Public IP addresses for yunohost instances running in LXC?

Discuss Advanced use case
1

I’m trying to figure out how to run yunohost in an LXC container, so I can run multiple yunohost instances on one VPS (and also make backups easier).

I am reading about LXD and LXC and see many possible ways to do this. I would like to know what people recommend? What do you like and what is the easiest way?

So far I have LXD installed on Ubuntu on a Digital Ocean droplet. I was able to launch a debian:buster container using LXD, and install yunohost within the container.

Now I am trying to figure out how to make the container accessible to the public internet.

I saw a few ways so far:

  1. using a reverse proxy such as haproxy or nginx, which routes different domains, to containers (but I worry this means I would have to do extra configuration for every domain… or not be able to take advantage of yunohost handling HTTPS certificates… I would rather just have a public IP address, one for each container)
  2. using macvlan like in this tutorial
  3. using a bridge like in this tutorial
  4. using LXC without LXD like @benou does here

any advice appreciated, before I go down endless rabbit holes

2

in my opinion, the most simple to run yunohost in a LXC container without hasle, is to use proxmox ve.

3 Likes
3

As @Benance wrote: Proxmox VE works great. I moved various instances running on Orange Pi Zero’s to Proxmox, the containers look like this in the web interface:

image
image886×284 49.8 KB

I used an OVS bridge, it seemed most flexible. In the mean time I read that the integrated bridge has acquired more functionality, so you could go with that as well. The bridge looks like this in the web interface:

image
image952×236 16.8 KB

The configuration for a single container looks like:

image
image822×386 39.8 KB

Of course all settings can be done via the underlying text files as well.

1 Like
4

I found some people here suggesting that to have multiple public ipv4 IP address is not possible on a digital ocean droplet,
so maybe what I was trying to do is not really possible… or at least not until I get a physical server

or maybe there’s some way with ipv6 (DO says you can get multiple of those), but I don’t fully understand how that works

5

It works ‘just the same’.

My ISP gives me (actually, gave me, it runs out after September :frowning: ) five extra IPv4’s, and a whole bunch of IPv6.

The most used Yunohosts are on separate IPv4 (and have IPv6 as well), the rest are IPv6-only and have a port forwarded on IPv4 when really needed.

In the last screenshot you can see the IPv6 configured.

Then again, depending on usage: is it worthwhile to combine multiple servers in one droplet?

6

Then again, depending on usage: is it worthwhile to combine multiple servers in one droplet?

maybe not (: but I liked the idea of the flexibility. to have multiple on one droplet or machine, then if I ever reach the resource limits, move whichever one needs to a new droplet. and also to be able to easily move an LXC off DO and onto a physical server if I wanted later.

also seemed nice from a security perspective,
I could “isolate” a yunohost instance from another,
and experiment with things

but so far I still haven’t found an easy way. I will try proxmox with ipv6 at some point. I need a better understanding of bridges and IP addresses I think.

7

@wbk what provider or physical infrastructure do you use for running Proxmox VE? or do you run proxmox on the orange pi zeros?

8

A little box at home, built around a J5005 board.

Speed at 50/50 Mbit is sufficient for most uses. For extra IPv4’s I’ll have to move from the provider-provided subnet to another offering, probably extraip.com.

1 Like