Hi,
I’m moving from a “all-nativ-installed-on-arch” setup (over proxmox) to lxd.
In general, it work all as expected. Thanks to the good documentation and community.
But because I’m new to lxd, I often didn’t know is “that way” a good way or just a working one.
I’m running two "lxd"s. One at home and one on a cheap vserver, but more important for me is the one at home.
My internet access gives me 1 IPv4 Address (change from time to time) and one /56er IPv6 Subnet, (the prefix also change from time to time).
Most of my “services” are ones with a web-frontend.
LXD gives me lot of solutions, but every one with different pros and cons.
Is there “one solution” which can be told as best practice?
For example (thats my setup at the moment):
I have one container with nginx/acme.sh/DNS-Updater as reverse proxy.
This container has two interfaces, one on the default lxdbr0 (for simple access to other containers) and one macvtap (with a lower metric) for access from my NAT-router.
The nat router forward 80/443 IPv4 and IPv6 to the proxy-container, which proxied to other containers (like proxy to nextcloud.lxd).
Works well, but the “cons” are: would not work on wlan / I have two interfaces
An other way would be to have only the lxdbr0 and use the “proxy device”. This would (probably) work well too, is easy to configure but I would lost the information about the real source IP of incomming connections.
The next way (which I use on my vserver) is also just to have the lxdbr0 interface, but use “nat=true”.
This is a bit more complicated to configure (static adresses, one rule for each combination).
Problem@home is, that no wildcard-listen-ip is possible → I would need a script to watch and change the IPv6 address to reconfigure the nat-rule.
I could also run the proxy native on the host and have just the services in containers.
[…many more possible ways…]
What is the recommend way? What would you do? 