override = copy the contents of a device in the profile into the instance’s own config (at the same time modifying certain keys on the copy if specified). Cannot be run if an instance device exists already. I.e it can only be run once.
set = modify a device on an instance, can be run multiple times.
but the good thing coming.
after installed apache, i get correct connected peer client ip, in log,
and in monit too, with simple rule,
for apache lxc config device add store proxyv4http80 proxy nat=true listen=tcp:192.168.1.33:80 connect=tcp:0.0.0.0:80
or for monit httpd 2812 lxc config device add store proxyv4monit proxy nat=true listen=tcp:192.168.1.33:2812 connect=tcp:0.0.0.0:2812
and now, i can manage it with fail2ban inthe container…