Hello there!
I stumbled across a problem with some LXD/LXC containers that need to communicate with each other, but “through” the Host so to speak.
I am trying to set up a drone.io instance on my webserver, with gitea already running in another container. The problem I have comes from the fact, that drone wants to do OAuth with gitea and is also doing redirects on the frontend, and thus is using the “real” domain from my server, precise the sub-domain where gitea is hosted (the domains are handled by another container which runs traefik, but I hope that doesn’t matter once this problem is resolved).
What I’m getting is as follows:
- the drone.io web interface under “drone.mydomain.tld” shows
Login Failed. Post “https://git.mydomain.tld/login/oauth/access_token”: dial tcp 46.4.X.X:443: connect: connection refused - if I try to curl https://git.mydomain.tld from inside the drone container, i get the same error. But i changed the proxy configuration in the meantime, so that LXD would create proxy devices on ports 80 and 443 and tunnel them through to the webproxy-container. before that i modified the iptables rules I had created when I did the setup of the server so that traffic from 46.4.X.X would get NATed through to the webproxy, which resulted in a timeout.
The described timeout error came when I allowed traffic from the container subnet to go through to 46.4.X.X - I then tried all sorts of NAT configurations, but that didn’t help. Also I could not figure out how to set up a route from the LXD network to the Host-IP and back, if that makes any sense.
The last thing that came to my mind now was to change the DNS resolution inside the LXD managed network (all defaults on lxdbr0 - this server is a dedicated machine in a server center with only one public IP, so it’s not possible for me to “bridge” the containers into the public network) to always resolve “mydomain.tld” to the IP used by the bridge and then figure things out from there, but I can’t find any information in the docs how one would do that, if it’s even possible.
Edit: Now I get a constant timeout with LXD proxying the requests on Ports 80 and 443 and my additions to the iptables rules removed when I try to open the drone web ui.