[Lxc-users] Seeking advice on appropriate network layout for my LXC setup

[Rob van der Hoeven]

> My intention is to have a container running nginx as a reverse proxy
> and containers running the various combinations of Apache, PHP, RoR,
> MySQL, etc software for the web apps I want. After experimenting
> (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx
> container attached) and macvlan (the other containers + additional
> interface in the nginx container) I've come back around to looking at
> simply attaching all containers to lxcbr0. I don't think anything I
> want to run would have an issue with NAT. I would then port forward
> connections to the public IP for web onto the nginx container and so
> on for other services. The nginx container would proxy to the various
> apache container instances - as they're all connected to lxcbr0 i'm
> assuming from what I've read that's as straightforward as a regular
> LAN.

Hi James,

Looks like you want the *exact* configuration that i currently use for
my FreedomBox. I have put nginx inside a "bastion host" container where
it acts like a reverse proxy for containers running wordpress blogs and
for example owncloud. I also have shorewall (a firewall) running which
can do NAT. Here are some links if you want my configuration:

First, my lxc and network setup
http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/

Then, creation of my nginx "bastion host" container
http://freedomboxblog.nl/my-freedombox-internet-module-part-1/

Creation of a wordpress container, connect it to nginx
http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/

Limit what containers can do on the network
http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/

Safe ssh access from the internet to any container
http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/

My setup is running on Debian, so it probably is easy to adapt for
Ubuntu.

Cheers,
Rob.
http://freedomboxblog.nl