Redirect traffic to a specific LXC using iptables PREROUTING

john_mark · April 28, 2021, 11:23am

Hi,

I got these setup:

Server #1 192.168.50.99

/etc/hosts file
mytest1.com 127.0.0.1
mytest2.com 127.0.0.1

Nginx reverse proxy
proxy pass to 192.168.50.75:8080 <-- Server #2

Server #2 192.168.50.75

Nginx accepting 8080 port
With this IP tables

sudo iptables --table nat --append PREROUTING --destination 192.168.50.75 --protocol tcp --dport 8080 --jump DNAT --to-destination 10.189.124.145:80

sudo iptables --table nat --append PREROUTING --destination 192.168.50.75 --protocol tcp --dport 8080 --jump DNAT --to-destination 10.189.124.111:80

LXC List

wp1 - IP 10.189.124.145 - nginx port 80
wp2 - IP 10.189.124.111 - nginx port 80

If you try to connect to mytest1 dot com:

curl mytest [dot] com - This will get the Nginx content of LXC WP 1

curl mytest2 [dot ]com - (PROBLEM ) This will get the Nginx content of LXC WP 1 - It should get the LXC WP 2 Content and not WP 1

I know the IPTables will accept the first rule and ignore the rule #lxd

Any ideas on how to get this to work?

Thanks in advance!

tetech · April 29, 2021, 2:06am

Prerouting is the wrong approach for this. Handle it in the proxy config.

If you insist on handling it through prerouting, you will need to distinguish the two sites based on port/IP, or manually set a flag on the outbound packet and detect it on the inbound, or start looking inside the packets for the Host: header, which can get very messy due to fragmentation/SSL/etc.

john_mark · May 1, 2021, 9:29am

@tetech You are right! I was able to configure it using proxy config device and not using IP Tables. I created a blog post about that here https://johnmark.me/lb-to-lxc-using-reverse-proxy-and-lxd-config-device-local-machines/

Thank you again!

sbwcws · April 22, 2022, 8:16pm

I did tried HA PROXY and Nginx reverse proxy but if you do speed test it always comes back slow like 1.5 seconds, my sites are very well optimize and they do load up at 456 to 600 MAX milliseconds and I dont know what to do as far as getting same speed inside container, I’ve two web1 & web2 container’s and 1 reverse proxy container, not sure what I am missing.