I am thinking about perform following setting for load balanced websites with LXD containers:
- container 1 - haproxy
- container 2 … n - apache
- container n+1 - mysql
For this approach I created 1 bridge called wanbr0 which is connected to the physical eth0 of the server and to eth0 of the haproxy container. A second bridge is created called webbr0 to connect haproxy at eth1 and the apache containers at eth0. A thrid bridge called dbbr0 should connect the apache containers with the mysql container.
The reason is to ensure that all traffic from outside is routed through haproxy and to ensure that only the apache containers can access the databases.
Actually each container can access each service on all other containers. How can I get the containers only accept input from within their bridges?
Thanx in advance!