Is it possible to create several LXD container in one Ubuntu Server 20.04 installation for the following services that can be accessed within a LAN?
- DNS
- Firewall
- FullStack App
Hi!
Normally, when you create a LXD container, the container is placed on a private bridge. This means that in order to have access to your LAN, you need to expose the necessary ports to the LAN, like 80, 53, etc. Just like with Docker.
But with LXD you can place your containers on a proper bridge, or use the macvlan networking option. Then, each of those containers will get an IP address from the LAN and will appear as if they are standalone servers on your LAN. You can evaluate these two options before implemented by following the bridge tutorial and the macvlan tutorial.
1 Like
@simos, does that mean that i could prototype my plan using virtualbox with ubuntu 20.04 server and using LXD create the containers for DNS, email, etc accessible on the local network?
Normally, you can prototype with VirtualBox or VMWare or KVM.
However, in this case of using public bridge or macvlan, there is an issue with the containers obtaining their DHCP lease from the LAN. It has to do with filtering that is performed by the virtualization implementation. In VirtualBox you may be able to bypass the issue if you set PROMISC on the host’s interface.
I suggest to use an Ubuntu box instead. Either Ubuntu desktop or server should be fine.
Yea promiscuous mode in Virtualbox is a necessity in this context.
Would there be an issue if the LAN where my containers is a part of (thru either macvlan, bridge or routed) is served by a DHCP and DNS server (local authoritative & caching) that are both (the DHCP & DNS) containers themselves?
Even planning to create a router/gateway/firewall in a container too to serve that LAN.
Would that be okay?
Apart from the promiscuous mode in the Settings in Virtualbox, I have seen in practice that you must set the network interface of the host in PROMISC mode. If you go the VirtualBox way, report back on this, to see whether there has been a change.
The issue would be with the host to be able to boot properly, and not depend on a service from the containers. Between the containers, you can configure the order by which they start. Therefore, some containers must start before others.
If the service can work in a system container, then it is fine to use.
If for some reason it does not work, you can create a LXD virtual machine instead.
I can confirm you can run a router, firewall and DNS in separate LXD containers in one LXD-host.
One of my containers is the router/firewall/DNS. (all in one container) In normal situation this works without problems.
Like Simos mentioned the LXD container must be running or my host will loose internet connection. During boot I never experienced issues, just first start this container before the others.
One note of attention, during bigger maintenance like a host OS upgrade this might bite you. You can unexpectedly loose internet connection.
1 Like