IPtables + Apache in LXD container

Dear community,

I have a container setup with LXD running several wordpress webpages (apache2)
All is working fine.

I added portforwarding by:
lxc config device add CONTAINER lxd_proxy_port80 proxy listen=tcp: connect=tcp:INTERNALIP:80
…and same for port 443. Thats all working correctly.

Unfortunately I cannot see originating IP’s in my apache2 logs (var/log/apache2/access.log) but only see the local IP.
By using iptables I wanted to change this. I did:
iptables -A FORWARD -p tcp -d LOCALIP --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d LOCALIP --dport 80 -j ACCEPT
and deleting my proxy device with
lxc config device remove CONTAINER lxd_proxy_port80
lxc config device remove CONTAINER lxd_proxy_port443
I can actually access files on my server correctly and I also see now my external IP in the apache2 access logs.

However, wordpress does not reach update-servers anymore (external) and seems to have problems reaching the outside world and one of my wordpress pages cannot access the index.php file anymore (it hangs loading). I suppose the latter effect is due to some external content not being loaded correctly.

Could you help me understand what is going on?

For the lack of IP, that’s what the proxy protocol option is for, it allows you to have LXD pass the source IP through that somewhat standard tcp header. With the right nginx/apache2 config, this then replaces the IP with the client’s.

An alternative is to use the nat config option on the proxy device to instead have LXD use iptables rules instead of the proxy process. This requires fixed addresses for the container (ipv4.address) though.

I use this setup for my various LXC containers.
Each container runs a different website.

Using this setup here are the results in one of my lxc containers apache2 logs (var/log/apache2/access.log)

I walk through this exact scenario on YouTube. In the video we set up proxy port from LXD -> nginx (load balance / gateway) -> apache. The logs show up correctly on both nginx and apache.

Linux containers are really good… | Installing Wordpress using LXD on Debian 10 Buster

1 Like

Thank you for this post.
Couldn’t click on your video.
Here’s the link I copied:

Thank you, I will have a look at this. I was not planning to use nginx so far as I am running only 2 websites, but maybe this is the route to go.
Btw, are these really external IPs?

Do you mean the ips in my screenshot of the log files?

Apologies about the broken link. Here’s an updated one: https://www.youtube.com/watch?v=1p-fbS_OYTg

Really good learnings from this video. Thank you very much. I actually still have no clue why my Wordpress is not working. But will reinstall a fresh container with a new WP for testing using your setup and keep you posted.

Dear xocite & OIEIEIO,
Thanks for your help. I got things working now. The youtube video is of great help. For info, why my initial version did not work, was a simple problem with my iptables-rule. I used:
sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d MY_IP/32 --dport 443 -j DNAT --to-destination LXC_CONTAINER_IP:443
which worked. It was important to add the -d parameter.

I do actually have a followup question:
On my apache logs I see ipv4 and ipv6 addresses. Why is that and could I manage to only have ipv4 showing? Thanks again for your help.

Do you see ipv4 and ipv6 addresses appear interchangeably? (One line with ipv4 and the next with ipv6)

Yes. I would say so.

Do you use Apache as the web server in the container?


Then have a look at my tutorial at

I cover this in a note about configuring Apache in the container. Essentially, it is a feature of Apache regarding name resolution. Nginx does not have this problem.

Thank you. Will have a look at this.