How to dynamically route HTTPS traffic to LXD instances

LXD
1

Hello!
Sorry for my English (I am writing through a translator)

  1. LXD is the best container virtualization
  2. Need to dynamically route HTTPS traffic to LXD instances. For example https://localhost/containername and https://containername.localhost

I need this for dynamic development (I’ve been trying to figure this out for a month now)

I did with nginx reverse proxy but it was not dynamic. Have to edit .conf file every time and restart nginx

heard about Traefik but it is for Docker

I found the only article on the Internet but it does not work (https://sleeplessbeastie.eu/2021/05/24/how-to-dynamically-route-https-traffic-to-lxd-instances/)

Please help!
Thanks everyone for any information!

2

Maybe you can use https://linuxcontainers.org/lxd/docs/latest/howto/network_bridge_resolved/ to get containername.lxd to resolve to your container.

You can then either just use http://containername.lxd from within your web browser or you can probably setup proxy rules in nginx or haproxy to forward https://localhost/<NAME> to http://<NAME>.lxd.

1 Like
3

Thanks a lot! I will try to do this I really hope it helps! As soon as I get it, I’ll be sure to let you know!

4

Thank you very much, it worked for me. You are the best!

But the fact is that I use Alpine Linux

Alpine Linux does not use systemd, it uses OpenRC

How can this be done with Alpine Linux? Please help me I will be very grateful to you!

5

Hi @Ibragim_Ganizade, if you are talking about nginx/haproxy, then you may add to default runlevel and start the service as follows. if nginx is the related service.

rc-service add default nginx
rc-service nginx start

You can check with rc-status
Regards.

6

Hi! @cemzafer

Thank you very much, but it’s not Nginx The case is systemd-resolved (https://linuxcontainers.org/lxd/docs/latest/howto/network_bridge_resolved/)

when i use resolvectl command Alpine Linux gives me this error

~ # resolvectl
sh: resolvectl: not found

But if you have nginx.conf or other solutions for dynamic routing HTTPS traffic to LXD instances I will grateful to you!

PS - Nginx installed on my Alpine Linux

7

IIRC, Alpine not use systemd-resolved, just use, /etc/resolv.conf.
Regards.

1 Like
8

And what do I need to write to the /etc/resolv.conf file so that I can see my instances by dns?

Is there similar documentation for Alpine Linux? (https://linuxcontainers.org/lxd/docs/latest/howto/network_bridge_resolved/)

Thank you so much for helping me so far I am very grateful!

9

I managed!

My /etc/resolv.conf file now looks like this

search lxd
nameserver 10.211.165.1
nameserver 8.8.8.8
nameserver 8.8.4.4

It remains to do with nginx or haproxy dynamically route HTTPS traffic to LXD instances

Will you have a ready set for this?

Forgive me for my arrogance, but I really really need this!
Many thanks to everyone for your support!

10

No problem, here you can dig this configuration a little bit. it is a nginx configuration.

    location / {
        proxy_pass http://<internal_lxd_container_IP>:80;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
    }
1 Like
11

But this configuration will not dynamically route HTTPS traffic to LXD instances

I need something like this https://localhost/myapps and https://myapps.localhost

Can this conf help you?

server {
    server_name _;
    listen 80;

    location / {
        proxy_pass_header Authorization;
        proxy_pass http://<allmyinstaces>:80;
        proxy_redirect   off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

or this?(https://sleeplessbeastie.eu/2021/05/24/how-to-dynamically-route-https-traffic-to-lxd-instances/)

And thanks again for being with me!

12

I havent tried the configuration but can lead the way. The following configuration is on the nginx proxy one on the host.

server {
    listen 443 ssl http2;

    server_name <name>;

    access_log /var/log/nginx/file.access.log main;
    error_log /var/log/nginx/file.error.log;

    location / {
        proxy_pass http://<container_IP>:80;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
    }

}

On the container nginx configuration.

server {
        server_name <name>;
        root <root of the www configuration>;
        access_log <log file>
        error_log <log file> info;
        location / {
                try_files $uri;
        }
        listen 80;
}

Regards.

1 Like
13

Hello!
I’m probably boring you(
But I still haven’t got a solution

This configuration works but only half

The fact is that the configuration is focused on 1 LXD container

And I have a lot of them and they increase each time in quantities.

I need something like Traefik for LXD

Need nginx, haproxy or any other program to automatically see my lxd containers

Thank you anyway! You helped me a lot!

dynamic_reverse_proxy_lxd
dynamic_reverse_proxy_lxd960×540 112 KB

14

Hi @Ibragim_Ganizade,

You mean, in your diagram, Dynamic Reverse Proxy. You can add more than one if you are talking about that.

You define configuration for each server name in the host in /etc/nginx/conf.d directory and direct to with the proxy_pass http://<container_ip_address:80; statement.

I dont think there is a way to understand and reflect the backend autosale changes to frontend. But may be you can trigger a script to understand the changes and reflect to frontend configuration.

What is the problem, can you elaborate?

Regards.

15

This is the point! I need to manually edit nginx.conf and restart it (this is not good
)

Every day the number of containers increases And you can’t restart nginx

I thought maybe you can somehow connect nginx and lxdbr0?

or use the LXD API for these purposes?

Regards.

16

Hello everyone! I also need solution for dynamically reverse proxy

17

You dont need to restart nginx, adding a new server to nginx proxy needs just a reload not restart the service.
Just try nginx -s reload like that, if you use systemd then systemctl reload nginx is enough.
Maybe you just write a simple bash script to automate those issues into a simple one.
Regards.

1 Like
18

The number of containers is increasing every day

you can’t add each created container to nginx.conf

Can’t this be automated?

Regards.

19

This can be automated with a simple script.
Can you show the nginx configuration?
Regards.

1 Like
20

Nginx has a “resolver” function Module ngx_http_core_module

what will happen if I enter dns lxdbr0 in nginx.conf?

also used here (https://sleeplessbeastie.eu/2021/05/24/how-to-dynamically-route-https-traffic-to-lxd-instances/)

Example

resolver 10.97.179.1;

Can it help us?

The fact is that the script may not be reliable when migrating containers to another host

Regards.

PS: i use nginx.conf which you sent me