Subdomain for each container

LXD
1

Hello.

I finally got my R610 rig to work with hard drives. (figured how to configure hard-drives in install phase)

Now I started to wonder since I use noip.com for ddns for redirecting, would it be possible to make it so that I get my noip registered domain to point various instances on my server and I would not need to specify

So basically if I run multiple game servers on different instances each would have own subdomain address like: csgo.domain.com rust.domain.com ark.domain.com etc

I did do some study on the https://linuxcontainers.org/lxd/docs/master/server/ but that is just so huge pool of information but then again I found some things I needed from there.

So question, what I need to know to make it so that I can define own subdomain address for each of my LXD instances if needed and make security so that within instance I take care things like firewall with ufw etc?

2

… would it be possible to make it so that I get my noip registered domain to point various instances on my server and I would not need to specify ?

Absolutely. This can be achieved by setting up a reverse proxy server. You can try to do the followings:

  • Install and configure a reverse proxy server like Nginx or Apache to listen on port 80 and 443. You can either have it directly on the host or in a LXD instance. It’s up to you.
  • Configure your noip registered domain to point to your reverse proxy server’s IP address.
  • Set up virtual hosts in your reverse proxy server configuration file for each of your LXD instances, using subdomains like csgo.domain.com, rust.domain.com, ark.domain.com, etc.
  • Configure each virtual host to proxy requests to the appropriate LXD instance based on the subdomain.
  • Set up firewall rules using ufw on each LXD instance to restrict incoming traffic only to the necessary ports.

For the reverse proxy, here is a nice guide to set ip up: How To Use Apache as a Reverse Proxy with mod_proxy on Ubuntu 16.04 | DigitalOcean

Note: I don’t know your level of understanding of LXD but if you want a quick setup (not optimized for storage speed though), you can use lxd init --minimal to bootstrap a parametrized LXD server. Once it’s done, you can just use lxc launch <image_name> <container_name> to startup instances. These will automatically have an IP address and will be able able to communicate through the default network bridge lxdbr0.

Note: Regarding the firewall with LXD, here is what you can do:

  • Make sure that ufw is installed on the LXD instance (sudo apt install ufw)
  • By default, ufw is set to deny all incoming traffic and allow all outgoing traffic. We can change this behavior using the following commands:
sudo ufw default deny incoming
sudo ufw default allow outgoing
  • Next, allow incoming traffic for the necessary ports depending on your application/server configuration. For example, if you are running an HTTP server on port 80, you can allow incoming traffic for that port using the following command:
sudo ufw allow 80/tcp

You can also specify the protocol (tcp or udp) depending on your application/server requirements.

  • If you want to restrict incoming traffic to a specific IP address, you can specify the source IP address in the rule. For example, to allow incoming traffic only from the IP address of the reverse proxy server (if you type on your host lxc list, you should be able to see the IP address of your instance running the reverse proxy server), you can use the following command:
sudo ufw allow from <IP_ADDR_OF_REV_PROXY_INSTANCE> to any port 80/tcp

This will allow incoming traffic from IP_ADDR_OF_REV_PROXY_INSTANCE to port 80, but block all other incoming traffic to that port.

  • Once you have created the necessary rules, you can enable ufw using the following command:
sudo ufw enable

This will activate the firewall and apply the rules you have set up.

Hope it helped. Tell us a bit more about the settings you want to have if you have other questions :slight_smile:

3

Thanks I start to look through that how to implement those things.

What comes to my skill with LXD I am noob but learning it and I like how this works and how it enables some of things was wondering how to do (like services that are not directly accessible, but rather visible only in closed private network to other containers)

1 Like