Port forwarding in LXC

clendee · July 12, 2021, 2:40pm

Hi folks, I a bit new to LXC so apologies in advance for the nature of the question.

I have a small homelab environment, currently running a Caddy web server on an LXC container (ubuntu server 20.04). I have gone through the install process of Remotely on a separate LXC container [10.33.3.34] (ubuntu server 20.04) using the generic installer, but Im having difficulty getting Remotely to connect with my (existing) Caddy server [10.33.3.33]. The generic installer installs its own instance of caddy or nginx. The Caddy server and Remotely server are bridged to the eth0 port on host, which is an 8GB Raspberry Pi.

On further inspection, if I do an
nmap -p- [10.33.3.34](https://10.33.3.34)

from another host, which is the IP address of the Remotely server, I do not see port 5000 available to me, I only get 22 and 80 as open ports.

However if I do a
ss -tulpn
I seel that port 5000 is set as listening from inside the container.

How do I get my Remotely server to accept reverse proxy requests from my existing caddy server on LXC? Thanks for your time.

stgraber · July 12, 2021, 3:37pm

Hmm, odd, can you show the netstat -lnp output?

In general, if you have something bound to :: or 0.0.0.0, it should work fine externally, unless some firewall in your container or on the host is interfering.

clendee · July 12, 2021, 3:54pm

Hi, thanks for taking the time to look at this issue.

This is the ss -tulpn output from the Remotely lxc instance:

Netid   State    Recv-Q   Send-Q     Local Address:Port     Peer Address:Port   Process                                                                         
udp     UNCONN   0        0          127.0.0.53%lo:53            0.0.0.0:*       users:(("systemd-resolve",pid=177,fd=12))                                      
tcp     LISTEN   0        512            127.0.0.1:5000          0.0.0.0:*       users:(("dotnet",pid=203,fd=226))                                              
tcp     LISTEN   0        511              0.0.0.0:80            0.0.0.0:*       users:(("nginx",pid=250,fd=6),("nginx",pid=249,fd=6),("nginx",pid=247,fd=6),("nginx",pid=246,fd=6),("nginx",pid=245,fd=6))
tcp     LISTEN   0        4096       127.0.0.53%lo:53            0.0.0.0:*       users:(("systemd-resolve",pid=177,fd=13))                                      
tcp     LISTEN   0        128              0.0.0.0:22            0.0.0.0:*       users:(("sshd",pid=232,fd=3))                                                  
tcp     LISTEN   0        512                [::1]:5000             [::]:*       users:(("dotnet",pid=203,fd=231))                                              
tcp     LISTEN   0        511                 [::]:80               [::]:*       users:(("nginx",pid=250,fd=7),("nginx",pid=249,fd=7),("nginx",pid=247,fd=7),("nginx",pid=246,fd=7),("nginx",pid=245,fd=7))
tcp     LISTEN   0        128                 [::]:22               [::]:*       users:(("sshd",pid=232,fd=4))

However when I nmap -p- 10.33.3.34 from outside the container, I dont see the 5000 port available.

Also the firewall is inactive on my Caddy server which is 10.33.3.33
The firewall has been disabled on the host for testing now. Still the same result.

clendee · July 12, 2021, 5:00pm

Ok, I thought I’d post where the errors of my ways lay.

I was reverse proxying port 5000 from my independent caddy server. This was unnecessary, so the reverse_proxy 10.33.3.34 is all that was needed on the caddy server.
In an effort to ‘fix’ Remotely, I had changed the proxy_pass arguments in the nginx server section of remotely to be the IP address of the caddy server. This was also incorrect and needed to be reset to 127.0.0.1 across all blocks in the nginx config file.

Apologies if my post was misleading but my learning is ongoing. Thanks for pushing me in a direction for troubleshooting.