[Lxc-users] Seeking advice on appropriate network layout for my LXC setup
James Gallagher
james at jamesgallagher.ie
Thu Jan 10 01:03:04 UTC 2013
On Monday 7 January 2013 at 11:19, Rob van der Hoeven wrote:
>
> > My intention is to have a container running nginx as a reverse proxy
> > and containers running the various combinations of Apache, PHP, RoR,
> > MySQL, etc software for the web apps I want. After experimenting
> > (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx
> > container attached) and macvlan (the other containers + additional
> > interface in the nginx container) I've come back around to looking at
> > simply attaching all containers to lxcbr0. I don't think anything I
> > want to run would have an issue with NAT. I would then port forward
> > connections to the public IP for web onto the nginx container and so
> > on for other services. The nginx container would proxy to the various
> > apache container instances - as they're all connected to lxcbr0 i'm
> > assuming from what I've read that's as straightforward as a regular
> > LAN.
> >
>
>
> Hi James,
>
> Looks like you want the *exact* configuration that i currently use for
> my FreedomBox. I have put nginx inside a "bastion host" container where
> it acts like a reverse proxy for containers running wordpress blogs and
> for example owncloud. I also have shorewall (a firewall) running which
> can do NAT. Here are some links if you want my configuration:
>
> First, my lxc and network setup
> http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/
>
> Then, creation of my nginx "bastion host" container
> http://freedomboxblog.nl/my-freedombox-internet-module-part-1/
>
> Creation of a wordpress container, connect it to nginx
> http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/
>
> Limit what containers can do on the network
> http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/
>
> Safe ssh access from the internet to any container
> http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/
>
> My setup is running on Debian, so it probably is easy to adapt for
> Ubuntu.
>
> Cheers,
> Rob.
> http://freedomboxblog.nl
>
>
Thanks so very much Rob, this is really useful and much appreciated. I've started reading through quickly (on your bastion host and then wordpress module) so now I must start at the top :).
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130110/27d15999/attachment.html>
More information about the lxc-users
mailing list