[lxc-users] lxd host can not access container via domain

Benjamin Asbach lxd at impl.it
Mon Sep 4 01:01:32 UTC 2017


On 2017-09-03 17:45, Fajar A. Nugraha wrote:
> On Sat, Sep 2, 2017 at 9:02 AM, Benjamin Asbach <lxd at impl.it> wrote:
>> Hi there,
>> 
>> I've some problems with connecting to my containers via my public 
>> domain
>> from the host itself. I'm using bridged network by lxc network. The 
>> setup
>> looks like this
>> 
>> remote -> domain.com -> host -> container1 (nginx) -> container2 (app)
>> 
>> When I curl from a remote location this works quite fine:
>> 
>> curl https://sub.domain.com
>> <html></html>%
>> 
>> But when I'm doing the same from the host itself:
>> 
>> curl https://sub.domain.com
>> curl: (7) Failed to connect to sub.domain.com port 443: Connection 
>> refused
>> 
>> I'm a little bit confused why this happens.
> 
> So you perform NAT on the host, and test the NAT (by accessing
> 'sub.domain.com', which is the host's IP address)? That won't work.
> That's exactly how iptables would behave. It's general iptables issue,
> not lxc issue.
> 
> https://unix.stackexchange.com/questions/113521/iptables-redirect-local-request-with-nat#answer-113651
> says it's possible (using OUTPUT), but I've never tested it though.

You directed me to the absolute right direction. I added an OUTPUT rule 
wich works as expected.

Thanks
Benjamin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xAD7427D8.asc
Type: application/pgp-keys
Size: 3061 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170904/917ba847/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170904/917ba847/attachment.sig>


More information about the lxc-users mailing list