Publicly Available Containers via Ubuntu 18.04 -- individual website containers

networking

(Rounce Well) #1

First off, let me start by saying I am no expert in server talk. I’ve been teaching myself as I go along, and I really only know entry level basics to server management.

I am trying to consolidate all of my many single instance VPS’s and put them into a single VPS with managed containers that hold their own privileged root access (in container).

Each VPS I currently have runs a simple stack for serving WordPress.

  • Ubuntu 18.04 LTS
  • PHP/7.2
  • MySQL
  • Caddy HTTPS/2 server engine

My current VPS is $5 a month and comes with:

  • 01GB RAM
  • 25GB SSD (I only need under 10GB)
  • 01vCore
  • 01TB Bandwidth (I do not touch this, my site pages are small under ~0.8 mb for dense pages and low traffic)

For me, these resources are great. But running close to 10 websites is around 55$ a month (Vultr) . Instead, I would like to try out a service (SSD Nodes) that is offering these specs/price:

  • 16GB RAM
  • 80GB SSD
  • 04 vCores
  • 8.0TB Bandwidth
  • 40GB I/O

The price for this service varies but is usually under $15 a month if you pay up-front, which I wouldn’t mind doing.

I would use this single VPS to run Ubuntu 18.04 and then use LXD/LXC to provision containers that can then house each website individually.

Each container can then be limited to whatever resources I would like (within the single VPS limits). This would save me money, allow me room for more websites/projects down the road, and create a more manageable interface for maintenance.

Here’s a sample overview of what I’d like to accomplish.

  • Host Machine ----> Ubuntu 18.04

  • [container01] ----> WordPress Site A

  • [container02] ----> WordPress Site B

  • [container03] ----> WordPress Site C

  • [container04] ----> WordPress Site D

  • And a

  • [snapshot of clean stack install for easy resetting/re-deployment]

I have tried this set-up in a local test environment as well as a test live environment (on Vultr) and I cannot seem to find a fix for my issue.

My only issue with trying this set-up is that I cannot get my newly created containers to be passed through the main IP address to be able to access each container publicly. I created each container and changed the default bridge to utilize ‘macvlan’ which effectively assigns them ‘physical’ addresses. However, these ‘physical’ addresses are only useful for internal use as they are ‘10’ based IP addresses and cannot be accessed publicly.

This is where I get lost and I have not been able to find a solution online.

Would anyone here be able to advise me in this particular case? Or do I have to scrap this whole idea since it just would not work?

Also, side note. I do not want to run the servers using Docker, Kuburnetes or Nginx multi website managers. I would favor the containerization so I can test new projects or sites individually as I learn more.

Thank you,


Memory and storage requirements
(David Negreira) #2

Hey @RounceWell,

I am assuming you have a single public IP on your VPS and all of your containers will reside inside of a private network managed by LXD.

In my opinion, with that setup I would use a proxy device - you can read how another user has set it up on this topic: News feature 3.0 proxy question - And point http and https ports to a container which would run some sort of reverse proxy capable software like haproxy, apache, nginx or something of that sort.

Then I would use that proxying software to route the connections to the correct container inside of the private network based on the domain name that is reaching the haproxy.

Resuming:

You have a website which has a DNS A record pointing to the IP of the VPS -> proxy container -> container which holds the website.


#3

Hello @RounceWell!

Here is a guide on how to set up a VPS to host multiple websites,
https://www.digitalocean.com/community/tutorials/how-to-host-multiple-web-sites-with-nginx-and-haproxy-using-lxd-on-ubuntu-16-04

In this guide, it uses HAProxy as the reverse proxy so that a single IP address can host many different websites.

I am writing a new guide on hosting multiple WordPress websites on a single VPS, over HTTPS (Let’s Encrypt).
In a nutshell, you create a proxy container with HAProxy so that it can support many different websites. Then, you create a db container with MySQL that will have all databases of all WordPress installations. And finally, each website will be in a separate container.


(Rounce Well) #4

Hi @simos thanks for reply!

I am looking to avoid using nginx, as I am unfamiliar with it. I’d also like to maintain a separation of containers, as I would like to embark on future projects with this new VPS.

However, if I were to utilize HAproxy, would I be looking at multiple proxy containers?
One for each website? Or a single HAproxy container that can route subnets for all websites.

I just wouldn’t know how to manage my domain name servers for each seperate domain.

-Thanks,


(Rounce Well) #5

Hi @Dnegreira thank you for the reply!

I just wouldn’t know how to configure my A name records on my domain registrar. I’d also like to SSH into each container as if it were it’s own VPS. Is this not a good idea?

Thank you,


#6

You can easily replace nginx with Apache or another web server.

You would use a single container for the reverse proxy. HAProxy is one option. The reason for having a single container is that you would setup the host to redirect any incoming network connections to port 80 (web), to port 80 of the proxy container.
You have to have a single container because the redirection from host to container does not have a facility to filter who is going to which website. That’s the job of the reverse proxy.

Also, look into having a single database server in a single container. You create different accounts for each website, therefore it is fine in terms of security.
You may decide to out a database in each website container. But that will use up lots of memory. You would need to get a VPS with much more memory.


#7

To answer your original question you should be able to use iptables to forward ports like 2201, 2202, 2203, etc to your containers port 22.
Here’s a guide: http://www.bonsaiframework.com/wiki/display/bonsai/5.1+LXC+Advanced+Networking+-+Exposing+Containers+to+the+Network

I would also recommend NGINX it’s great, far superior to Apache in terms of memory consumption. It’s been almost a decade since I compared the two though. Go with what you know I suppose =).