I thought I’d try something new for Guacamole which has a pre-built Docker image.
Ubuntu 18.04, with SNAP LXD.
I created an ubuntu 18.04 LXD container, Inside that I installed Docker CE and then proceeded to install/create the Docker Guacamole Container.
However, once completed I couldn’t figure out how to access the Guacamole Web App as it was a 172.x.x.x IP address, the LXD container it was nested in was a 10.x.x.x IP address with its usual access from the Host via the LXDBR0 bridge.
The challenge I had was that I wanted to use DEVICE PROXY on the Host to redirect Port 443 into the container Web App but obviuosly I couldn’t do that because the Host’s visibility to the 172.x.x.x address of the Docker container doesn’t exist via the default LXDBR0 bridge IP.
Does anyone have any suggestions as to what I could try to see if I could get this to work?
I was thinking maybe I should just try not nesting Docker Container but then that would mean I’d want the Docker Container to also use the LXDBR0 bridge (due to my use-case). I want to keep the Guacamole accessible from other LXD containers on that same host. However, I’m no Docker guru I’m still checking how/if that would be possible.
I did inquire on the Docker github with more or less the same question but also asked if there was a way to have Docker based application containers to use the LXDBR0 bridge instead of their default DOCKER0 bridge.
I also made the statement that it would seem to be a beneficial to be able to install both LXD containers and Docker containers as “peers” on the same 10.x.x.x network.
Anyway I got a response from one of the Docker engineers:
You can configure the bridge (–bridge option), however sharing the bridge is probably not a good idea.
So what do some of you think about that?
Personally I think it would become very beneficial for LXD users to be able to install Docker applications on their Host and then have those Docker applications directly accessible on the 10.x.x.x LXD network ?
It would seem to greatly expand integration capabilities without having to monkey around with anything network wise between the 10.x.x.x network of LXD and the 172.x.x.x network of Docker?
My understanding is that with Docker, you expose select ports to the host.
When using LXD and running Docker inside a LXD container, then Docker’s host is a LXD container.
Therefore, a proxy device towards that exposed ports will make them further exposed to the LXD host.