Posted on by Leave a comment

Forwarding host ports to LXD instances

Also known as exposing a port, LXD can be configured to forward outside network traffic to containers that reside within a private bridged network. This post will demonstrate how to create a profile that forwards traffic on a networking port from the host server to a port on an LXD container. At the time of this writing, the proxy device is not supported for LXD virtual-machines.

In this how-to guide I will be forwarding port 80 (http) from the host server to port 8080 on an LXD container. To start we will need to create a profile that can be attached to the container we are forwarding the network traffic to.

We will call the new profile port-80, naming it something that can easily identify it’s purpose. To create the new profile run the following command:

$ lxc profile create proxy-80

We now have an empty profile without any configurations. To get a list of the profiles you have on your LXD server and see the newly created proxy-80 profile, run the following command

$ lxc profile list
+-----------+---------+
|    NAME   | USED BY |
+-----------+---------+
| default   | 2       |
+-----------+---------+
| proxy-80  | 0       |
+-----------+---------+

The new profile now can be modified to include a proxy device that opens a listener on port 80 from the host server to connect to port 8080 on the instance. We can choose to edit the profile directly using an editor (lxc profile edit proxy-80) or add a new proxy device using LXC based command-line options.

Choosing the later option, we can create a new device within the profile that will define our settings. Let’s name the device hostport80. We will have it listen to 0.0.0.0:80 on the host and connect to 127.0.0.1:8080 of the container by running the following command:

$ lxc profile device add proxy-80 hostport80 proxy connect="tcp:127.0.0.1:8080" listen="tcp:0.0.0.0:80"

To view the contents of the profile use the following command:

$ lxc profile show proxy-80
config: {}
description: ""
devices:
  hostport80:
    connect: tcp:127.0.0.1:8080
    listen: tcp:0.0.0.0:80
    type: proxy
name: proxy-80
used_by: []

If you are launching a new instance you can use the –-profile (or -p) option to add profiles to the instance as it is created. But if the instance already exists you will have to append the new profile to the container. Let’s assume we have an instance named container1. To append the proxy-80 profile to this instance use the following command:

$ lxc profile add container1 proxy-80

To show the applied configurations to your instance use the following command:

$ lxc config show container1 -e

The profile configuration can be removed from the instance. To remove the profile use the following command:

$ lxc profile remove container1 proxy-80

When you remove the profile from the instance, the profile still exists and can be used for other instances. If you want to permanently remove the profile it can be deleted with the following command:

$ lxc profile delete proxy-80
Leave a Reply

Your email address will not be published. Required fields are marked *