Dynamically route HTTPS traffic to LXD instances on a development server.
LXD uses bridged networking by default, so get lxdbr0
IP address as it is used by the dnsmasq service to serve DHCP and DNS requests.
$ lxc network get lxdbr0 ipv4.address
10.97.179.1/24
Install nginx
HTTP and reverse proxy server as it will be used to route traffic dynamically.
$ sudo apt install nginx
Create a directory to store an SSL certificate.
$ sudo mkdir /etc/nginx/ssl
Create the SSL certificate or use an existing one.
$ sudo openssl req -subj "/commonName=*.example.org" -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Disable default site.
$ sudo unlink /etc/nginx/sites-enabled/default
Define a new site to access LXD containers. Notice, that I am using example.org
domain name and the above-mentioned resolver address.
$ cat <<EOF | sudo tee /etc/nginx/sites-available/lxd server { listen 80; listen 443 ssl; resolver 10.97.179.1; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_certificate /etc/nginx/ssl/nginx.crt; server_name ~^(?<container>\w+)\.example\.org$; if ($scheme != "https") { rewrite ^ https://$host$request_uri permanent; } location / { proxy_pass http://$container.lxd:8080$request_uri;; proxy_set_header Host $container.fishsilentcruise.space; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } EOF
Enable this site.
$ sudo ln -s /etc/nginx/sites-available/lxd /etc/nginx/sites-enabled/lxd
Now, you can point DNS entry for nextcloud.example.org
to this server to access nextcloud
container on internal port 8080
, et cetera.
This solution is beneficial on a development server where you play with different containers without updating the proxy configuration.
Proxy will return 502
HTTP code when container does not exist.