Following instructions provided by Simos, I recently set up a container to intercept port 80 traffic on an Arch workstation using just this command:
lxc config device add mycontainer myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:localhost:80
No iptables rules needed. Somewhat suprisingly, this just worked and the problem then boiled down to finding an Ubuntu container the application would still run in. Fortunately was able to download 12.04, although it appears to no longer be in the list. Aside: it would be super useful to have container images for even older versions of Ubuntu. I got lucky and really needed 10.04 to guarantee success.
Much to my extreme suprise, you can access the web application directly from the local host; i.e. open a browser and the address “localhost” brings up the web application running in the LXD container on that machine. Now I’m confused about how a proxy works. It can’t be a bridge, because this would not be accessible from the local host (this was the behavior I expected to see). Is there any documentation out there that explains how this works short of pouring through the source code?