[lxc-users] Bind public IP that is available on host's ens3:1 to a specific LXD container?

[Ron Kelley]

Great suggestions from Fajar.  A couple more ideas if you only have one public IP on your container:

* Use HAProxy on the container’s main IP address with Server Name Identification (SNI) and a local DNS server.  This way, all your sites are tied to the same IP address as the container with private addresses behind it.

* Use nginx with local DNS lookups.  Similar to haproxy except nginx redirects the web requests to the appropriate backend.


-Ron

> On May 20, 2017, at 9:34 AM, Fajar A. Nugraha <list at fajar.net> wrote:
> 
> On Sat, May 20, 2017 at 10:31 AM, Thomas Ward <teward at ubuntu.com> wrote:
> I've been able to switch this to a bridged method, with the
> host interfaces set to 'manual', an inet0 bridge created that is static
> IP'd for the host system to have its primary IP, and can have manual IP
> assignments to containers on that bridged network for the other
> non-primary IPs.
> 
> 
> For sake of completeness:
> - converting eth0 to be a slave is the "standard" approach:
> https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-network
> https://help.ubuntu.com/lts/serverguide/network-configuration.html#bridging
> 
> - an easier approach is to use macvlan. Especially if the host doesn't need to communicate directly with the container (which should also be what happens in your case, as it appears the host on the containers are on different subnet)
> https://github.com/lxc/lxd/blob/master/doc/containers.md#type-nic
> 
> - however both approach won't work if your provider limits only ONE mac address on your port. In this case you'd need either proxy-arp (somewhat complicated, but possible), or simply use iptables to forward all traffic for the secondary IP to the container.
> 
> -- 
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users