How to use proxy vip in lxd

I am a newbie.

I created an lxc containers, but the network connectivity to the outside world through proxy is not working. . I defined the proxy up using lxc config core https_proxy parameter but still not working. Is there any other alternate way to define proxy in lxc? So that all containers should reach the external URLs via proxy.

Please show lxc config show <instance> --expanded and sudo ss -tlpn on the host and inside the instance.

@tomp ,
Please find the output below. I am not able to reach the outside world using the proxy server from the lxc containers.

I am trying to bootstrap a juju controller using the localhost cloud lxd. I set the proxies for the juju, snap, and also for the current shell. Also per the document included the no_proxy variable also.

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 20 :22222 : users:((“tcpserver”,pid=1117,fd=3))
LISTEN 0 128 : users:((“signalfx-agent”,pid=6936,fd=14))
LISTEN 0 5 : users:((“python”,pid=1094,fd=13))
LISTEN 0 128 :12020 : users:((“python”,pid=1094,fd=12))
LISTEN 0 32 : users:((“dnsmasq”,pid=17351,fd=7))
LISTEN 0 5 : users:((“dnsmasq”,pid=30005,fd=7))
LISTEN 0 128 : users:((“signalfx-agent”,pid=6936,fd=7))
LISTEN 0 128 :22 : users:((“sshd”,pid=1836,fd=3))
LISTEN 0 128 : users:((“signalfx-agent”,pid=6936,fd=8))
LISTEN 0 128 :::22 :::
LISTEN 0 128 :::9080 :::
LISTEN 0 128 :::8443 :::

lxc config show
core.https_address: ‘[::]’
core.proxy_http: http://80
core.proxy_https: http://
core.trust_password: true

What about the other command I asked for? And the output of ss -tlpn inside the container?

Hi @tomp ,

Please find the output below
lxc config show juju-6dd654-0 --expanded
architecture: x86_64
boot.autostart: “true”
image.architecture: amd64
image.description: ubuntu 16.04 LTS amd64 (release) (20211001)
image.label: release
image.os: ubuntu
image.release: xenial
image.serial: “20211001”
image.type: squashfs
image.version: “16.04”
security.nesting: “true”
user.juju-controller-uuid: cd30c744-b4a8-4
user.juju-is-controller: “true”
user.juju-model-uuid: f238bbc
user.user-data: |
all: ‘| tee -a /var/log/cloud-init-output.log’
- set -xe
- install -D -m 644 /dev/null ‘/var/lib/juju/nonce.txt’
- printf ‘%s\n’ ‘user-admin:bootstrap’ > ‘/var/lib/juju/nonce.txt’
rsa_private: |
rsa_public: |

- groups:
  - adm
  - audio
  - cdrom
  - dialout
  - dip
  - floppy
  - netdev
  - plugdev
  - sudo
  - video
  lock_passwd: true
  name: ubuntu
  shell: /bin/bash
  - ssh-rsa 


volatile.base_image: 712a5836865525eecd8b429afa7430e8a2480aeff68804c59a0524dc8b7683ab
volatile.eth0.host_name: veth3d2b78e3
volatile.eth0.hwaddr: 00:16:3e:99:09:62
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’ ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.uuid: 0394915a-2141-4531-bd14-0ce309b340e7
name: eth0
network: lxdbr1
type: nic
path: /
pool: default
type: disk
ephemeral: false

  • default
  • juju-controller
    stateful: false
    description: “”

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 12****: 36381 : users:(("",pid=1957,fd=22))
LISTEN 0 128 : users:(("
LISTEN 0 128 : users:((“python3”,pid=29402,fd=5),(“python3”,pid=2591,fd=5),(“python3”,pid=2587,fd=5))
LISTEN 0 128 : users:((“python3”,pid=29436,fd=5),(“python3”,pid=2637,fd=5),(“python3”,pid=2636,fd=5))
LISTEN 0 128 :9443 : users:((“nginx”,pid=1901,fd=8),(“nginx”,pid=1900,fd=8),(“nginx”,pid=1899,fd=8))
LISTEN 0 128 : users:((“python3”,pid=29477,fd=5),(“python3”,pid=2674,fd=5),(“python3”,pid=2673,fd=5))
LISTEN 0 128 : users:((“memcached”,pid=2749,fd=26))
LISTEN 0 128 12
*:40075 : users:((“",pid=1957,fd=7))
LISTEN 0 20 :22222 : users:((“tcpserver”,pid=1406,fd=3))
LISTEN 0 32 : users:(("
LISTEN 0 32 : users:((“dnsmasq”,pid=25103,fd=7))
LISTEN 0 128 :22 : users:((“sshd”,pid=2811,fd=3))
LISTEN 0 128 : users:((“thttpd”,pid=8322,fd=0))
LISTEN 0 128 :::80 :::
LISTEN 0 128 :::22 :::
LISTEN 0 128 :::8088 :::* users:((“docker-proxy”,pid=3534,fd=4))
LISTEN 0 128 :::9080 :::* users:((”*****: pid=1957,fd=13))
LISTEN 0 128 :::8443 :::

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :22 : users:((“sshd”,pid=410,fd=3))
LISTEN 0 128 :::22 :::

The https_proxy config option only affects LXD’s outbound requests, not outbound requests from the containers.

You can set an environment variable normally to get your container’s applications to use a proxy.

Thanks for time @tomp,
Even I tried to set environment variables inside the containers, but it didn’t work. I noticed I am not able to ping the proxy from inside the container thought the proxy is reachable from my server.
Even I checked with proxy and firewall team for any blocks, all traffics are allowed.

I installed lxd using snap and initalised using lxd init using below values.

lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: no
Would you like to connect to a MAAS server? (yes/no) [default=no]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: lxdbr4
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: none
Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes
Address to bind LXD to (not including port) [default=all]: all
Port to bind LXD to [default=8443]: 8443
Invalid input: Can’t bind address “[::]:8443”: listen tcp bind: address already in use

Port to bind LXD to [default=8443]: 8445
Trust password for new clients:

I also noticed the lxd default profile, the network type is not marked as bridge. I edited the configuration, it went through the proxy and did the update, but again it got failed. Now, it again throws me the error, proxy is not reachable.
config: {
description: Default LXD profile
name: eth0
network: lxdbr1
type: nic
path: /
pool: default
type: disk
name: default

  • /1.0/instances/juju-ea38ed-0
  • /1.0/instances/juju-e34205-0
  • /1.0/instances/juju-682068-0

can you guide me on this ?