Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
On Monday 7 January 2013 at 11:19, Rob van der Hoeven wrote: My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. Hi James, Looks like you want the *exact* configuration that i currently use for my FreedomBox. I have put nginx inside a bastion host container where it acts like a reverse proxy for containers running wordpress blogs and for example owncloud. I also have shorewall (a firewall) running which can do NAT. Here are some links if you want my configuration: First, my lxc and network setup http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/ Then, creation of my nginx bastion host container http://freedomboxblog.nl/my-freedombox-internet-module-part-1/ Creation of a wordpress container, connect it to nginx http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/ Limit what containers can do on the network http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/ Safe ssh access from the internet to any container http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/ My setup is running on Debian, so it probably is easy to adapt for Ubuntu. Cheers, Rob. http://freedomboxblog.nl Thanks so very much Rob, this is really useful and much appreciated. I've started reading through quickly (on your bastion host and then wordpress module) so now I must start at the top :). James -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
I'm using a very similar setup to this in production now, without any problems. It's not clear from your description how you are planning to do the port forwarding to the reverse proxy. We are using iptables for this. -Ben On 4 January 2013 19:52, James Gallagher ja...@jamesgallagher.ie wrote: Hi, I'm starting to use LXC with a view to service segregation and have come up against a wall in terms of my lack of networking knowledge - I'm now second-guessing myself on everything. So I'd appreciate some suggestions from yourselves. I've previously used VirtualBox for a LAMP RoR environment for self-hosting. I'm now running a fresh Ubuntu 12.10 VM with LXC installed. So far, this VM has a single interface (eth0) using VirtualBox's Bridged Networking and configured with a public IP. This all works fine and I tested connecting to a container running a web server from an external connection. My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. As I say, after a few days of experimenting, I'm second guessing myself on everything so would appreciate someone sanity checking my plan. I'm completely open to alternatives if there's a better way of doing this. Thanks, James -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. Hi James, Looks like you want the *exact* configuration that i currently use for my FreedomBox. I have put nginx inside a bastion host container where it acts like a reverse proxy for containers running wordpress blogs and for example owncloud. I also have shorewall (a firewall) running which can do NAT. Here are some links if you want my configuration: First, my lxc and network setup http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/ Then, creation of my nginx bastion host container http://freedomboxblog.nl/my-freedombox-internet-module-part-1/ Creation of a wordpress container, connect it to nginx http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/ Limit what containers can do on the network http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/ Safe ssh access from the internet to any container http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/ My setup is running on Debian, so it probably is easy to adapt for Ubuntu. Cheers, Rob. http://freedomboxblog.nl -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Seeking advice on appropriate network layout for my LXC setup
Hi, I'm starting to use LXC with a view to service segregation and have come up against a wall in terms of my lack of networking knowledge - I'm now second-guessing myself on everything. So I'd appreciate some suggestions from yourselves. I've previously used VirtualBox for a LAMP RoR environment for self-hosting. I'm now running a fresh Ubuntu 12.10 VM with LXC installed. So far, this VM has a single interface (eth0) using VirtualBox's Bridged Networking and configured with a public IP. This all works fine and I tested connecting to a container running a web server from an external connection. My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. As I say, after a few days of experimenting, I'm second guessing myself on everything so would appreciate someone sanity checking my plan. I'm completely open to alternatives if there's a better way of doing this. Thanks, James -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
