Is it safe to set up a cloud service like linode using LXD?
Hi!
I suppose you mean to create a VPS on Linode, and then setup LXD to host, for example, multiple websites.
In terms of security, it is indeed far better than installing a Webserver directly on a VPS, and using virtual hosts/server blocks for the many websites you will be hosting.
If you were to use LXD, you would do something like what is described in this tutorial, https://www.linode.com/docs/applications/containers/beginners-guide-to-lxd-reverse-proxy/
The reverse proxy would be located in an unprivileged LXD container, and each website would be in an unprivileged LXD container. If something goes horribly wrong with, let’s say, a badly configured website (insecure old WordPress that does not auto-update), then an attacker would not have access to the other websites, nor the database, nor the reverse proxy, and nor the host.
Thank you so much
My question not to use LXD in Lenode.
I mean can I develop software for managing LXD containers and virtual machines to create a public cloud service like Linode that uses LXD
Can LXD do it for me or LXD not developed for that reason and not safe for public clouds?
I see. When you create a public cloud service, you can use either virtual machines or system containers (i.e. LXD). Linode and other VPS providers are renting virtual machines. A system container is like a virtual machine but is implemented using Linux kernel features. Thanks to this, you can have many more system containers that virtual machines on the same baremetal server.
LXD is the tool to give you system containers. It is packaged with the LXD server software (accessible over a REST API) and a CLI (command line) tool, lxc (using the REST API).
Here is a list of web-based management tools for LXD,
- LXDMosaic, GitHub - turtle0x1/LxdMosaic: Web interface to manage multiple instance of lxd (@turtle0x1).
- LXDUI, GitHub - AdaptiveScale/lxdui: LXDUI is a web UI for the native Linux container technology LXD/LXC
- LXD-UI, GitHub - lcherone/LXD-UI: A LXD user interface, powered by electron-vue.
- LXDDepot, GitHub - neophenix/lxdepot: A LXD UI for managing containers across hosts
- LXDManager, GitHub - Miso-K/lxdmanager-vue-dashboard: LXDmanager dashboard that works with lxd-api-gateway. (@Miso-K)
Also, as an example of what you can do as a service that builds on top of LXD, use the following. It is a free service to try out LXD. When you connect, you get a Linux shell. The shell you get, is a LXD container just for you.
Here is the code for this service, GitHub - canonical/lxd-demo-server: The LXD demo server
3 Likes
You very much could build a cloud service based around LXD - I think the web ui written by somebody at canonical is more target at this kind of use (their permission model is more evolved) and would probably be a better base than mine!
To build a hosting provider you basically just act as a proxy for the LXD API’s with your own permission & billing checks - Its not “more secure” or “less secure” than any other method of building a cloud hosting provider, its how you set it up!
1 Like
Your project is the most mature of them
only need better UI and UX
Hi,
you can also look at these:
2 Likes