LXD proxy device: listen to a specific interface

benpro · May 15, 2020, 9:19am

I’m actually using proxy devices like this:

lxc config device add mycontainer http proxy listen=tcp:0.0.0.0:8080 connect=tcp:127.0.0.1:80

Then I have a HAProxy using the port 8080 of the LXD machine.
But my HAProxy is contacting the machine on a private network, so there is no need to bind to tcp:0.0.0.0:8080 which listen on the public network too.
I want to use something like tcp:0.0.0.0%eth1:8080.

I do not want to specify an IP address as I’m running in a cluster mode. HAProxy is configured to use three backend (i.e 10.0.0.1, 10.0.0.2, 10.0.0.3) and chose the one available.
So if I’m moving the container to another LXD machine, nothing has to be done on HAProxy config.

Is it possible somehow?

Cheers,

tomp · May 15, 2020, 9:24am

I’m not sure this is possible at the moment. You could create a github issue as an idea.

Alternatively you could add a firewall to your LXD hosts so that the proxy service is not accessible externally.

m_ueberall · May 18, 2022, 10:09pm

@benpro I did not find an issue mentioning this (but then, there are a lot of issues containing e.g. the keyword interface)–did you create one back then/in the meantime? Because IMHO this feature would greatly simplify the use of proxies where it’s not possible to bind to a specific port on all host interfaces in the first place.

TCB13 · September 8, 2023, 8:22am

+1 on a feature like this.