Hodgepodge

Clavate

These steps are my understanding of LXC/LXD containers at the time they were created. I am still learning. (Here there be dragons.)

Linux Mint

This will be the host (server) for the containers.

Note:

I use Linux Mint as my host OS to test and learn about containers.

Steps to install Apache2 may vary by distro.

Install UWF (Uncomplicated Firewall) on the host server

UFW is a simplified interface to iptables.

sudo apt install ufw

After installation enable it, if it isn't already.

sudo ufs status sudo ifs enable

Update all packages on the host server

sudo apt update && sudo apt dist-upgrade

Install Apache2

Disable Host OS Firewall

sudo ufw disable

Note: I don't know which ports "lxc launch" (and other steps) require open so I temporarily open them all.

Launch an ubuntu container

sudo lxc launch ubuntu:22.04 webserver

At the time of these steps, 22.04 is the latest ubuntu LTS distribution. If there is a newer one use it.

List containers

lxc list customized command lxc list -c n,s,4,image.description:image lxc list -c n,s,4,6,image.description:image Note: '6' displays ipv6 addresses

Install Apache2 (in the container)

lxc exec webserver -- apt install apache2

Enable the host's firewall

sudo ufw enable

Test the web server (Apache2)

curl server-IP-address

You should see the HTML for the home page. This verifies the server is working and is available from the host.

At this point the web server (Apache2) is accessible from the host but not the outside world. Next is to allow external access to the web server.

open the web server ports in the host's firewall

Allow the WWW ports

sudo ufw allow www

This allows access to ports 80 and 443.

Display the firewall status

sudo ufw status

Make the web server visible outside the host

I'm working on it. It is complicated.

Using a web browser access the server (server-IP-address) from different systems on your LAN.

stuff for further thought and study

Since ufw 0.34 ufw supports forward rules.

example: sudo ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 port 8080 from 192.168.0.0/16 port 80

You also need to make sure you have the sysctl net.ipv4.ip_forward enabled. For most distributions, that's done by editing /etc/sysctl.conf and running sysctl -p or rebooting.

ufw doesn't support NAT through it's easy interface, though.

From serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward

ifconfig

ifconfig (Wikipedia)

In a Linux system, "eno1" is a naming convention for the first onboard Ethernet network interface card (NIC). It signifies that the network adapter is integrated directly into the computer's motherboard and is the first such device recognized by the system.

Note: eth0, eth1, ... were traditionally the names used for Ethernet interfaces, but modern systems often use predictable naming schemes like "eno1" for better consistency.

An LXC bridge network allows Linux containers (LXC) to communicate with each other and with the host machine as if they were on the same physical network segment. It effectively creates a virtual switch, enabling direct communication between containers and the host, similar to how virtual machines or physical devices on a network interact.

container instance host ip address.

ifconfig or ifconfig -a or ip address

See "eno1" line "inet".

container instance (webserver) ip address.

Profile

lxc sample profiles

Networking setups

LXC SimpleBridge

How to Configure Bridge Networking in LXD

How to configure LXD network to host bridge?

LXC containers on host's lan

LXC Container on same network as host with internet access

default profile

config: {} description: Default LXD profile devices: eth0: name: eth0 network: lxdbr0 type: nic root: path: / pool: default type: disk name: default used_by: []