stgraber
commented
4 years ago Nope, we just assume that the containers are publicly routable. This is usually only possible over IPv6 unless you have a rather sizable IPv4 allocation.
In theory the proxy device could be used for this, but you'd indeed have to deal with a pool of host ports and possibly also deal with multiple host addresses.
In our production environment, the host itself isn't accessible anyway so proxying wasn't really useful to us, instead we just routed a public IPv6 subnet so the containers may be directly accessed by those who have IPv6 connectivity.
JonasVautherin
If I understand correctly, the way this works is that there is a go server that has access to the LXD daemon and can therefore spawn containers. It exposes the console output of a container through
/1.0/console, and if server_console_only isfalse, it exposes an ssh server.Also, it seems like there is an
id(which is really a random string) required to access a container. So if I know the id of all the containers, I can basically access them remotely. Which is considered good enough for this use-case.Assuming that this is not completely wrong, there is a thing I don't get: how does the SSH thing work (:22 to :?
server_console_only=false)? How does the remote client connect to it? Wouldn't there be a need for a reverse proxy somewhere, translatingI'm interested in that because I would like to try exposing a port for my demo. So that users could have a remote terminal into my container, and at the same time they could connect a separate RPC client to that same container.
It seems that with lxd, I should be able to expose a port with something like:
So I'm trying to figure out the reverse proxy issue (mentioned above) and also how
rest.gowould need to be modified in order to run the proxy config line above when creating a container.