits that are trying to attack a host. I use macvlan all the time for my web-accessed services.