[lxc-users] lxd host can not access container via domain

Benjamin Asbach lxd at impl.it
Sat Sep 2 02:02:51 UTC 2017


Hi there, 

I've some problems with connecting to my containers via my public domain
from the host itself. I'm using bridged network by lxc network. The
setup looks like this 

remote -> domain.com -> host -> container1 (nginx) -> container2 (app) 

When I curl from a remote location this works quite fine:

> curl https://sub.domain.com
> <html></html>%

But when I'm doing the same from the host itself:

> curl https://sub.domain.com
> curl: (7) Failed to connect to sub.domain.com port 443: Connection refused

I'm a little bit confused why this happens. I though it might be
connected to iptables. But the rules look good for me:

> iptables-save 
> # Generated by iptables-save v1.6.1 on Sat Sep 2 02:24:33 2017
> *nat
> :PREROUTING ACCEPT [138088:14417714]
> :INPUT ACCEPT [51357:4468554]
> :OUTPUT ACCEPT [8593:788743]
> :POSTROUTING ACCEPT [8445:711271]
> -A PREROUTING -i ens18 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.4.187:80
> -A PREROUTING -i ens18 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.4.187:443
> -A PREROUTING -i ens18 -p tcp -m tcp --dport 8022 -j DNAT --to-destination 10.0.4.116:8022
> -A POSTROUTING -s 10.0.4.0/24 ! -d 10.0.4.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE
> COMMIT
> # Completed on Sat Sep 2 02:24:33 2017
> # Generated by iptables-save v1.6.1 on Sat Sep 2 02:24:33 2017
> *mangle
> :PREROUTING ACCEPT [293993:48599155]
> :INPUT ACCEPT [188065:31562883]
> :FORWARD ACCEPT [19475:7104838]
> :OUTPUT ACCEPT [124159:16994042]
> :POSTROUTING ACCEPT [147110:24355452]
> -A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -m comment --comment "generated for LXD network lxdbr0" -j CHECKSUM --checksum-fill
> COMMIT
> # Completed on Sat Sep 2 02:24:33 2017
> # Generated by iptables-save v1.6.1 on Sat Sep 2 02:24:33 2017
> *filter
> :INPUT ACCEPT [449:65419]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [274:37570]
> -A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A FORWARD -o lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A FORWARD -i lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> -A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
> COMMIT
> # Completed on Sat Sep 2 02:24:33 2017

Might be the issue related to the bridged network or do you've any ideas
what's causing the problem?! 

Thanks 

Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170902/9c99bf1d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAD7427D8.asc
Type: application/pgp-keys
Size: 3061 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170902/9c99bf1d/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170902/9c99bf1d/attachment-0001.sig>


More information about the lxc-users mailing list