Dynamically route HTTPS traffic to LXD instances on a development server.
LXD uses bridged networking by default, so get lxdbr0 IP address as it is used by the dnsmasq service to serve DHCP and DNS requests.
$ lxc network get lxdbr0 ipv4.address
10.97.179.1/24
Install nginx HTTP and reverse proxy server as it will be used to route traffic dynamically.
$ sudo apt install nginx
Create a directory to store an SSL certificate.
$ sudo mkdir /etc/nginx/ssl
Create the SSL certificate or use an existing one.
$ sudo openssl req -subj "/commonName=*.example.org" -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Disable default site.
$ sudo unlink /etc/nginx/sites-enabled/default
Define a new site to access LXD containers. Notice, that I am using example.org domain name and the above-mentioned resolver address.
$ cat <<EOF | sudo tee /etc/nginx/sites-available/lxd
server {
listen 80;
listen 443 ssl;
resolver 10.97.179.1;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_certificate /etc/nginx/ssl/nginx.crt;
server_name ~^(?<container>\w+)\.example\.org$;
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
}
location / {
proxy_pass http://$container.lxd:8080$request_uri;;
proxy_set_header Host $container.fishsilentcruise.space;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
Enable this site.
$ sudo ln -s /etc/nginx/sites-available/lxd /etc/nginx/sites-enabled/lxd
Now, you can point DNS entry for nextcloud.example.org to this server to access nextcloud container on internal port 8080, et cetera.
This solution is beneficial on a development server where you play with different containers without updating the proxy configuration.
Proxy will return 502 HTTP code when container does not exist.
