Can Yunohost just be run in LXD containers?

First, let me say I just discovered Yunohost. I use LXD quite a bit so now I want to understand a couple things about Yunohost.

I know the web site says:

When ran on the host, the ./ynh-dev command allows you to manage YunoHost’s dev
LXCs.

and also it describes setting up the ynh-dev environment with LXD/LXC containers here:
https://github.com/YunoHost/ynh-dev

So once the functionalities of the LXD/LXC containers works can they be used in Production. If so do the LXD/LXC containers require any changes or would I just
clone/copy ones I want to use?

thanks

Brian

I’m a bit confused but basically :

  • yes you can run perfectly run Yunohost in Docker and we do this all the time in the context of development and also some pieces of infrastructure like the new yunohost documentation is itself in a yunohost inside a LXC
  • if your intention is to run a production server DO NOT use ynh-dev. Ynh-dev is just tooling to easily deploy a dev environment. If you want to install Yunohost inside a LXC, just create Debian Buster LXC and follow this documentation (basically running curl|bash)
  • You indeed need some special tweaks to the LXC, namely enabling nesting (in fact probably needed for a raw Debian Buster ? idk … this comes from the fact that some debian packages/services want to use some systemd sandboxing feature) AND possibly the container should be privileged (not 100% sure about this)

You can run yunohost in a lxc container without problem. My yunohost instance works like that without problem.
You have to install a debian lxc and then install yunohost on top of debian.

Sounds simple enough.

Enabling nesting is just a config setting but I think perhaps creating/editing the debian
container’s LXD Profile might let me enable nesting for any container created using
that profile. I’ll check.

Does Yunohost use LXD’s Proxy Port command to forward from Host to the container like this for Port 80:

$ lxc config device add mycontainer myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80 Device myport80 added to mycontainer

Well holy cow I didn’t know that shit existed ?!

YunoHost doesn’t do anything like that because … well, if you install yunohost inside the container, it doesn’t has access to the host anyway

Nevertheless that command sounds super interesting and much more easy to configure than an nginx reverse proxy (which is what we do in the context of the yunohost infrastructure and that’s hugely complex for many reasons)

We do that because we have just one IPv4 on host server.

(and because we have different domain to route between different container in fact … yeah …)