I have a container setup with LXD running several wordpress webpages (apache2)
All is working fine.
I added portforwarding by: lxc config device add CONTAINER lxd_proxy_port80 proxy listen=tcp:0.0.0.0:80 connect=tcp:INTERNALIP:80
…and same for port 443. Thats all working correctly.
Unfortunately I cannot see originating IP’s in my apache2 logs (var/log/apache2/access.log) but only see the local IP.
By using iptables I wanted to change this. I did: iptables -A FORWARD -p tcp -d LOCALIP --dport 443 -j ACCEPT iptables -A FORWARD -p tcp -d LOCALIP --dport 80 -j ACCEPT
and deleting my proxy device with lxc config device remove CONTAINER lxd_proxy_port80 lxc config device remove CONTAINER lxd_proxy_port443
I can actually access files on my server correctly and I also see now my external IP in the apache2 access logs.
However, wordpress does not reach update-servers anymore (external) and seems to have problems reaching the outside world and one of my wordpress pages cannot access the index.php file anymore (it hangs loading). I suppose the latter effect is due to some external content not being loaded correctly.
For the lack of IP, that’s what the proxy protocol option is for, it allows you to have LXD pass the source IP through that somewhat standard tcp header. With the right nginx/apache2 config, this then replaces the IP with the client’s.
An alternative is to use the nat config option on the proxy device to instead have LXD use iptables rules instead of the proxy process. This requires fixed addresses for the container (ipv4.address) though.
I walk through this exact scenario on YouTube. In the video we set up proxy port from LXD -> nginx (load balance / gateway) -> apache. The logs show up correctly on both nginx and apache.
Thank you, I will have a look at this. I was not planning to use nginx so far as I am running only 2 websites, but maybe this is the route to go.
Btw, are these really external IPs?
Really good learnings from this video. Thank you very much. I actually still have no clue why my Wordpress is not working. But will reinstall a fresh container with a new WP for testing using your setup and keep you posted.
Dear xocite & OIEIEIO,
Thanks for your help. I got things working now. The youtube video is of great help. For info, why my initial version did not work, was a simple problem with my iptables-rule. I used: sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d MY_IP/32 --dport 443 -j DNAT --to-destination LXC_CONTAINER_IP:443
which worked. It was important to add the -d parameter.
I do actually have a followup question:
On my apache logs I see ipv4 and ipv6 addresses. Why is that and could I manage to only have ipv4 showing? Thanks again for your help.
I cover this in a note about configuring Apache in the container. Essentially, it is a feature of Apache regarding name resolution. Nginx does not have this problem.
