lxd container: port forwarding like docker

port-forwarding lxc containers lxd

5,605

Solution 1

One of the developers wrote in this issue about the topic:

This has been closed, but to give a clear answer: lxd (at least as currently intended) will not do host networking. So in general you would port-forward to a web-server in a lxd container the same way you would do with lxc - you can pass in a nic from the host into the container and have your local router provide it its own address; or use route-based networking to container veths; or use iptables forwarding to forward host traffic into the container (which is what I usually do).

See https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-network for more information.

~~So, I'm afraid, as things stand currently, there is no port forwarding, neither now nor in the future.~~ (This prediction turned out to be not true)

Solution 2

Four years later, the prediction given in this answer was fortunately too pesimisitc. Port forwarding has been implementented in LXD in the meantime as is documented here.

To forward port 80 on the host to 8080 in the container, simply do

lxc config device add jitsi port1 proxy listen=tcp:<hostip>:80 connect=tcp:<ontainerip>:8080

5,605

guettli

http://thomas-guettler.de/ Working out loud: https://github.com/guettli/wol

Updated on September 18, 2022

Comments

guettli over 1 year

Is there a way to do port-forwarding in lxd-containers like docker does?

I heard some rumours that there is no easy way.

According to the homepage of lxd this is their goal:

Intuitive (simple, clear API and crisp command line experience)

For me port forwarding is an important part.

I am not in a hurry. If it is planed for a future release, this would be a valid answer.
- womble over 8 years
  
  There's no easy way only if iptables -t nat -I PREROUTING -d <IP> -p tcp --dport <port> -j DNAT --to <IP>:<port> is hard. Incidentally, if you're going to work from rumours, you probably want to ask the source of the rumours, not other people.
- guettli over 8 years
  
  @womble if this one line is all which is needed, then I will upvote an accept your answer. Please fill in your comment as answer. Thank you.
- gxx over 8 years
  
  Not sure if this helps you, but it's possible to just assign a network interface to your container. So, there isn't so much need to do port forwarding any more...
- guettli over 8 years
  
  @gf_yesterday you said "it's possible to assign a network interface to your container". I can handle this solution (assigning a new network interface) ... but I am lazy. I prefer port forwarding.
guettli over 8 years

I up-voted your answer. But one question remains: You know the current state. Great. But do you know the future?
gxx over 2 years

Thanks for the update!